This guide provides a basis for parameter and application tuning for IBM® WebSphere® Portal for Multiplatforms Version 6.1.X. Remember that both tuning and capacity are affected by many factors, including the workload scenario and the performance measurement environment. For tuning, the objective of this paper is not to recommend that you use the values we used when measuring our scenarios, but to make you aware of those parameters used in our configuration. When tuning your individual systems, it is important to begin with a baseline, monitor the performance metrics to determine if any parameters should be changed and, when a change is made, monitor the performance metrics to determine the effectiveness of the change.
This updated version of the tuning guide for WebSphere Portal 6.1/6.1.0.X. This update includes newly added tuning sections for z/OS, Solaris, Oracle and much more.
Performance tuning overview
Tuning a WebSphere Portal environment involves tuning and configuring the various systems and components of the environment. This chapter discusses some general concepts and details the specifics of the configuration used in our measurement environments. These specifics entail:
Configuring the application server and the resources defined for that application server
Tuning the database(s) and database server
Tuning the directory server and its database
Tuning the web server and/or proxy server
Tuning the operating system and network
Tuning the WebSphere Portal services
When tuning your individual systems, it is important to begin with a baseline, monitor the performance metrics to determine if any parameters should be changed and, when a change is made, monitor the performance metrics to determine the effectiveness of the change.
In addition to the tuning changes we made in our measurement environments, there are some additional tuning options available which can improve performance in certain circumstances; these will be discussed in a separate section.
Please click here for PDF
Friday, November 12, 2010
WebSphere Portal startup problem
How to Troubleshoot a WebSphere Portal startup problem
This guide will teach you how to troubleshoot a WebSphere Portal startup failure. For the purposes of this guide, a startup failure is defined as being unable to render Portal in the web browser after starting the WebSphere_Portal server even though the server is 'open for e-business'.
When accessing WebSphere Portal in a browser, it is important to keep in mind that you are simply accessing the wps.ear application within the WebSphere_Portal server.
Even though you may see the 'open for e-business' message for the WebSphere_Portal server, this does not guarantee that the wps.ear application itself started successfully.
We will explore three common scenarios:
1. '404 Initialization of one or more services failed' in browser
2. '404 Page Not Found' in browser
3. 'A WebGroup/Virtual Host to handle /wps/portal has not been defined.' or 'Error 404: No target servlet configured for uri: /wps/portal ' in browser
To begin troubleshooting these failures, you will only need the SystemOut.log. This log is located by default in the following directories for Portal v6.0 and v6.1:
Portal v6.0: /log
Portal v6.1: /logs/WebSphere_Portal/
Scenario 1: '404 Initialization of one or more services failed'
If you see this message in your web browser, this is a definitive sign that the wps.ear application failed to start correctly. This can occur for numerous reasons and is often difficult to determine where to start investigating. The following steps should help you determine which errors are relevant:
1. Open the SystemOut.log for the WebSphere_Portal server
2. Find the last startup attempt of this server. Each startup is headed by the following block of text (details within this block of text, such as WAS version, OS version, classpaths, will vary):
Start Display Current Environment
.......
* End Display Current Environment *
HINT: To quickly find the last startup, search for the last occurrence of the string 'Start Display Current Environment'
HINT: This same block of text always appears at the top of the SystemOut.log, despite whether or not it's at the beginning of a startup. The very next line after the above block of text will be:
TRAS0017I: The startup trace state is *=info
If you do not see this line, check the most recent backed up SystemOut.log file and repeat until you find the last startup attempt.
3. Find the following line during this startup attempt:
WSVR0200I: Starting application: wps
4. Find the following line during this startup attempt:
WSVR0221I: Application started: wps
5. Note all error messages that occur between these two lines. These are the ONLY error messages you need to be concerned with. Every other error message that you may see outside of these two lines are irrelevant.
6. See if you can find any “Caused By:” statements in the error messages. These are the most important errors and are the root cause of the issue.
7. wps.ear can fail to start for a variety of reasons so it is not possible to document here every possible issue for a startup failure. If the error message is not obvious, search the WebSphere Portal Support site for any error codes you find to see if there are any known documented issues or apars.
http://www-01.ibm.com/software/genservers/portal/support/
For example, suppose you see messages like this:
[9/10/08 16:16:22:081 CDT] 00000017 VaultServiceI E com.ibm.wps.services.credentialvault.VaultServiceImpl checkSystemDNInitialized EJPSK0028E: Invalid system user DN 'systemcred.dn' property value. Ensure that the DN value is valid in the vault service properties file.
com.ibm.portal.puma.MemberNotFoundException: EJPSG0002E: Requested Member does not exist.uid=wpsadmin,o=defaultWIMFileBasedRealm
.
.
.
Caused by: com.ibm.websphere.wim.exception.EntityNotFoundException: CWWIM4001E The 'uid=wpsadmin,o=defaultWIMFileBasedRealm' entity was not found.
at com.ibm.ws.wim.adapter.file.was.FileData.getByDN(FileData.java:929)
at com.ibm.ws.wim.adapter.file.was.FileAdapter.get(FileAdapter.java:798)
You would search for the error codes:
CWWIM4001E EJPSK0028E EJPSG0002E
Scenario 2: 'Page Not Found'
If you see this message in the browser, this typically means one of the following:
- The WebSphere_Portal server is not started
- You are using the wrong port number
- You are using the wrong hostname
For this scenario, we will assume that the server is actually started. The correct values for the port and hostname , from a WAS perspective, are controlled by the Virtual Host configuration in WAS. You can retrieve this information from the SystemOut.log by following these steps:
1. Open the SystemOut.log for the WebSphere_Portal server.
2. Find the last startup attempt of this server. Each startup is headed by the following block of text (details within this block of text, such as WAS version, OS version, classpaths, will vary):
Start Display Current Environment
.......
* End Display Current Environment *
HINT: To quickly find the last startup, search for the last occurrence of the string 'Start Display Current Environment'
HINT: This same block of text always appears at the top of the SystemOut.log, despite whether or not it's at the beginning of a startup. The very next line after the above block of text will be:
TRAS0017I: The startup trace state is *=info
If you do not see this line, check the most recent backed up SystemOut.log file and repeat until you find the last startup attempt.
3. Find where the wps application is started:
WSVR0221I: Application started: wps
4. A few lines before this line, you should see a line similar to this:
SRVE0250I: Web Module WebSphere Portal Server has been bound to default_host[*:10000,*:80,*:10002,*:10038,*:10035].
This line shows you which virtual host wps is mapped to, along with which ports and hostnames are valid. In this example, you see *. This means that any hostname that is valid for the operating system will work here. In some cases you might see a specific hostname:
SRVE0250I: Web Module WebSphere Portal Server has been bound to default_host[hostname:10000,hostname:80,hostname:10002,hostname:10038,hostname:10035].
This means that in order to access this application, you must explicitly use this hostname.
5. Find in the log where the server is open for e-business:
WSVR0001I: Server WebSphere_Portal open for e-business
6. A few lines before this line, you will see several ports being initialized. Check which port is being initialized for WCInboundDefault:
TCPC0001I: TCP Channel TCP_2 is listening on host * (IPv4) port 10038.
CHFW0019I: The Transport Channel Service has started chain WCInboundDefault.
This port must be listed as one of the ports from step 4. This is the port you must use to access wps.
7. Ensure that you are using the correct hostname from step 4 (if *, this can be any valid hostname for the OS) and the correct port from step 6.
http://hostname:port/wps/portal
Scenario 3: 'A WebGroup/Virtual Host to handle /wps/portal has not been defined.' or 'Error 404: No target servlet configured for uri: /wps/portal'
If you see this exception, this means one of the following:
– wps.ear has been uninstalled
– wps.ear is no longer mapped to the WebSphere_Portal server or the Cluster
– The context root for wps.ear is no longer /wps/portal
Follow these steps to determine if something has happened to wps.ear:
1. Open the SystemOut.log
2. Find the last startup attempt of this server. Each startup is headed by the following block of text (details within this block of text, such as WAS version, OS version, classpaths, will vary):
Start Display Current Environment
.......
* End Display Current Environment *
HINT: To quickly find the last startup, search for the last occurrence of the string 'Start Display Current Environment'
HINT: This same block of text always appears at the top of the SystemOut.log, despite whether or not it's at the beginning of a startup. The very next line after the above block of text will be:
TRAS0017I: The startup trace state is *=info
If you do not see this line, check the most recent backed up SystemOut.log file and repeat until you find the last startup attempt.
