WebSphere Portal: CWSCJ0371W: Validation of the LTPA token failed because the token expired

Most CWSCJ0371W warning messages are harmless. The majority of these messages are logged as a result of an expired LTPAToken which are cached in browsers. By default, the LTPA token will timeout after 2 hours.

An example of the warning message:
[23/6/16 11:14:24:482 SGT] 000001ba LTPAServerObj W CWSCJ0371W: Validation of the LTPA token failed because the token expired with the following info: Token expiration Date: Wed Jun 22 19:26:00 SGT 2016, current Date: Thu Jun 23 11:14:2 4 SGT 2016 Token attributes: port=xxx, username=user:xxx/xxx.. This warning might indicate expected behavior. Please refer to technote at http://www-01.ibm.com/support/docview.wss?uid=swg21594981.

 

How to resolve the problem?
As advised by IBM, you may either ignore these warning messages or suppress them by adding “com.ibm.ws.security.ltpa.LTPAServerObject=severe” in IBM Console (Troubleshooting > Logs and trace > <server> > Diagnostic Trace > Change log detail levels).

How to Change WordPress Default Upload Folder?

In this example, we will change WordPress default upload folder from “wp-content/uploads” to “www” folder.

  • Go to WordPress root directory.
  • Locate and edit wp-config.php file.
  • Add in the following code (feel free to change ‘www‘ to your desired media path):
    define('UPLOADS','www');
  • Save your changes.

 

WordPress also allows us to disable media month and years folder structure. Go to Settings > Media, unchecked “Organize my uploads into month- and year-based folders” and click on the “Save Changes” button.

20160528037

WebSphere Portal Bug: Unable to Switch Project After Accessing URL Without MyPortal

We have raised a PMR with IBM (#72365,000,834). IBM has confirmed that the fix will be out in WebSphere Portal 8.5 CF12.

Users are unable to switch to projects that contain spaces in their name after they have access an anonymous page (without “myportal”). The behavior will persists until he/she has log out. Do take note that this behavior is only observed in WebSphere Portal CF 10.

Why would a user remove “myportal” from the url (in case L2 asking for use-case scenario again..)?
This is to simulate editors clicking on one of the relative links in the contents (for example a relative link (/contact-us) in “About Us” page that links to a “Contact Us” page).

An editor might click on “contact us” link to verify the link before switching to a project.

 

How to replicate:

  • *IMPORTANT* Ensure you have follow the instruction in “Changing the site URL after an installation” article to remove the context root and you are using WebSphere Portal CF 10.
  • Login to WebSphere Portal.
  • Create a new project by clicking on the “New Project” link.
    20160513224
  • Use the default project name which comes with a space. Click on “Create” button.
    20160513225
  • Switch back to Published Site.
    20160513226
  • Close the Project dialog.
    20160513227
  • Remove “myportal” from the url and press Enter.
    20160513228
  • Now switch to the project that you have created earlier.
    20160513229
  • You will realize that it will remain as “Published Site” even if you tried to insert “myportal” back.
    20160513230

WebSphere Portal Bug: Portal Theme “Breaks” in IE Local Intranet Security Settings

We have raised a PMR with IBM (#72308,000,834).

Our users highlight that the website “break” in IE whenever they click on the “Edit” mode button. The team examined and identified that this only happened to websites that are classified under Local Intranet Security settings (see screenshot below). This bug affects most of our intranet users as IE auto classified intranet websites under Local Intranet Security.

Current workaround: We advise them to exclude the site from Intranet Security settings or use alternative browsers like Chrome while we trying to get IBM to fix it.

In the example below, we will illustrate how to replicate the issue in your local environment using IE 11 and WebSphere Portal CF 9.

How to replicate:

  • Ensure that you have the following:
    • WebSphere Portal CF 9 and above (though we suspect this issue starts from the problematic WebSphere Portal CF 8 after they fixed the Site Manager bug)
    • IE 10 and above
  • Go to “Internet options” in your IE settings.
  • Go to “Security” and click on the “Sites” button.
  • Click on “Advanced” button.
  • Key in the website hostname that you wish to include in Local Intranet Security and click on the “Add” button.
  • Click “OK” button to close the “Local intranet” dialog.
  • Click “OK” button to close the “Internet Options” dialog.
  • Login to your website and toggle the “Edit” mode button.
  • *Poof!* The theme breaks!

WebSphere Portal Bug: More User-friendly Error For Creating Workflow Page Without Project In Manage Pages Portlet

We have raised a PMR with IBM (#72284,000,834).

