. 75
( 87 .)


450 Chapter 23

difference between using JCA adapters and using EAI adapters is an archi-
tectural one. When you use the JCA adapter your deployment architecture
includes WP running on WAS and the external application. (For example,
you use the WebSphere Adapter for mySAP.com to create code running on
your WAS instance accessing an SAP R/3 system.) When you use an EAI
adapter your architecture involves another infrastructure component: the
messaging middleware.
There are many EAI products available with adapters for WebSphere and
adapters for packaged business applications and it is not within the scope
of this chapter to even list all the options, much less explore them. Of these
many options there are two options that are part of the WebSphere family of
products: speci¬cally, WebSphere MQ and IBM CrossWorlds. WebSphere
MQ, or MQSeries as it was formerly called, has been a cornerstone of IBM™s
integration strategy and is very well integrated with WAS. CrossWorlds was
acquired by IBM at the end of 2001 and is thus more loosely integrated; using
CrossWorlds for your WP integration is, from a technical standpoint, not
that different from using other middleware products such as WebMethods,
Vitria, and TIBCO.
WebSphere MQ adapters exist for every major business application suite.
These adapters typically transform data from application-speci¬c formats
to MQSeries messages (usually in XML format) and rely on the messaging
broker”WebSphere MQ Integrator”for routing messages and for trans-
forming between different application-speci¬c message structures. Because
WebSphere MQ can be directly called from within code running on WAS,
you can use this infrastructure to connect to packaged applications from
your integration code, which is called by your portlets.
As an example, the WebSphere MQ adapter for mySAP.com uses
MQSeries Adapter offering technology to integrate with SAP systems us-
ing RFCs, BAPIs, or IDOCs. RFCs and BAPIs were already de¬ned in the
previous section; Intermediate Documents (IDOCs) are features of SAP™s
Application Linking Enablement and are used for message data interaction
with SAP. Regardless of whether you use RFCs, BAPIs, or IDOCs, all mes-
sages sent to SAP through the WebSphere MQ adapter conform to the SAP
XML message format or need to be converted to this format. The adapter
includes a set of inbound and outbound templates used for receiving and
generating SAP XML messages and a DTD generator used for producing
DTD ¬les that de¬ne the SAP XML needed to represent the various SAP in-
terfaces involved in the business transactions. The integration architecture
using this MQ component is shown in Figure 23-6.
Using EAI connectors as opposed to JCA adapters means that your ar-
chitecture must include an additional messaging broker component. You
may be wondering why you need this added complication and when you
would prefer to use this integration pattern rather than using a JCA adapter.
WY009-23 WY009-BenNatan-v1.cls May 11, 2004 14:53

Integrating ExternalApplications withWebSphere Portal 451

Figure 23-6 Using WebSphere MQ for integrating with SAP.

There are two cases in which you should consider using the EAI integration

1. You already have an EAI backbone or have decided to invest in an
EAI backbone as a strategic decision. In this case you have already
made an investment in EAI, you probably have a set of adapters
between the applications you use and the EAI backbone, and there is
no point in duplicating effort and creating a separate point-to-point
integration between your WP infrastructure and your business
2. You need to connect to applications and systems for which there are
no mature JCA adapters. MQ Series has been out there for a very
long time and there will be more MQ adapters than JCA adapters.

If neither of these cases applies you will ¬nd that JCA adapters are easier
to set up, easier to develop, and easier to maintain. Keeping your architec-
ture as simple as it can be is always a good idea.
WY009-23 WY009-BenNatan-v1.cls May 11, 2004 14:53

452 Chapter 23

Using the Portal Application Integrator
The WebSphere Portal Application Integrator (WPAI) allows you to create
new portlets that use JCA adapters accessing back-end applications without
any programming. You create these portlets from within the portal itself. By
selecting business objects available from the Enterprise Application, you can
specify which data ¬elds should be displayed in your portlet. The WPAI is
available from the IBM WebSphere Portlal Portlet Catalog and can be down-
loaded from www-3.ibm.com/services/cwi/portal/_pagr/105/.
It supports the following Enterprise Applications:

PeopleSoft 7.5 with PeopleTools 7.54
PeopleSoft HRMS 8.30 with PeopleTools 8.18
Siebel 7 or higher

Note that WPAI includes the RARs for Siebel and PeopleSoft but not for
SAP; you will have to download the SAP libraries from http:service
.sap.com if you want to integrate with an SAP R/3 system. The JCA
adapters are prepackaged within the WPAI, which means that you do not
have to do development to get access to the information and display it
within your portlets. The ¬‚ip side is that you have much less control on
what you can do with the information and can typically only allow object-
centric behavior”that is displaying data associated with an object, making
modi¬cations to a single object, and so on.
Use of the WPAI involves two stages: downloading from the portlet cat-
alog and installing it on your portal and then setting up the con¬guration
attributes for the speci¬c enterprise system you want to use. For example, if
you want to use WPAI to expose a PeopleSoft 8 HRMS system, you should
follow these steps:

1. Extract the contents of the WPAI zip ¬le and copy psjoa.jar and
pstools.properties from your PeopleSoft server to a new
2. Deploy the psft.rar JCA adapter from the WPAI zip ¬le as a J2C
Resource Adapter to your WP/WAS instance.
3. De¬ne a connection factory for the PeopleSoft JCA
adapter”right-click J2C Connection Factories in the resource adapter
entry and create a new factory using a JNDI name of eis/psft.
Then click the Connections tab and specify the hostname,
portNumber, and jarPath to the PeopleSoft server.
WY009-23 WY009-BenNatan-v1.cls May 11, 2004 14:53