3. Find the following line during this startup attempt:
WSVR0200I: Starting application: wps
NOTE: If you do not see this line, this is a clear indication that wps has either been uninstalled or is no longer mapped to your server. To check this, do the following:
• Login to server1 or the DMGR
• Navigate to Applications -> Enterprise Applications
• Search for wps
• If do not find it, it has been uninstalled. If you do find it, click the link for it.
• For WAS v6.0.x, click 'Map modules to servers'
For WAS v6.1.x, click 'Manage Modules'
• Ensure that WebSphere_Portal if standalone or the ClusterName if clustered is mapped correctly for this application
4. Assuming you find the line in step 3, double check the context root. Several lines after this line, you should see a line like this:
SRVE0242I: [wps] [/wps] [portal]: Initialization successful.
This is your context root. In this example, it is:
/wps/portal
This can vary. For example:
SRVE0242I: [wps] [/contextRoot] [portal]: Initialization successful.
In this case, it is: /contextRoot/portal
This is what you should be typing to access Portal.
This guide will teach you how to troubleshoot a WebSphere Portal startup failure. For the purposes of this guide, a startup failure is defined as being unable to render Portal in the web browser after starting the WebSphere_Portal server even though the server is 'open for e-business'.
When accessing WebSphere Portal in a browser, it is important to keep in mind that you are simply accessing the wps.ear application within the WebSphere_Portal server.
Even though you may see the 'open for e-business' message for the WebSphere_Portal server, this does not guarantee that the wps.ear application itself started successfully.
We will explore three common scenarios:
1. '404 Initialization of one or more services failed' in browser
2. '404 Page Not Found' in browser
3. 'A WebGroup/Virtual Host to handle /wps/portal has not been defined.' or 'Error 404: No target servlet configured for uri: /wps/portal ' in browser
To begin troubleshooting these failures, you will only need the SystemOut.log. This log is located by default in the following directories for Portal v6.0 and v6.1:
Portal v6.0: /log
Portal v6.1: /logs/WebSphere_Portal/
Scenario 1: '404 Initialization of one or more services failed'
If you see this message in your web browser, this is a definitive sign that the wps.ear application failed to start correctly. This can occur for numerous reasons and is often difficult to determine where to start investigating. The following steps should help you determine which errors are relevant:
1. Open the SystemOut.log for the WebSphere_Portal server
2. Find the last startup attempt of this server. Each startup is headed by the following block of text (details within this block of text, such as WAS version, OS version, classpaths, will vary):
Start Display Current Environment
.......
* End Display Current Environment *
HINT: To quickly find the last startup, search for the last occurrence of the string 'Start Display Current Environment'
HINT: This same block of text always appears at the top of the SystemOut.log, despite whether or not it's at the beginning of a startup. The very next line after the above block of text will be:
TRAS0017I: The startup trace state is *=info
If you do not see this line, check the most recent backed up SystemOut.log file and repeat until you find the last startup attempt.
3. Find the following line during this startup attempt:
WSVR0200I: Starting application: wps
4. Find the following line during this startup attempt:
WSVR0221I: Application started: wps
5. Note all error messages that occur between these two lines. These are the ONLY error messages you need to be concerned with. Every other error message that you may see outside of these two lines are irrelevant.
6. See if you can find any “Caused By:” statements in the error messages. These are the most important errors and are the root cause of the issue.
7. wps.ear can fail to start for a variety of reasons so it is not possible to document here every possible issue for a startup failure. If the error message is not obvious, search the WebSphere Portal Support site for any error codes you find to see if there are any known documented issues or apars.
http://www-01.ibm.com/software/genservers/portal/support/
For example, suppose you see messages like this:
[9/10/08 16:16:22:081 CDT] 00000017 VaultServiceI E com.ibm.wps.services.credentialvault.VaultServiceImpl checkSystemDNInitialized EJPSK0028E: Invalid system user DN 'systemcred.dn' property value. Ensure that the DN value is valid in the vault service properties file.
com.ibm.portal.puma.MemberNotFoundException: EJPSG0002E: Requested Member does not exist.uid=wpsadmin,o=defaultWIMFileBasedRealm
.
.
.
Caused by: com.ibm.websphere.wim.exception.EntityNotFoundException: CWWIM4001E The 'uid=wpsadmin,o=defaultWIMFileBasedRealm' entity was not found.
at com.ibm.ws.wim.adapter.file.was.FileData.getByDN(FileData.java:929)
at com.ibm.ws.wim.adapter.file.was.FileAdapter.get(FileAdapter.java:798)
You would search for the error codes:
CWWIM4001E EJPSK0028E EJPSG0002E
Scenario 2: 'Page Not Found'
If you see this message in the browser, this typically means one of the following:
- The WebSphere_Portal server is not started
- You are using the wrong port number
- You are using the wrong hostname
For this scenario, we will assume that the server is actually started. The correct values for the port and hostname , from a WAS perspective, are controlled by the Virtual Host configuration in WAS. You can retrieve this information from the SystemOut.log by following these steps:
1. Open the SystemOut.log for the WebSphere_Portal server.
2. Find the last startup attempt of this server. Each startup is headed by the following block of text (details within this block of text, such as WAS version, OS version, classpaths, will vary):
Start Display Current Environment
.......
* End Display Current Environment *
HINT: To quickly find the last startup, search for the last occurrence of the string 'Start Display Current Environment'
HINT: This same block of text always appears at the top of the SystemOut.log, despite whether or not it's at the beginning of a startup. The very next line after the above block of text will be:
TRAS0017I: The startup trace state is *=info
If you do not see this line, check the most recent backed up SystemOut.log file and repeat until you find the last startup attempt.
3. Find where the wps application is started:
WSVR0221I: Application started: wps
4. A few lines before this line, you should see a line similar to this:
SRVE0250I: Web Module WebSphere Portal Server has been bound to default_host[*:10000,*:80,*:10002,*:10038,*:10035].
This line shows you which virtual host wps is mapped to, along with which ports and hostnames are valid. In this example, you see *. This means that any hostname that is valid for the operating system will work here. In some cases you might see a specific hostname:
SRVE0250I: Web Module WebSphere Portal Server has been bound to default_host[hostname:10000,hostname:80,hostname:10002,hostname:10038,hostname:10035].
This means that in order to access this application, you must explicitly use this hostname.
5. Find in the log where the server is open for e-business:
WSVR0001I: Server WebSphere_Portal open for e-business
6. A few lines before this line, you will see several ports being initialized. Check which port is being initialized for WCInboundDefault:
TCPC0001I: TCP Channel TCP_2 is listening on host * (IPv4) port 10038.
CHFW0019I: The Transport Channel Service has started chain WCInboundDefault.
This port must be listed as one of the ports from step 4. This is the port you must use to access wps.
7. Ensure that you are using the correct hostname from step 4 (if *, this can be any valid hostname for the OS) and the correct port from step 6.
http://hostname:port/wps/portal
Scenario 3: 'A WebGroup/Virtual Host to handle /wps/portal has not been defined.' or 'Error 404: No target servlet configured for uri: /wps/portal'
If you see this exception, this means one of the following:
– wps.ear has been uninstalled
– wps.ear is no longer mapped to the WebSphere_Portal server or the Cluster
– The context root for wps.ear is no longer /wps/portal
Follow these steps to determine if something has happened to wps.ear:
1. Open the SystemOut.log
2. Find the last startup attempt of this server. Each startup is headed by the following block of text (details within this block of text, such as WAS version, OS version, classpaths, will vary):
Start Display Current Environment
.......
* End Display Current Environment *
HINT: To quickly find the last startup, search for the last occurrence of the string 'Start Display Current Environment'
HINT: This same block of text always appears at the top of the SystemOut.log, despite whether or not it's at the beginning of a startup. The very next line after the above block of text will be:
TRAS0017I: The startup trace state is *=info
If you do not see this line, check the most recent backed up SystemOut.log file and repeat until you find the last startup attempt.
3. Find the following line during this startup attempt:
WSVR0200I: Starting application: wps
NOTE: If you do not see this line, this is a clear indication that wps has either been uninstalled or is no longer mapped to your server. To check this, do the following:
• Login to server1 or the DMGR
• Navigate to Applications -> Enterprise Applications
• Search for wps
• If do not find it, it has been uninstalled. If you do find it, click the link for it.
• For WAS v6.0.x, click 'Map modules to servers'
For WAS v6.1.x, click 'Manage Modules'
• Ensure that WebSphere_Portal if standalone or the ClusterName if clustered is mapped correctly for this application
4. Assuming you find the line in step 3, double check the context root. Several lines after this line, you should see a line like this:
SRVE0242I: [wps] [/wps] [portal]: Initialization successful.