A better feedback message is needed to inform the user that he/she need to be in a project in order to create a page from a workflow page template in Manage Pages portlet.

How to replicate:

  • Before proceed, ensure that you are using WebSphere Portal CF 9 and above and there is a workflow page template.
  • Login to Portal Administration page (http://<hostname>/myportal/Administration).
  • Go to Manage Pages (Portal User Interface > Manage Pages).
  • Click on “New Page from…” button.
  • Select the workflow page template *IMPORTANT* and click on the “OK” button.
  • A “EJPAS0017E: Unable to create <page title>” will be displayed, leaving the user trying to figure where he/she went wrong.

WebSphere Portal Bug: More User-friendly Error For Creating Page Without Page Template

We have raised a PMR with IBM (#72274,000,834).

A better feedback message is needed to inform the user that he/she need to select a page template before proceeding. It will be even better if the system disable the “Create Page” button until both page’s title and page template have been keyed/selected.

How to replicate:

  • Before proceed, ensure that you are using WebSphere Portal CF 9 and above and there are at least 2 page templates.
  • Toggle “Edit” mode and proceed to create a child page.
  • Key in the Page’s title and click on the “Create Page…” button. DO NOT SELECT any page template.
  • A “java.lang.NullPointerException” error message will be displayed, leaving the user trying to figure where he/she went wrong.

WebSphere Portal Bug: Missing “error” icon in Authoring Comment Section After Removing Context Root

9 Feb 2016: We have raised a PMR with IBM (#63843,000,834). 

9 March 2016 - IBM L2 replied:
"This seems to be an environmental issue. We tried to recreate the same on several local environments; but it's working absolutely fine everywhere! Will try on other environments; you may also meanwhile retry on other environments and update us." 

We immediately replied that we are able to replicate the issue in all of our environments (including local).
 
11 May 2016: IBM L2 finally acknowledge that they are able to replicate the issue after 3 month of "ding dong". #AmazingJourney #L3WillKnowImmediately #StopHogging


27 May 2016: IBM has come back with a fix (IFPI63085).

IBM finally allow us to remove context root using Configuration Wizard but it seems that the configuration wizard has missed out editing the context path in one of the javascript files (\PA_WCM_Authoring_UI.ear\ilwwcm-authoring.war\layers\full.js) in PA_WCM_Authoring_UI.  This in return causing a broken “error” icon with the comment dialog. The only reason why we keep pushing it as PMR (instead of fixing ourselves) is because we do not want to keep patching the file every time we patch the server with new CF.

How to replicate:

  • Follow “Changing the site URL after an installation” article to remove the context root.
  • Attach a content with a workflow that requires user’s comment on approval.
  • Click on the “Ok” button without keying anything in the comment box and the error will appear.
  • We can easily tell that the javascript is still referencing “/wps” by inspecting it using developer tools.

 

 

WebSphere Portal Bug: Anonymous Users Are Able To Access File in File Component Despite Component in Draft Status

We have raised a PMR with IBM (#72198,000,834) and IBM has confirmed that it is working as designed since author has assigned anonymous access at Draft stage. Furthermore, below example shows that we are accessing the file directly through Connect servlet instead of rendering through Web Content Viewer portlet (or Menu Component).

To sum up IBM reply:
1) Render through Web Content Viewer Portlet/Menu Component = Draft Content/Component will not be accessible by anonymous users (despite access rights have been granted to them)
2) Render through Connect Servlet = Anonymous users are able to access (because access rights are granted to them)

Our Take:
As developers, we understand IBM rationale. But we felt that in an ideal situation (and to make things easier for users to understand), anonymous users shouldn't be able to access a DRAFT content/component even if access rights are granted to them (regardless if they are hitting Connect servlet directly). 

UX teaches us that we shouldn't rely on the users to do the "right" things by linking it through rich-text editor. Definitely there will be lazy users who would copy the file link and link it up as content.

Conclusion: Tighten up Connect servlet security by preventing anonymous users able to access Draft content/component directly (regardless if access rights are given to them).

IBM allows administrators to enforce workflow for Library’s resources by adding “com.<resource type>=com.aptrix.pluto.workflow.WorkflowControl” in WCM WCMConfigServices custom properties. But the team has discovered that anonymous users are able to access the file in the file component despite the fact that the component is in Draft stage.

