Installing the JWP
The following document contains the installation instructions for the Java-based work process (JWP).
General
As of v12, several important functions in the Automation Engine and thus AWA depend on the JWP being installed and running.
Therefore the JWP's installation is mandatory.
Files Provided
The JWP is provided in the same directory as all the other Automation Engine files.
The directory /configuration/ is created automatically when the JWP is first started and contains the OSGI bundle's cache.
To Install the JWP
Unpack the files
In Windows, the JWP files are automatically copied from the SETUP.EXE program to the BIN directory. In UNIX, the files are located in the respective TAR archive.
Copy the provided "plugin" and "lib" directories into the BIN directory of the Automation Engine.
The subsequent installation steps depend on the database type used.
Java Cryptography Extension (JCE)
-
Install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy.
The JCE Unlimited Strength Jurisdiction Policy has to be installed on the machines where:
- The UserInterface and/or the AWI runs.
- The Automation Engine (JWP) runs.
Download at Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy
For IBM Java, you must use the policy files of IBM. The unlimited jurisdiction policy files are located in directory SDK /demo/jce/policy-files/unrestricted/.
See https://www.ibm.com/support/knowledgecenter/en/SSYKE2_7.1.0/com.ibm.java.security.component.71.doc/security-component/sdkpolicyfiles.htmlThe Readme file contains the installation instructions on how to copy the .jar files to appropriate location (e.g.
<java-home>\lib\security
). If there are multiple Java installations on the same computer, setting up a policy file for all installations is recommended.
Add certificates for SSL
In order to use SSL, the certificate(s) of the LDAP server must be available to the Java Work Process.
Find the installation steps below.
The JWP uses the default keystore file "cacerts" in the lib/security directory of the JRE.
Keystore file configuration options
Using an alternative keystore file:
If you want the JWP(s) to use an alternative keystore file, you have to define the file name and path to a centrally stored file in the key JWP_KEYSTORE_PATH, in the UC_SYSTEM_SETTINGS variable.
In case the defined path is not accessible or invalid, a log message will be written to the default log location and the JWP will use the default keystore file.
Creating an individual keystore file using the JWP:
If you want to use an individual keystore file, you can create it using the following command:
java -jar ucsrvjp.jar -installcert host:port keystorePath
In case the defined path in keystorePath does not exist, the JWP creates a new keystore file in that location. You can then define a password for that keystore file.
Using an alternative password for keystore file access:
The default password used by the JWP is the default password of the JRE keystore. If you want the JWP to use a different password, you have to define a Login object containing that password by following these steps:
- Create a Login object (or use an existing one).
- In the UC_SYSTEM_SETTINGS variable, using the key JWP_KEYSTORE_LOGIN, enter the name of that Login object.
- Open the referenced Login object, select the Login tab and add a new row there.
- In the column Name, select "*", in the column Type select "JWP_KEYSTORE".
- The Login info is optional for this function, but as this column cannot be empty by default, you have to enter something here.
- Enter the password you chose for the keystore file.
Adding the certificates
-
Add certificates using the keytool.
- To use the default keystore of the JRE, go to the jre\lib\security folder of the Java installation and import the certificate with the keytool command:
- To use your own keystore file defined in the variable UC_SYSTEM_SETTINGS using the key JWP_KEYSTORE_PATH, go to the defined path and import the certificate with the keytool command:
keytool -keystore cacerts -importcert -alias ldapServer -file certficate.cer
keytool -keystore <keystore> -importcert -alias ldapServer -file certficate.cer
When prompted to trust this certificate respond by typing "Y".
-
Add certificates via download.
- Another option to install the certificate is the command line parameter -installcert of the Java Work Process.
- This assumes that the Java Work Process has write access to the cacerts file of the Java installation.
- This command detects the path of cacerts, connects to the specified host and port and tries to create an SSL connection.
- This command to add a certificate via download will set an optional parameter for the file name of the keystore:
java -jar ucsrvjp.jar -installcert <host>:<sslport>
java -jar ucsrvjp.jar -installcert <host>:<sslport> <keystorePath>
When the parameter "keystorePath" is valid but the file doesn't exist, JWP creates a new keystore file in the same location.
During this process the user can define an individual password.If a certificate is missing, the message "unable to find valid certification path to requested target" is printed and the missing certificate is downloaded and stored in the cacerts file.
Start the JWP
Use this kind of command to start the JWP via the command line
java -Xmx512M -jar ucsrvjp.jar -IC:\temp\ucsrv.ini
The file "ucsrvjp.jar" is provided in the same directory as the other Automation Engine files. It is used exclusively to start the JWP.
The JWP can also be started via ServiceManager.
java -Xmx512M -jar ucsrvjp.jar -svc%port% -IC:\temp\ucsrv.ini
The -svc parameter should be omitted when starting directly via the command line.
The parameter -I to specify the INI file is optional. If the parameter is missing, the JWP attempts to find the file "ucsrv.ini" in the current working directory (= directory in which the file "ucsrvjp.jar" is located).