This is your context root. In this example, it is:
/wps/portal
This can vary. For example:
SRVE0242I: [wps] [/contextRoot] [portal]: Initialization successful.
In this case, it is: /contextRoot/portal
This is what you should be typing to access Portal.
Monday, May 10, 2010
A new era in Business process Management
What is IBM WebSphere Business Modeler software
IBM WebSphere Business Modeler software is the tool for documenting and understanding existing processes. It can help you visualize, document and model business processes for understanding and process execution, enabling you to rework older business processes into more agile ones or create new processes from scratch. The software enables users to make informed decisions about deployment with advanced analysis and simulation capabilities based on modeled and actual data. Business analysts can visualize and identify bottlenecks to better optimize processes. This robust modeling tool can then turn these process models into executable business processes for automation.
What is IBM WebSphere Dynamic Process Edition software
To realize the full potential of business processes, organizations with diverse,constantly evolving IT environments need comprehensive BPM capabilities, including modeling and simulation, rapid deployment and real-time business process monitoring and analysis. IBM WebSphere Dynamic Process Edition includes all of these capabilities and organizes SOA and BPM infrastructure into shareable, reusable intelligent business services, for a fully realized SOA vision of architectural agility and reuse.
What is IBM WebSphere Industry Content Pack assets
IBM WebSphere Industry Content Packs provide prebuilt assets to speed and enhance BPM solution delivery from modeling to deployment to monitoring including maps and models, service schemas and interfaces, key performance indicators (KPIs), business glossaries and end-to-end solution examples. Based on industry standards, they can help to reduce risk and increase consistency and reuse across the different lines of business within an enterprise and are available for banking, healthcare, insurance, industrial product life-cycle manageme
and telecommunications. The industry content packs are a core part of the IBM Industry Frameworks, which combine the power of award-winning IBM software with industry-specific assets and best practices specifically configured to meet an industry’s specific challenges and needs.
What is IBM WebSphere Transformation Extender software
IBM WebSphere Transformation Extender software increases the speed and reliability with which SOA applications and services can be extended beyond organizational walls to partners, suppliers and customers. For industry-specific data solutions, enterprises can leverage predefined WebSphere Transformation Extender Industry Packs, including healthcare, financial services, insurance and electronic data interchange (EDI). Complex industry transformations can be deployed quickly, with relative ease, helping to increase transaction volume while providing additional flexibility and fostering adaptability to industry changes. WebSphere Transformation Extender software helps remove risk from projects where regulatory bodies or industry service providers require strict conformance to mandatory and advisory guidelines.
What is IBM WebSphere Business Monitor software
When business leaders can link operational metrics to business strategy, their decision-making ability improves. WebSphere Business Monitor software provides real-time insight into business processes, presented in easy-to-read role-based business dashboards. Users can integrate existing business activity monitoring capabilities into WebSphere Business Monitor dashboards, along with other BPM, enterprise resource planning (ERP) and legacy applications, for more holistic process management. And the software offers an embedded metrics library of more than 800 open standard KPIs.
IBM WebSphere Business Modeler software is the tool for documenting and understanding existing processes. It can help you visualize, document and model business processes for understanding and process execution, enabling you to rework older business processes into more agile ones or create new processes from scratch. The software enables users to make informed decisions about deployment with advanced analysis and simulation capabilities based on modeled and actual data. Business analysts can visualize and identify bottlenecks to better optimize processes. This robust modeling tool can then turn these process models into executable business processes for automation.
What is IBM WebSphere Dynamic Process Edition software
To realize the full potential of business processes, organizations with diverse,constantly evolving IT environments need comprehensive BPM capabilities, including modeling and simulation, rapid deployment and real-time business process monitoring and analysis. IBM WebSphere Dynamic Process Edition includes all of these capabilities and organizes SOA and BPM infrastructure into shareable, reusable intelligent business services, for a fully realized SOA vision of architectural agility and reuse.
What is IBM WebSphere Industry Content Pack assets
IBM WebSphere Industry Content Packs provide prebuilt assets to speed and enhance BPM solution delivery from modeling to deployment to monitoring including maps and models, service schemas and interfaces, key performance indicators (KPIs), business glossaries and end-to-end solution examples. Based on industry standards, they can help to reduce risk and increase consistency and reuse across the different lines of business within an enterprise and are available for banking, healthcare, insurance, industrial product life-cycle manageme
and telecommunications. The industry content packs are a core part of the IBM Industry Frameworks, which combine the power of award-winning IBM software with industry-specific assets and best practices specifically configured to meet an industry’s specific challenges and needs.
What is IBM WebSphere Transformation Extender software
IBM WebSphere Transformation Extender software increases the speed and reliability with which SOA applications and services can be extended beyond organizational walls to partners, suppliers and customers. For industry-specific data solutions, enterprises can leverage predefined WebSphere Transformation Extender Industry Packs, including healthcare, financial services, insurance and electronic data interchange (EDI). Complex industry transformations can be deployed quickly, with relative ease, helping to increase transaction volume while providing additional flexibility and fostering adaptability to industry changes. WebSphere Transformation Extender software helps remove risk from projects where regulatory bodies or industry service providers require strict conformance to mandatory and advisory guidelines.
What is IBM WebSphere Business Monitor software
When business leaders can link operational metrics to business strategy, their decision-making ability improves. WebSphere Business Monitor software provides real-time insight into business processes, presented in easy-to-read role-based business dashboards. Users can integrate existing business activity monitoring capabilities into WebSphere Business Monitor dashboards, along with other BPM, enterprise resource planning (ERP) and legacy applications, for more holistic process management. And the software offers an embedded metrics library of more than 800 open standard KPIs.
Monday, May 3, 2010
Troubleshooting IBM HTTP Server
Troubleshooting IBM HTTP Server.
Viewing error messages for a server that fails to start
If you encounter an error starting a HTTP server, you can view the error message in the server logs.
About :
If the target Web server fails to start, a message might appear on the WebSphere Application Server administrative console that indicates that the Web server cannot be started and to view the error messages in the server logs for further details. The types of errors that can result are:
•errors due to caching problems
•errors due to configuration problems
•errors due to SSL handshake failures
•errors due to SSL initialization problems
•errors due to I/O failures
•errors due to Secure Sockets Layer (SSL) stash utility problems
Cache messages
This topic contains error messages that might result due to caching problems and provides a solution to help you troubleshoot the problem.
The following messages are displayed due to caching problems:
• Message: SSL0600E: Unable to connect to session ID cache
o Reason: The server cannot connect to the Session ID caching daemon.
o Solution: Verify that the daemon successfully started.
• Message: SSL0601E: Session ID cache daemon process exited with exit code ; restarting
o Reason: If the value of is 0, the session ID cache daemon (sidd) received the SIGTERM signal. Other exit codes are not expected. Sidd automatically restarted.
o Solution: If the value of is 0 and IBM® HTTP Server did not stop or restart, verify that locally installed CGI scripts, scheduled operating system tasks, or other monitoring software cannot send SIGTERM to sidd.
• Message: SSL0602E: Session ID cache daemon process exited with terminating signal ; restarting
o Reason: The session ID cache daemon (sidd) received a signal other than SIGTERM was received by the session ID cache daemon (sidd), which caused it to exit. Sidd automatically restarted.
o Solution: If the value of is 0 and IBM HTTP Server did not stop or restart, verify that locally installed CGI scripts, scheduled operating system tasks, or other monitoring software cannot send the signal to sidd.
• Message: SSL0603E: Session ID cache daemon process exited with exit code; not restarting; check sidd configuration or enable sidd error log with SSLCacheErrorLog
o Reason: The session ID cache daemon (sidd) did not initialize. The following possible exit code values might be displayed:
Value Reason
2 Log files could not be opened. The SSLCacheTraceLog or the SSLCacheErrorLog directive is not valid.
3 The AF_UNIX socket cannot be initialized. Use the SSLCachePortFilename directive to specify a different socket for the session ID cache daemon.
4 Sidd cannot switch to the configured user and group. Verify the values for the user and group directives.
o Solution: Provide a valid value for the directives and restart IBM HTTP Server.
Configuration messages
This topic contains error messages that might result due to configuration problems and provides solutions to help you troubleshoot these problems.
The following messages appear due to configuration problems:
• Message: SSL0300E: Unable to allocate terminal node.
• Message: SSL0301E: Unable to allocate string value in node.
• Message: SSL0302E: Unable to allocate non terminal node.
• Message: SSL0303E: Syntax Error in SSLClientAuthGroup directive.
• Message: SSL0304E: Syntax Error in SSLClientAuthRequire directive.