Integrating ExternalApplications withWebSphere Portal 453

4. Extract psft8adapter.jar from psft.rar and place it in the lib
folder under WAS. Restart the server instance.
5. Extract the contents of wps_ps_portlets.zip.
6. Start PeopleSoft Application Designer. Select File ➪ Copy Project
from File to create a new project from the extracted ¬les. Call the
project WPS_PS_PORTLETS and once saved, exit PeopleSoft
Application Designer.
7. Log into the PeopleSoft Web application. Select PeopleTools
➪ Maintain Security ➪ Use ➪ Permission Lists to set the permissions
for the component interface. Select the Component Interface tab on
the permission list to display the panel for adding component
interfaces and add all of the imported component interfaces to a
permission list. You can use an existing permission list or create a
new one.
Now you need to install WPAI into your WP environment. Log into your
WP instance using the administrator password and click Administration.
Then click Portlets, and then Install. Select the location of the .war ¬le from
the WPAI zip ¬le. You will then see the object builders available for instal-
lation as shown in Figure 23-7.
You are now ready to use the WPAI within your WP instance to build
portlets. As mentioned, WPAI provides an object-centric view to appli-
cations and you ¬rst have to select which object to use. You can either
use existing portlets that come prepackaged with WPAI for the supported

Figure 23-7 Installing business object builder portlets available in WPAI.
WY009-23 WY009-BenNatan-v1.cls May 11, 2004 14:53

454 Chapter 23

enterprise systems or select the Create New Portlet button. You will then
be requested to name your portlet and enter the name of your PeopleSoft
instance and user credentials. Click Next and then click Create New Busi-
ness Object. Select the object you need to display within your portlet and
de¬ne which actions you allow from within your portlet”an action can be
search, update, create, and delete. Enter the titles to use when performing
these actions within your portlet and click Next.
Once WPAI knows which object your portlet will use, it reads the ob-
ject metadata using the adapter and presents you with a list of ¬elds. For
each ¬eld that you want displayed/edited within your portlet, check the
appropriate check box, de¬ne a user-presentable name to be used as a label,
de¬ne the ¬eld behavior (for example, read only versus editable), and select
which ¬eld you want to appear on the ¬nder allowing a user to search for
objects matching some ¬eld criteria. Click Next to complete the creation of
your portlet. You can now make this portlet available to your users.

Using the Credential Vault
In the example shown in the previous section, you built a portlet to access
objects within PeopleSoft. Note that once you access this portlet at runtime
(after adding it to your page), you will ¬rst have to enter the username and
password to be able to log in to the PeopleSoft instance. Because WPAI front-
ends your back-end systems, you need to pass user information to the back-
end application. If you do not want this additional login phase, you need
to implement back-end single sign-on using the Portal Server Credential
Vault (CV). CV consists of vault segments and slots for maintaining the
data required to access the back-end system. CV stores secrets such as user
ID and password and CV service provides an API for portlets to be able to
look up such values (per portal user or per shared secret).
The vault provides a bridge between a physical store and a logical API
that is then available to portlets (your code). The API is provided by the
CredentialVaultService interface, which uses adapters to access the
resources themselves. The default adapter that comes packaged with WP
uses the portal database to store the resources. You can also use a Tivoli
Access Manager (AM) adapter for resources stored in AM and you can
build your own adapter by extending the VaultAdapter class.
In Chapters 10 and 21 we already dealt with various single sign-on issues
and certainly SSO is one of the more important functions supported by
portals. Normally when you hear SSO, it is in the context of UI-oriented
integration where a Web application is delivered through the portal and you
do not want your users to have to log in to the application once they have
WY009-23 WY009-BenNatan-v1.cls May 11, 2004 14:53

Integrating ExternalApplications withWebSphere Portal 455

Figure 23-8 Back-end SSO using the CV.

logged into the portal. When using WPAI and adapter-based integration,
you will also have to deal with SSO”in this case, back-end SSO.
Back-end SSO means that you will have to make sure that programs
running on your WP instance (whether it is code you have developed or
whether it is WPAI portlets) use a correct user credential when accessing the
back-end system using a JCA adapter, as shown in Figure 23-8. Instead of
hard-coding this into your code, you should use Credential Vault”a place
to maintain credentials such as those required to access the back-end system.

Credential Vault Segments
CV is one of the built-in portal services within WP providing a mechanism
for portlets to be able to map a user identity with stored credentials. The
CV is partitioned into vault segments, which are themselves partitioned
into vault slots. Slots can be speci¬c to a back-end application (in which
case they are shared among many users) or can be speci¬c to a pairing of
WY009-23 WY009-BenNatan-v1.cls May 11, 2004 14:53

456 Chapter 23

back-end system and user. In addition, the CV can contain two types of
segments: administrator managed and user managed.
Use the WebSphere Portal CV portlet to create a segment within CV as
1. Log in as an administrator and click Administration.
2. Select the Access option and the CV suboption.
3. Click Add a Vault Segment.
4. Enter a vault segment name and click OK as shown in Figure 23-9.

Credential Vault Slots
CV segments contain one or more CV slots. You use slots to store user
credentials and portlets access slots within segments to store and retrieve
values. A single slot contains a single value and is used either as a single
credential for a speci¬c user or as a value that is shared among all users.
Slots can be divided into three types:
System credentials. Shared among all users and portlets and created


. 75
( 87 .)