 

IMPORTANT, before you proceed, please ensure that your library is properly configured:

  • Login to Portal Administration page (http://<hostname>/myportal/Administration).
  • Go to Portal Content > Web Content Libraries.
  • Click on “Set Permission” icon for the library where you going to save your component in.
  • Ensure that “Allow Propagation” and “Allow Inheritance” are checked and click on “Edit Role” icon.
  • Ensure that “Anonymous Portal User” is added in the library’s User Role.

 

How to replicate the issue:

  • Go to Web Content Authoring Portlet (http://<hostname>/myportal/Applications/Content/Authoring).
  • Add a new file component (New > Component > File).
  • Key in the component’s Name, Display Title and upload a random file.
  • Click on “Add Workflow” button if you didn’t enforce the workflow in WAS.
  • Click on “Properties” tab and  add a workflow.
  • Click on the “Save” button to save the changes.
  • At this moment, your file component is in Draft status.
  • Click on the “Properties” tab again and ensure that “[anonymous portal user]” is been inherited in the Access section.
  • Copy the file’s url in the File Component.
  • Paste the url in a new browser (or in private / incognito mode) and remember to remove “my” from “myconnect” as using “myconnect” would prompt you to log in.
  • Press enter and you are able to download the file despite the file component is in Draft mode.

Preparing Theme’s Profile for Production Environment

It is always a good practice (but not necessary) to prepare a seperate production profile to remove modules that are not needed in the production (delivery) environment. The profile will also calls custom module that are built specially for production environment. An idea of what the custom module will contains:

  • Minified css and javascript
  • Google Analytics (for production)

 

Below shows a list of IBM default modules that we will usually remove from our production profile:

Module Description
getting_started_module The getting started module is a pre-defined module that you can use as starting place to quickly inject your own resources into the current theme.
wp_toolbar_host_view Module that groups all theme modules that are needed to make a page interoperable with the site toolbar. Add this module to the theme profile of your page if you want to edit the page by using the site toolbar. This module contains all contributions that are needed for view mode. This module must be added to the non-deferred section of the theme profile.
wp_portlet_css Earlier portlet CSS support.
wp_client_ext Contains advanced utilities like Promises, IO, DOM helpers, events, and the deferred module loading code.
wp_status_bar The theme status bar that relays information, warning, and error messages to the user.
wp_theme_menus The menu framework that was introduced in 2002.
wp_theme_skin_region Provides accessibility support
wp_layout_windowstates Maximize or Minimize portlet support that is implemented as a server-side data source.
wp_analytics_aggregator Inserts the reference to the analytics aggregator and its dependencies into the page.
wp_oob_sample_styles Styles for default web content samples.
wp_ic4_wai_resources Provides resources to enable Connections integration with WAI (Web Application Integrator).
wp_worklight_ext Automatically loads the MobileFirst Client and Cordova APIs for you so you can add native device capabilities in your hybrid applications.
wp_sametime_proxy New Sametime proxy support.
wp_draft_page_ribbon Adds Draft Page in text that appears along the sides of a page that has a draft in the current project.
Updates: module has been remove in WebSphere Portal 8.5 CF10
wp_theme_portal_edit_85 Contribution that is loaded when edit mode is turned on. Separates view mode from edit mode.
wp_analytics_tags Public module that provides the analytics tag and site promotion functions. This module also provides the dynamic content spots that produce the analytics micro-formats.
wp_contextmenu_live_object Provides Live Object Framework service to handle Component Action menu instances on a page.
wp_content_targeting_cam Provides resources that are required for the Content Targeting dialog that is started from the Component Action menu.
wp_skin_cam Allows the Component Action Menu to be opened by clicking an icon in the portlet skin.

In case you are wondering how much does this exercise really save.  It only managed to save 2 http requests and 54KB. The difference isn’t significant but we did it anyway for all of our clients.

References:

Enable Auto JSP Reload in WebSphere Portal

The easiest way to enable auto jsp reload in WebSphere Portal is via WebSphere Application Server console. Do the following steps to enable auto jsp reload in WebSphere Portal:

  1. Log on to the WebSphere® Integrated Solutions Console (https://<server ip>:10041/ibm/console) and go to Applications > Application Types > WebSphere enterprise applications.
  2. Click on the application that you wish to enable auto jsp reload.
  3. Click on “JSP and JSP options“.
  4. Checked “JSP enable class reloading” and key in “1” for JSP reload interval in seconds. Click on the OK button.
  5. Click on “Save” link (Save directly to the master configuration).
  6. You have successfully enable auto jsp reloading for that particular application in WebSphere Portal.