• Message: SSL0307E: Invalid token preceding NOT or !
• Message: SSL0308E: A group is specified in SSLClientAuthRequire but no groups are specified.
• Message: SSL0309E: The group is specified in SSLClientAuthRequire is not defined.
• Message: SSL0310I: Access denied to object due to invalid SSL version, expected .
• Message: SSL0311E: Unable to get cipher in checkBanCipher.
• Message: SSL0312I: Cipher is in ban list and client is forbidden to access object.
• Message: SSL0313E: Fell through to default return in checkCipherBan.
• Message: SSL0314E: Cipher is NULL in checkRequireCipher.
• Message: SSL0315E: Cipher used is not in the list of required ciphers to access this object.
• Message: SSL0316E: Fell through to default return in checkCipherRequire.
• Message: SSL0317E: Unable to allocate memory for fake basic authentication username.
• Message: SSL0318E: Limit exceeded for specified cipher specs, only 64 total allowed.
o Reason: The number of ciphers configured using the SSLCipherSpec directive exceeds the maximum allowed of 64.
o Solution: Check for duplicate SSLCipherSpec directives.
• Message: SSL0319E: Cipher Spec is not supported by this GSK library.
o Reason: The cipher is not a valid cipher for use with the installed SSL libraries.
o Solution: Check that a valid cipher value was entered with the SSLCipherSpec directive.
• Message: SSL0320I: Using Version 2|3 Cipher:.
o Reason: This is an informational message listing the ciphers used for connections to this virtual host.
o Solution: None.
• Message: SSL0321E: Invalid cipher spec.
o Reason: The cipher is not a valid cipher.
o Solution: Check the documentation for a list of valid cipher specs.
• Message: SSL0322E: Cipher Spec is not valid.
o Reason: The cipher is not a valid cipher.
o Solution: Check the documentation for a list of valid cipher specs.
• Message: SSL0323E: Cipher Spec has already been added.
o Reason: A duplicate SSLCipherSpec directive has been encountered.
o Solution: This instance of the directive is ignored and should be removed from the configuration file.
• Message: SSL0324E: Unable to allocate storage for cipher specs.
o Reason: The server could not allocate memory needed to complete the operation.
o Solution: Take action to free up some additional memory. Try reducing the number of threads or processes running, or increasing virtual memory.
• Message: SSL0325E: Cipher Spec has already been added to the v2|v3 ban|require list.
o Reason: A duplicate cipher was specified on the SSLCipherBan directive.
o Solution: This instance of the directive is ignored and should be removed from the configuration file.
• Message: SSL0326E: Invalid cipher spec set for SSLCipherBan|SSLCipherRequire.
o Reason: The cipher is not a valid cipher.
o Solution: Check the documentation for a list of valid cipher specs.
• Message: SSL0327E: Invalid value for sslv2timeout|sslv3timeout, using default value of nn seconds.
o Reason: The timeout value specified is not in the valid range.
o Solution: Check the documentation for the proper range of values.
• Message: SSL0328W: Invalid argument for SSLClientAuth:. CRL can not be turned on unless Client Authentication is on.
• Message: SSL0329W: Invalid argument for SSLClientAuth:. If a second argument is entered it must be CRL. CRL cannot be turned on unless client authentication is on.
• Message: SSL0330W: Invalid argument for SSLClientAuth:. If a second value is entered it must be crl.
• Message: SSL0331W: Invalid argument for SSLClientAuth:. The first value must be 0, 1, 2 none, optional, or required.
• Message: SSL0332E: Not enough arguments specified for SSLClientAuthGroup.
• Message: SSL0333E: No parse tree created for.
o Reason: An error occurred processing the SSLClientAuthRequire directive.
o Solution: Check for other error messages. Enable tracing of Client Authentication by adding the directive SSLClientAuthRequireTraceOn to the configuration file.
• Message: SSL0334E: Function ap_make_table failed processing label.
• Message: SSL0337E: OCSP is not supported with this level of GSKit
o Reason: OCSP support requires GSKit 7.0.4.14 or higher
o Solution: Upgrade the level of GSKit on the system to 7.0.4.14 or higher
Handshake messages
This topic contains error messages that might result due to SSL handshake failures and provides solutions to help you troubleshoot these problems.
The following messages display due to handshake failures:
• Message: SSL0200E: Handshake Failed,
Viewing error messages for a server that fails to start
If you encounter an error starting a HTTP server, you can view the error message in the server logs.
About :
If the target Web server fails to start, a message might appear on the WebSphere Application Server administrative console that indicates that the Web server cannot be started and to view the error messages in the server logs for further details. The types of errors that can result are:
•errors due to caching problems
•errors due to configuration problems
•errors due to SSL handshake failures
•errors due to SSL initialization problems
•errors due to I/O failures
•errors due to Secure Sockets Layer (SSL) stash utility problems
Cache messages
This topic contains error messages that might result due to caching problems and provides a solution to help you troubleshoot the problem.
The following messages are displayed due to caching problems:
• Message: SSL0600E: Unable to connect to session ID cache
o Reason: The server cannot connect to the Session ID caching daemon.
o Solution: Verify that the daemon successfully started.
• Message: SSL0601E: Session ID cache daemon process
o Reason: If the value of
o Solution: If the value of
• Message: SSL0602E: Session ID cache daemon process
o Reason: The session ID cache daemon (sidd) received a signal other than SIGTERM was received by the session ID cache daemon (sidd), which caused it to exit. Sidd automatically restarted.
o Solution: If the value of
• Message: SSL0603E: Session ID cache daemon process
o Reason: The session ID cache daemon (sidd) did not initialize. The following possible exit code values might be displayed:
Value Reason
2 Log files could not be opened. The SSLCacheTraceLog or the SSLCacheErrorLog directive is not valid.
3 The AF_UNIX socket cannot be initialized. Use the SSLCachePortFilename directive to specify a different socket for the session ID cache daemon.
4 Sidd cannot switch to the configured user and group. Verify the values for the user and group directives.
o Solution: Provide a valid value for the directives and restart IBM HTTP Server.
Configuration messages
This topic contains error messages that might result due to configuration problems and provides solutions to help you troubleshoot these problems.
The following messages appear due to configuration problems:
• Message: SSL0300E: Unable to allocate terminal node.
• Message: SSL0301E: Unable to allocate string value in node.
• Message: SSL0302E: Unable to allocate non terminal node.
• Message: SSL0303E: Syntax Error in SSLClientAuthGroup directive.
• Message: SSL0304E: Syntax Error in SSLClientAuthRequire directive.
• Message: SSL0307E: Invalid token preceding NOT or !
• Message: SSL0308E: A group is specified in SSLClientAuthRequire but no groups are specified.
• Message: SSL0309E: The group
• Message: SSL0310I: Access denied to object due to invalid SSL version
• Message: SSL0311E: Unable to get cipher in checkBanCipher.
• Message: SSL0312I: Cipher
• Message: SSL0313E: Fell through to default return in checkCipherBan.
• Message: SSL0314E: Cipher is NULL in checkRequireCipher.
• Message: SSL0315E: Cipher
• Message: SSL0316E: Fell through to default return in checkCipherRequire.
• Message: SSL0317E: Unable to allocate memory for fake basic authentication username.
• Message: SSL0318E: Limit exceeded for specified cipher specs, only 64 total allowed.
o Reason: The number of ciphers configured using the SSLCipherSpec directive exceeds the maximum allowed of 64.
o Solution: Check for duplicate SSLCipherSpec directives.
• Message: SSL0319E: Cipher Spec
o Reason: The cipher is not a valid cipher for use with the installed SSL libraries.
o Solution: Check that a valid cipher value was entered with the SSLCipherSpec directive.
• Message: SSL0320I: Using Version 2|3 Cipher:
o Reason: This is an informational message listing the ciphers used for connections to this virtual host.
o Solution: None.
• Message: SSL0321E: Invalid cipher spec
o Reason: The cipher is not a valid cipher.
o Solution: Check the documentation for a list of valid cipher specs.
• Message: SSL0322E: Cipher Spec
o Reason: The cipher is not a valid cipher.
o Solution: Check the documentation for a list of valid cipher specs.
• Message: SSL0323E: Cipher Spec
o Reason: A duplicate SSLCipherSpec directive has been encountered.
o Solution: This instance of the directive is ignored and should be removed from the configuration file.
• Message: SSL0324E: Unable to allocate storage for cipher specs.
o Reason: The server could not allocate memory needed to complete the operation.
o Solution: Take action to free up some additional memory. Try reducing the number of threads or processes running, or increasing virtual memory.
