SecurID® Governance & Lifecycle Blog

Subscribe to the official SecurID Governance & Lifecycle community blog for information about new product features, industry insights, best practices, and more.

Customizing and repackaging aveksa.ear (VIA RSA Governance and Lifecycle 7.0)

PradeepKadambar
Moderator Moderator
Moderator
6 9 1,230

Often there are situations where we need to add a JDBC driver jar file or modify a JSP page to RSA VIA L&G. Prior or VIA L&G 7.0, one could modify the deployed EAR file to achieve this objective. With Wildfly, the way applications are deployed is quite different. The following article explain a process of customizing and deploying RSA VIA L&G archive on Wildfly.

 

This section describes the process for repackaging aveksa.ear file. For the purpose of demonstration we will add jTDS jar file to the package.

 

1. SSH to the IMG appliance as root

2. Create a new folder

 

mkdir /tmp/aveksa_ear

 

3. Unzip the latest aveksa.ear found under /home/oracle/archive to /tmp/aveksa_ear.

If the server is patched or updated pick the most recent one.

unzip -q -X /home/oracle/archive/aveksa_7.0.0_93958_P01-2016-May-26-15.29.ear -d /tmp/aveksa_ear

 

4. Copy the jTDS jar file the local agent location /tmp/aveksa_ear/APP-INF/lib

 

5. Repackage the aveksa_ear directory to create the aveksa.ear file which can be deployed. The generated EAR file will be placed under /tmp directory.

 

cd /tmp/aveksa_ear
zip /tmp/aveksa.ear * -qru

 

6. The next step is to deploy the repackaged aveksa.ear using the JBoss CLI utility.

 

/home/oracle/wildfly/bin/jboss-cli.sh -c --command="deploy /tmp/aveksa.ear --force"

 

Ensure that ACM service is running before you run this command.

7. Restart the ACM server

 

service aveksa_server restart

 

8. Copy the EAR file to archives folder and delete the temporary  directory /tmp/aveksa_ear/

 

mv /tmp/aveksa.ear /home/oracle/archive/aveksa_7.0.0_93958_P01-2016-May-26-15.29_PATCHED.ear 
rm /tmp/aveksa_ear

 

9. Update the archive repository file wildfly_deployment.properties under /home/oracle/archive to reflect the EAR file that was patched.

 

CURRENTLY_DEPLOYED_ARCHIVE=aveksa_7.0.0_93958_P01-2016-May-26-15.29_PATCHED.ear
This step is important to ensure that this EAR file is picked up for redeployment as well as for future patching.

That's it ! Once customized, this approach will ensure future patches will pick the updated EAR file and hence you won't lose your customization.


Note : Once a patch has been applied, the existence of the custom files added to APP-INF/lib can be verified under the directory /home/oracle/wildfly/standalone/tmp/vfs/deployment/deploymentxxxxxxxxx

Note : Once a patch has been applied, the existence of the custom files added to aveksa.war can be verified under the directory /home/oracle/wildfly/standalone/tmp/vfs/temp/temp*/content*/contents/aveksa.war

9 Comments
PatriceLeone
Employee
Employee

Thank you Pradeep. This is EXCELLENT and just what I was hoping for.

JamiePryer
Employee (Retired) Employee (Retired)
Employee (Retired)

great! thank you!!

 

Clive Morrish​ - check this out!

BassemEhab
Employee
Employee

Installation Guide Page 147

 

Customize RSA Via L&G:

 

You can customize RSA Via L&G by modifying the aveksa.ear file located in /home/oracle/archive.

RSA provides a utility (customizeACM.sh in /home/oracle/deploy) that allows you to conveniently

extract aveksa.ear file and rebuild a customized version.

 

Procedure

1. Log on to the appliance as the admin user.

2. Verify that RSA Via L&G is running. Enter

sudo service aveksa_server status If RSA Via L&G is running, the following message displays: Aveksa Compliance Manager Server is running If the message indicates that the server is not running, enter

sudo service aveksa_server start

3. Change to the oracle user.

4. Go to /home/oracle/deploy.

5. Run the customizeACM.sh script to extract the .ear file, specifying the location of the .ear file that you want to modify. Enter

customizeACM.sh -c <path to the ear file> The contents of the .ear are extracted to a directory in the following location:

/tmp/customizeACM/.

 

Note: If you do not specify the path to the .ear file, the script prompts you to use the currently

deployed .ear file. If you want to use the currently deployed .ear, enter yes. If you do not want

to use the currently deployed .ear, enter no.

 

6. Go to /tmp/customizeACM/ and modify the extracted files.

7. When you finish modifying the files, run the customizeACM.sh script again to rebuild the .ear file. From /home/oracle/deploy, enter customizeACM.sh -d

 

The script performs the following tasks:

-  Archives the new .ear file to the following location, appending a time and date stamp to the

name: /home/oracle/archive.

- Deploys the new customized .ear file.

TedBarbour
Employee
Employee

Can you clarify if the procedure you describe is necessary instead of the documented procedure that Bassem Ehab posted?

SeanMiller1
Moderator Moderator
Moderator

The procedure Bassem posted is correct.  The original posting had this line:

 

6. The next step is to deploy the repackaged aveksa.ear using the JBoss CLI utility.

/home/oracle/wildfly/bin/jboss-cli.sh -c --command="deploy /tmp/aveksa.ear --force"

 

 

The customizeACM.sh does stuff like this under the covers.  You should use the customizeACM.sh script and then modify the archive directory it creates and use the same script to deploy that.

PradeepKadambar
Moderator Moderator
Moderator

I attempted the out of the box script once and that did not work for me and hence I extracted the process adapted in this script. I wasn't sure the failure was related to some special situation on the customers system.

 

I agree that if customizeACM.sh works as intended it should be used in lieu of manual process.

BassemEhab
Employee
Employee

Hi Pradeep,

     please find the steps mentioned on this KB-Article: 000033000

it states what's to do when the script is not working fine

ReubenFisher
Employee
Employee

Note - It's  RSA Identity, Governance and Lifecycle not Lifestyle 

PradeepKadambar
Moderator Moderator
Moderator

Thanks, blind spellchecking on my part