• Message: SSL0325E: Cipher Spec
o Reason: A duplicate cipher was specified on the SSLCipherBan directive.
o Solution: This instance of the directive is ignored and should be removed from the configuration file.
• Message: SSL0326E: Invalid cipher spec
o Reason: The cipher is not a valid cipher.
o Solution: Check the documentation for a list of valid cipher specs.
• Message: SSL0327E: Invalid value for sslv2timeout|sslv3timeout, using default value of nn seconds.
o Reason: The timeout value specified is not in the valid range.
o Solution: Check the documentation for the proper range of values.
• Message: SSL0328W: Invalid argument for SSLClientAuth:
• Message: SSL0329W: Invalid argument for SSLClientAuth:
• Message: SSL0330W: Invalid argument for SSLClientAuth:
• Message: SSL0331W: Invalid argument for SSLClientAuth:
• Message: SSL0332E: Not enough arguments specified for SSLClientAuthGroup.
• Message: SSL0333E: No parse tree created for
o Reason: An error occurred processing the SSLClientAuthRequire directive.
o Solution: Check for other error messages. Enable tracing of Client Authentication by adding the directive SSLClientAuthRequireTraceOn to the configuration file.
• Message: SSL0334E: Function ap_make_table failed processing label
• Message: SSL0337E: OCSP is not supported with this level of GSKit
o Reason: OCSP support requires GSKit 7.0.4.14 or higher
o Solution: Upgrade the level of GSKit on the system to 7.0.4.14 or higher
Handshake messages
This topic contains error messages that might result due to SSL handshake failures and provides solutions to help you troubleshoot these problems.
The following messages display due to handshake failures:
• Message: SSL0200E: Handshake Failed,
.
o Reason: The handshake failed when the SSL library returned an unknown error.
o Solution: Report this problem to Service.
• Message: SSL0201E: Handshake Failed, Internal error - Bad handle.
o Reason: An internal error has occurred.
o Solution: Report this problem to Service.
• Message: SSL0202E: Handshake Failed, The GSK library unloaded.
o Reason: A call to the GSKit function failed because the dynamic link library unloaded (Windows® operating systems only).
o Solution: Shut down the server and restart.
• Message: SSL0203E: Handshake Failed, GSK internal error.
o Reason: The communication between client and the server failed due to an error in the GSKit library.
o Solution: Retry connection from the client. If the error continues, report the problem to Service.
• Message: SSL0204E: Handshake Failed, Internal memory allocation failure.
o Reason: The server could not allocate memory needed to complete the operation.
o Solution: Take action to free up some additional memory. Try reducing the number of threads or processes running, or increasing virtual memory.
• Message: SSL0205E: Handshake Failed, GSK handle is in an invalid state for operation.
o Reason: The SSL state for the connection is invalid.
o Solution: Retry connection from the client. If the error continues, report the problem to Service.
• Message: SSL0206E: Handshake Failed, Key-file label not found
o Reason: The label specified for the SSLServerCert directive was not found in the key database (KDB) file specified for the KeyFile directive.
o Solution: Specify a value for the SSLServerCert directive that corresponds to a personal certificate available in the KDB file specified for the KeyFile directive
• Message: SSL0207E: Handshake Failed, Certificate is not available.
o Reason: The client did not send a certificate.
o Solution: Set client authentication to optional if a client certificate is not required. Contact the client to determine why it is not sending an acceptable certificate.
• Message: SSL0208E: Handshake Failed, Certificate validation error.
o Reason: The received certificate failed one of the validation checks.
o Solution: Use another certificate. Contact Service to determine why the certificate failed validation.
• Message: SSL0209E: Handshake Failed, ERROR processing cryptography.
o Reason: A cryptography error occurred.
o Solution: None. If the problem continues, report it to Service.
• Message: SSL0210E: Handshake Failed, ERROR validating ASN fields in certificate.
o Reason: The server was not able to validate one of the ASN fields in the certificate.
o Solution: Try another certificate.
• Message: SSL0211E: Handshake Failed, ERROR connecting to LDAP server.
o Reason: The Web server failed to connect to the CRL LDAP server.
o Solution: Verify that the values entered for the SSLCRLHostname and SSLCRLPort directives are correct. If access to the CRL LDAP server requires authentication, is the SSLCRLUserID directive coded and was the password added to the stash file pointed to by the SSLStashfile directive.
• Message: SSL0212E: Handshake Failed, Internal unknown error.
o Report problem to Service. Reason: An unknown error has occurred in the SSL library.
o Solution: Report the problem to Service.
• Message: SSL0213E: Handshake Failed, Open failed due to cipher error.
o Reason: An unknown error has occurred in the SSL library.
o Solution: Report the problem to Service.
• Message: SSL0214E: Handshake Failed, I/O error reading key file.
o Reason: The server could not read the key database file.
o Solution: Check file access permissions and verify the Web server user ID is allowed access.
• Message: SSL0215E: Handshake Failed, Key file has an invalid internal format. Recreate key file.
o Reason: Key file has an invalid format.
o Solution: Recreate key file.
• Message: SSL0216E: Handshake Failed, Key file has two entries with the same key. Use IKEYMAN to remove the duplicate key.
o Reason: Two identical keys exist in key file.
o Solution: Use IKEYMAN to remove duplicate key.
• Message: SSL0217E: Handshake Failed, Key file has two entries with the same label. Use IKEYMAN to remove the duplicate label.
o Reason: A second certificate with the same label was placed in the key database file.
o Solution: Use IKEYMAN to remove duplicate label.
• Message: SSL0218E: Handshake failed, Either the key file has become corrupted or the password is incorrect.
o Reason: The key file password is used as an integrity check and the test failed. Either the key database file is corrupted, or the password is incorrect.
o Solution: Use IKEYMAN to stash the key database file password again. If that fails, recreate the key database.
• Message: SSL0219E: SSL Handshake Failed, Either the default key in the keyfile has an expired certificate or the keyfile password expired. Use iKeyman to renew or remove certificates that are expired or to set a new keyfile password.
o Reason: Either the default key in the keyfile has an expired certificate or the keyfile password expired.
o Solution: Use iKeyman to renew or remove certificates that are expired or to set a new keyfile password.
• Message: SSL0220E: Handshake Failed, There was an error loading one of the GSKdynamic link libraries. Be sure GSK was installed correctly.
o Reason: Opening the SSL environment resulted in an error because one of the GSKdynamic link libraries could not load.
o Solution: Contact Support to make sure the GSKit is installed correctly.
• Message: SSL0221E: Handshake Failed, Either the certificate has expired or the system clock is incorrect.
o Reason: Either the certificate expired or the system clock is incorrect.
o Solution: Use the key management utility (iKeyman) to recreate or renew your server certificate or change the system date to a valid date.
• Message: SSL0222W: Handshake failed, no ciphers specified.
o Reason: SSLV2 and SSLV3 are disabled.
o Solution: None. Report this problem to Service.
• Message: SSL0223E: Handshake Failed, No certificate.
o Reason: The client did not send a certificate.
You can also see this message when your keyfile does not have a default certificate specified and you have not specified an SSLServerCert directive. It will pass initialization but fail at connection (handshake) time.
o Solution: Set client authentication to optional if a client certificate is not required. Contact the client to determine why it is not sending a certificate.
• Message: SSL0224E: Handshake failed, Invalid or improperly formatted certificate.
o Reason: The client did not specify a valid certificate.
o Solution: Client problem.
• Message: SSL0225E: Handshake Failed, Unsupported certificate type.
o Reason: The certificate type received from the client is not supported by this version of IBM® HTTP Server SSL.
o Solution: The client must use a different certificate type.
• Message: SSL0226I: Handshake Failed, I/O error during handshake.
o Reason: The communication between the client and the server failed. This is a common error when the client closes the connection before the handshake has completed.
o Solution: Retry the connection from the client.
• Message: SSL0227E: Handshake Failed, Specified label could not be found in the key file.
o Reason: Specified key label is not present in key file.
o Solution: Check that the SSLServerCert directive is correct, if coded, and that the label is valid for one of the keys in the key database.
• Message: SSL0228E: Handshake Failed, Invalid password for key file.
o Reason: The password retrieved from the stash file could not open the key database file.
o Solution: Use IKEYMAN to open the key database file and recreate the password stash file. This problem can also result from a corrupted key database file. Creating a new key database file may resolve the problem.
• Message: SSL0229E: Handshake Failed, Invalid key length for export.
o Reason: In a restricted cryptography environment, the key size is too long to be supported.
o Solution: Select a certificate with a shorter key.
• Message: SSL0230I: Handshake Failed, An incorrectly formatted SSL message was received.
• Message: SSL0231W: Handshake Failed, Could not verify MAC.
o Reason: The communication between the client and the server failed.
o Solution: Retry the connection from the client.
• Message: SSL0232W: Handshake Failed, Unsupported SSL protocol or unsupported certificate type.
o Reason: The communication between the client and the server failed because the client is trying to use a protocol or certificate which the IBM HTTP Server does not support.
o Solution: Retry the connection from the client using an SSL Version 2 or 3, or TLS 1 protocol. Try another certificate.
• Message: SSL0233W: Handshake Failed, Invalid certificate signature.
• Message: SSL0234W: Handshake Failed, The certificate sent by the peer expired or is invalid.
o Reason: The partner did not specify a valid certificate. The server is acting as a reverse proxy to an SSL URL and the _server_ cert could not be validated.
o Solution: Partner problem. If this occurs during an SSL Proxy connection, the remote SSL server sent a bad certificate to IBM HTTP Server. Check the certificate and certificate authority chain at the other end of the SSL connection. For more information, see Securing with SSL communications.
• Message: SSL0235W: Handshake Failed, Invalid peer.
• Message: SSL0236W: Handshake Failed, Permission denied.
• Message: SSL0237W: Handshake Failed, The self-signed certificate is not valid.
• Message: SSL0238E: Handshake Failed, Internal error - read failed.
o Reason: The read failed.
o Solution: None. Report this error to Service.
• Message: SSL0239E: Handshake Failed, Internal error - write failed.
o Reason: The write failed.
o Solution: None. Report this error to Service.
• Message: SSL0240I: Handshake Failed, Socket has been closed.
o Reason: The client closed the socket before the protocol completed.
o Solution: Retry connection between client and server.
• Message: SSL0241E: Handshake Failed, Invalid SSLV2 Cipher Spec.
o Reason: The SSL Version 2 cipher specifications passed into the handshake were invalid.
o Solution: Change the specified Version 2 cipher specs.
• Message: SSL0242E: Handshake Failed, Invalid SSLV3 Cipher Spec.
o Reason: The SSL Version 3 cipher specifications passed into the handshake were invalid.
o Solution: Change the specified Version 3 cipher specs.
• Message: SSL0243E: Handshake Failed, Invalid security type.
o Reason: There was an internal error in the SSL library.
o Solution: Retry the connection from the client. If the error continues, report the problem to Service.
• Message: SSL0245E: Handshake Failed, Internal error - SSL Handle creation failure.
o Reason: There was an internal error in the security libraries.
o Solution: None. Report this problem to Service.
• Message: SSL0246E: Handshake Failed, Internal error - GSK initialization has failed.
o Reason: An error in the security library has caused SSL initialization to fail.
o Solution: None. Report this problem to Service.
• Message: SSL0247E: Handshake Failed, LDAP server not available.
o Reason: Unable to access the specified LDAP directory when validating a certificate.
o Solution: Check that the SSLCRLHostname and SSLCRLPort directives are correct. Make sure the LDAP server is available.
• Message: SSL0248E: Handshake Failed, The specified key did not contain a private key.
o Reason: The key does not contain a private key.
o Solution: Create a new key. If this was an imported key, include the private key when doing the export.
• Message: SSL0249E: Handshake Failed, A failed attempt was made to load the specified PKCS#11 shared library.
o Reason: An error occurred while loading the PKCS#11 shared library.
o Solution: Verify that the PKCS#11 shared library specified in the SSLPKCSDriver directive is valid.
• Message: SSL0250E: Handshake Failed, The PKCS#11 driver failed to find the token label specified by the caller.
o Reason: The specified token was not found on the PKCS#11 device.
o Solution: Check that the token label specified on the SSLServerCert directive is valid for your device.
• Message: SSL0251E: Handshake Failed, A PKCS#11 token is not present for the slot.
o Reason: The PKCS#11 device has not been initialized correctly.
o Solution: Specify a valid slot for the PKCS#11 token or initialize the device.
• Message: SSL0252E: Handshake Failed, The password/pin to access the PKCS#11 token is either not present, or invalid.
o Reason: Specified user password and pin for PKCS#11 token is not present or invalid.
o Solution: Check that the correct password was stashed using the SSLStash utility and that the SSLStashfile directive is correct.
• Message: SSL0253E: Handshake Failed, The SSL header received was not a properly SSLV2 formatted header.
o Reason: The data received during the handshake does not conform to the SSLV2 protocol.
o Solution: Retry connection between client and server. Verify that the client is using HTTPS.
• Message: SSL0254E: Internal error - I/O failed, buffer size invalid.
o Reason: The buffer size in the call to the I/O function is zero or negative.
o Solution: None. Report this problem to Service.
• Message: SSL0255E: Handshake Failed, Operation would block.
o Reason: The I/O failed because the socket is in non-blocking mode.
o Solution: None. Report this problem to Service.
• Message: SSL0256E: Internal error - SSLV3 is required for reset_cipher, and the connection uses SSLV2.
o Reason: A reset_cipher function was attempted on an SSLV2 connection.
o Solution: None. Report this problem to Service.
• Message: SSL0257E: Internal error - An invalid ID was specified for the gsk_secure_soc_misc function call.
o Reason: An invalid value was passed to the gsk_secure_soc_misc function.
o Solution: None. Report this problem to Service.
• Message: SSL0258E: Handshake Failed, The function call, , has an invalid ID.
o Reason: An invalid function ID was passed to the specified function.
o Solution: None. Report this problem to Service.
• Message: SSL0259E: Handshake Failed, Internal error - The attribute has a negative length in: .
o Reason: The length value passed to the function is negative, which is invalid.
o Solution: None. Report this problem to Service.
• Message: SSL0260E: Handshake Failed, The enumeration value is invalid for the specified enumeration type in: .
o Reason: The function call contains an invalid function ID.
o Solution: None. Report this problem to Service.
• Message: SSL0261E: Handshake Failed, The SID cache is invalid: .
o Reason: The function call contains an invalid parameter list for replacing the SID cache routines.
o Solution: None. Report this problem to Service.
• Message: SSL0262E: Handshake Failed, The attribute has an invalid numeric value: .
o Reason: The function call contains an invalid value for the attribute being set.
o Solution: None. Report this problem to Service.
• Message: SSL0263W: SSL Connection attempted when SSL did not initialize.
o Reason: A connection was received on an SSL-enabled virtual host but it could not be completed because there was an error during SSL initialization.
o Solution: Check for an error message during startup and correct that problem.
• Message: SSL0264E: Failure obtaining Cert data for label .
o Reason: A GSKit error prevented the server certificate information from being retrieved.
o Solution: Check for a previous error message with additional information.
• Message: SSL0265W: Client did not supply a certificate.
o Reason: A client who connected failed to send a client certificate and the server is configured to require a certificate.
o Solution: Nothing on the server side.
• Message: SSL0266E: Handshake failed.
o Reason: Could not establish SSL proxy connection.
o Solution: IBM HTTP Server could not establish a proxy connection to a remote server using SSL.
• Message: SSL0267E: SSL Handshake failed.
o Reason: Timeout on network operation during handshake.
o Solution: Check client connectivity, adjust TimeOuts.
• Message: SSL0270I: SSL Handshake Failed, Timeout (dd seconds) occurred before any data received.
o Reason: A connection was received on an SSL port, but no data was received from the client before the timeout expired.
o Solution: If the timeout (set by the Timeout directive) has been reduced from the default value, verify that it is reasonable. If the message occurs intermittently, it is probably normal, due to things like users cancelling page loads and browser or system crashes. If the message occurs in bursts, it might indicate a denial of service attack in progress.
• Message: SSL0271I: SSL Handshake Failed, client closed connection without sending any data.
o Reason: A connection was received on an SSL port, but the client closed the connection without beginning the handshake.
o Solution: If the timeout (set by the Timeout directive) has been reduced from the default value, verify that it is reasonable. If the message occurs intermittently, it is probably normal, due to things like users cancelling page loads and browser or system crashes. If the message occurs in bursts, it might indicate a denial of service attack in progress.
• Message: SSL0272I: SSL Handshake Failed, I/O error before any data received.
o Reason: A connection was received on an SSL port, but a network error broke the connection before any data was received from the client.
o Solution: If the message occurs intermittently, it is probably normal, due to things like users cancelling page loads and browser or system crashes. If the message occurs in bursts, it might indicate a denial of service attack in progress.
• Message: SSL0273I: Non-SSL request received on connection configured for SSL
o Reason: A connection was received on an SSL port, but the data received was not SSL, and looked like a normal non-SSL request.
o Solution: Verify that the port in question is intended to be configured for SSL. Look for bad links to the page in question that should use https:, but instead use http:.
SSL initialization messages
This topic contains error messages that might result due to SSL initialization problems and provides solutions to help you troubleshoot these problems.
The following messages display as a result of initialization problems:
• Message: SSL0100E: GSK could not initialize,
o Reason: Initialization failed when the SSL library returned an unknown error.
o Solution: None. Report this problem to Service.
• Message: SSL0101E: GSK could not initialize, Neither the password nor the stash file name was specified. Could not open key file.
o Reason: The stash file for the key database could not be found or is corrupted.
o Solution: Use IKEYMAN to open the key database file and recreate the password stash file.
• Message: SSL0102E: GSK could not initialize, Could not open key file.
o Reason: The server could not open the key database file.
o Solution: Check that the Keyfile directive is correct and that the file permissions allow the Web server user ID to access the file.
• Message: SSL0103E: Internal error - GSK could not initialize, Unable to generate a temporary key pair.
o Reason: GSK could not initialize; Unable to generate a temporary key pair.
o Solution: Report this problem to Service.
• Message: SSL0104E: GSK could not initialize, Invalid password for key file.
o Reason: The password retrieved from the stash file could not open the key database file.
o Solution: Use IKEYMAN to open the key database file and recreate the password stash file. This problem could also result from a corrupted key database file. Creating a new key database file may resolve the problem.
• Message: SSL0105E: GSK could not initialize, Invalid label.
o Reason: Specified key label is not present in key file.
o Solution: Check that the SSLServerCert directive is correct, if coded, and that the label is valid for one of the keys in the key database.
• Message: SSL0106E: Initialization error, Internal error - Bad handle
o Reason: An internal error has occurred.
o Solution: Report this problem to Service.
• Message: SSL0107E: Initialization error, The GSK library unloaded.
o Reason: A call to the GSKit function failed because the dynamic link library unloaded (Windows® only).
o Solution: Shut down the server and restart.
• Message: SSL0108E: Initialization error, GSK internal error.
o Reason: The communication between client and the server failed due to an error in the GSKit library.
o Solution: Retry connection from the client. If the error continues, report the problem to Service.
• Message: SSL0109E: GSK could not initialize, Internal memory allocation failure.
o Reason: The server could not allocate memory needed to complete the operation.
o Solution: Take action to free up some additional memory. Try reducing the number of threads or processes running, or increasing virtual memory.
• Message :SSL0110E: Initialization error, GSK handle is in an invalid state for operation.
o Reason: The SSL state for the connection is invalid.
o Solution: Retry connection from the client. If the error continues, report the problem to Service.
• Message: SSL0111E: Initialization error, Key file label not found.
o Reason: Certificate or key label specified was not valid.
o Solution: Verify that the certificate name specified with the SSLServerCert directive is correct or, if no SSLServerCert directive was coded, that a default certificate exists in the key database.
• Message: SSL0112E: Initialization error, Certificate is not available.
o Reason: The client did not send a certificate.
o Solution: Set Client Authentication to optional if a client certificate is not required. Contact the client to determine why it is not sending an acceptable certificate.
• Message: SSL0113E: Initialization error, Certificate validation error.
o Reason: The received certificate failed one of the validation checks.
o Solution: Use another certificate. Contact Service to determine why the certificate failed validation.
• Message: SSL0114E: Initialization error, Error processing cryptography.
o Reason: A cryptography error occurred.
o Solution: None. If the problem continues, report it to Service.
• Message: SSL0115E: Initialization error, Error validating ASN fields in certificate.
o Reason: The server was not able to validate one of the ASN fields in the certificate.
o Solution: Try another certificate.
• Message: SSL0116E: Initialization error, Error connecting to LDAP server.
o Reason: The Web server failed to connect to the CRL LDAP server.
o Solution: Verify that the values entered for the SSLCRLHostname and SSLCRLPort directives are correct. If access to the CRL LDAP server requires authentication, is the SSLCRLUserID directive coded and was the password added to the stash file pointed to by the SSLStashfile directive.
• Message: SSL0117E: Initialization error, Internal unknown error. Report problem to service.
o Reason: Initialization error, Internal unknown error. Report problem to service.
o Solution: Initialization error, Internal unknown error. Report problem to service.
• Message: SSL0118E: Initialization error, Open failed due to cipher error.
o Reason: Report problem to service.
o Solution: Report problem to service.
• Message: SSL0119E: Initialization error, I/O error reading keyfile.
o Reason: I/O error trying to read SSL keyfile.
o Solution: Check the file permissions for keyfile.
• Message: SSL0120E: Initialization error, Keyfile has and invalid internal format. Recreate keyfile.
o Reason: Initialization error, the keyfile has an invalid internal format. Recreate the keyfile.
o Solution: Verify the keyfile is not corrupted.
• Message: SSL0121E: Initialization error, Keyfile has two entries with the same key. Use Ikeyman to remove the duplicate key.
o Reason: The keyfile has two entries with the same key. Use Ikeyman to remove the duplicate key.
o Solution: Use Ikeyman to remove the duplicate key.
• Message: SSL0122E: Initialization error, Keyfile has two entries with the same label. Use Ikeyman to remove the duplicate label.
o Reason: The keyfile has two entries with the same label. Use Ikeyman to remove the duplicate label.
o Solution: Use Ikeyman to remove the duplicate label.
• Message: SSL0123E: Initialization error, The keyfile password is used as an integrity check. Either the keyfile has become corrupted or the password is incorrect.
o Reason: The keyfile password is used as an integrity check. Either the keyfile has become corrupted or the password is incorrect.
o Solution: Use Ikeyman to verify that the keyfile is valid, check permissions on the stash file, verify passwords.
• Message: SSL0124E: SSL Handshake Failed, Either the default key in the keyfile has an expired certificate or the keyfile password expired. Use iKeyman to renew or remove certificates that are expired or to set a new keyfile password.
o Reason: Either the default key in the keyfile has an expired certificate or the keyfile password expired.
o Solution: Use iKeyman to renew or remove certificates that are expired or to set a new keyfile password.
• Message: SSL0125E: Initialization error, There was an error loading one of the GSK dynamic link libraries. Be sure GSK is installed correctly.
o Reason: There was an error loading one of the GSK dynamic link libraries. Be sure GSK is installed correctly.
o Solution: Verify GSK is installed and appropriate level for release of IBM® HTTP Server.
• Message: SSL0126E: Handshake Failed, Either the certificate has expired or the system clock is incorrect.
o Reason: Either the certificate expired or the system clock is incorrect.
o Solution: Use the key management utility (iKeyman) to recreate or renew your server certificate or change the system date to a valid date.
• Message: SSL0127E: Initialization error, No ciphers specified.
o Reason: Initialization error, no ciphers specified.
o Solution: Report problem to service.
• Message: SSL0128E: Initialization error, Either the certificate expired or the system clock is incorrect.
o Reason: Initialization error, no certificate.
o Solution: Report problem to service.
• Message: SSL0129E: Initialization error, The received certificate was formatted incorrectly.
o Reason: The received certificate is formatted incorrectly.
o Solution: Use Ikeyman to validate certificates used for connection.
• Message: SSL0130E: Initialization error, Unsupported certificate type.
o Reason: Unsupported certificate type.
o Solution: Check certificates that are used for this connection in Ikeyman.
• Message: SSL0131I: Initialization error, I/O error during handshake.
o Reason: I/O error during handshake.
o Solution: Check network connectivity.
• Message: SSL0132E: Initialization error, Invalid key length for export.
o Reason: Invalid key length for export.
o Solution: Report problem to service.
• Message: SSL0133W: Initialization error, An incorrectly formatted SSL message was received.
o Reason: An incorrectly formatted SSL message was received.
o Solution: Check client settings.
• Message: SSL0134W: Initialization error, Could not verify MAC.
o Reason: Could not verify MAC.
o Solution: Report problem to service.
• Message: SSL0135W: Initialization error, Unsupported SSL protocol or unsupported certificate type.
o Reason: Unsupported SSL protocol or unsupported certificate type.
o Solution: Check server ciphers and certificate settings.
• Message: SSL0136W: Initialization error, Invalid certificate signature.
o Reason: Invalid certificate signature.
o Solution: Check certificate in Ikeyman.
• Message: SSL0137W: Initialization error, Invalid certificate sent by partner.
o Reason: Invalid certificate sent by partner.
o Solution: If this occurs during an SSL Proxy connection, the remote SSL server sent a bad certificate to IBM HTTP Server. Check the certificate and certificate authority chain at the other end of the SSL connection.
• Message: SSL0138W: Initialization error, Invalid peer.
o Reason: Invalid peer.
o Solution: Report problem to service.
• Message: SSL0139W: Initialization error, Permission denied. Distributed Platforms
o Reason: Permission denied.
o Solution: Report problem to service.
z/os
o Reason: If a System Authorization Facility (SAF) SSL keyring is in use, the current user ID is not authorized to read the keyring.
o Solution: See the information about access to SAF keyrings in Performing required z/OS system configurations
• Message: SSL0140W: Initialization error, The self-signed certificate is not valid.
o Reason: The self-signed certificate is not valid.
o Solution: Check the certificate in Ikeyman.
• Message: SSL0141E: Initialization error, Internal error - read failed.
o Reason: Internal error - read failed.
o Solution: Report to service.
• Message: SSL0142E: Initialization error, Internal error - write failed.
o Reason: Internal error - write failed.
o Solution: Report to service.
• Message: SSL0143I: Initialization error, Socket has been closed.
o Reason: Socket has been closed unexpectedly.
o Solution: Check the client and network. Report problem to service.
• Message: SSL0144E: Initialization error, Invalid SSLV2 Cipher Spec.
o Reason: Invalid SSLV2 cipher spec.
o Solution: Check the SSLCipherSpec directive.
• Message: SSL0145E: Initialization error, Invalid SSLV3 Cipher Spec.
o Reason: Invalid SSLV3 Cipher Spec.
o Solution: Check the SSLCipherSpec directive.
• Message: SSL0146E: Initialization error, Invalid security type.
o Reason: Invalid security type.
o Solution: Report to service.
• Message: SSL0147E: Initialization error, Invalid security type combination.
o Reason: Invalid security type combination.
o Solution: Report to service.
• Message: SSL0148E: Initialization error, Internal error - SSL Handle creation failure.
o Reason: Internal error - SSL handle creation failure.
o Solution: Report to service.
• Message: SSL0149E: Initialization error, Internal error - GSK initialization has failed.
o Reason: Internal error - GSK initialization has failed.
o Solution: Report to service.
• Message: SSL0150E: Initialization error, LDAP server not available.
o Reason: LDAP server not available.
o Solution: Check CRL directives.
• Message: SSL0151E: Initialization error, The specified key did not contain a private key.
o Reason: The specified key did not contain a private key.
o Solution: Check the certificate in use in Ikeyman.
• Message: SSL0152E: Initialization error, A failed attempt was made to load the specified PKCS#11 shared library.
o Reason: A failed attempt was made to load the specified PKCS#11 shared library.
o Solution: Check SSLPKCSDriver directive and file system.
• Message: SSL0153E: Initialization error, The PKCS#11 driver failed to find the token specified by the caller.
o Reason: The PKCS#11 driver failed to find the token specified by the caller.
• Message: SSL0154E: Initialization error, A PKCS#11 token is not present for the slot.
o Reason: A PKCS#11 token is not present for the slot.
o Solution: Verify PKCS#11 directives.
• Message: SSL0155E: Initialization error, The password/pin to access the PKCS#11 token is invalid.
o Reason: The password and pin to access the PKCS#11 token is invalid.
• Message: SSL0156E: Initialization error, The SSL header received was not a properly SSLV2 formatted header.
o Reason: The SSL header received was not a properly SSLV2 formatted header.
• Message: SSL0157E: Initialization error, The function call, %s, has an invalid ID.
o Reason: The function call, %s, has an invalid ID.
o Solution: Report problem to service.
• Message: SSL0158E: Initialization error, Internal error - The attribute has a negative length: %s.
o Reason: Internal error - The attribute has a negative length.
o Solution: Report problem to service.
• Message: SSL0159E: Initialization error, The enumeration value is invalid for the specified enumeration type: %s.
o Reason: The enumeration value is invalid for the specified enumeration type: %s.
o Solution: Report problem to service.
• Message: SSL0160E: Initialization error, The SID cache is invalid: %s.
o Reason: The SID cache is invalid.
o Solution: Report problem to service.
• Message: SSL0161E: Initialization error, The attribute has an invalid numeric value: %s.
o Reason: The attribute has an invalid numeric value: %s.
o Solution: Check SSL directives.
• Message: SSL0162W: Setting the LD_LIBRARY_PATH or LIBPATH for GSK failed.
o Reason: Could not update the environment for GSK libraries.
o Solution: Report problem to service.
• Message: SSL0163W: Setting the LIBPATH for GSK failed, could not append /usr/opt/ibm/gskkm/lib.
o Reason: Could not append to LD_LIBRARY_PATH or LIBPATH for GSK failed.
o Solution: Report problem to service.
• Message: SSL0164W: Error accessing Registry, RegOpenKeyEx/RegQueryValueEx returned [%d].
o Reason: Error accessing registry.
o Solution: Check GSK installation and windows registry.
• Message: SSL0165W: Storage allocation failed.
o Reason: Storage allocation failed.
o Solution: Check memory usage, report problem to service.
• Message: SSL0166E: Failure attempting to load GSK library.
o Reason: Failure while attempting to load GSK library.
o Solution: Check the GSK installation.
• Message: SSL0167E: GSK function address undefined.
o Reason: GSK function address is undefined.
o Solution: Check the GSK installation and level.
• Message: SSL0168E: SSL initialization for server: %s, port: %u failed due to a configuration error.
o Reason: Iinitialization for server: %s, port: %u failed due to a configuration error.
o Solution: Check the SSL configuration.
• Message: SSL0169E: Keyfile does not exist: %s.
o Reason: Keyfile does not exist.
o Solution: Check to ensure the path that is provided to the KeyFile directive exists, and is readable by the user that IBM HTTP Server is running as.
• Message: SSL0170E: GSK could not initialize, no keyfile specified.
o Reason: Keyfile is not specified.
o Solution: Specify Keyfile directive.
• Message: SSL0171E: CRL cannot be specified as an option for the SSLClientAuth directive on HPUX because the IBM HTTP Server does not support CRL on HPUX.
o Reason: CRL cannot be specified as an option for the SSLClientAuth directive on HPUX because IBM HTTP Server does not support CRL on HPUX.
o Solution: Remove CRL directives.
• Message: SSL0172E: If CRL is turned on, you must specify an LDAP hostname for the SSLCRLHostname directive.
o Reason: If CRL is turned on, you must specify an LDAP hostname for the SSLCRLHostname directive.
o Solution: Specify SSLCRLHostname.
• Message: SSL0173E: Failure obtaining supported cipher specs from the GSK library.
o Reason: Failure obtaining supported cipher specs from the GSK library.
o Solution: Check the GSK installation, report problem to service.
• Message: SSL0174I: No CRL password found in the stash file: %s.
o Reason: No CRL password is found in the stash file: %s.
o Solution: Check the stash file permissions, regenerate stash file.
• Message: SSL0174I: No CRYPTO password found in the stash file: %s.
o Reason: No CRYPTO password is found in the stash file: %s.
o Solution: Check stash file permissions, regenerate stash file.
• Message: SSL0175E: fopen failed for stash file: %s.
o Reason: fopen failed for stash file.
o Solution: Check stash file permissions, regenerate stash file.
• Message: SSL0176E: fread failed for the stash file: %s.
o Reason: fread failed for the stash file.
o Solution: Make sure the stash file is readable by user IBM HTTP Server is running as.
• Message: SSL0179E: Unknown return code from stash_recover(), %d.
o Reason: Unknown return code from stash_recover(), %d.
o Solution: Check the stash file.
• Message: SSL0181E: Unable to fork for startup of session ID cache.
o Reason: Unable to fork for startup of session ID cache.
o Solution: Check the location of sidd daemon, file permissions.
• Message: SSL0182E: Error creating file mapped memory for SSL passwords.
o Reason: Error creating file mapped memory for SSL passwords.
o Solution: Report problem to service.
• Message: SSL0183E: Exceeded map memory limits.
o Reason: Exceeded map memory limits.
o Solution: Report problem to service.
• Message: SSL0184E: Could not find a password for the resource: %s.
o Reason: SSL0184E: Could not find a password for the resource: %s.
o Solution: Report problem to service, disable password prompting.
• Message: SSL0185E: ssl_getpwd() failed, unable to obtain memory.
o Reason: ssl_getpwd() failed, unable to obtain memory.
o Solution: Report problem to service, disable password prompting.
• Message: SSL0186E: Linked list mismatch.
o Reason: SSL0186E: Linked list mismatch.
o Solution: Report problem to service, disable password prompting.
• Message: SSL0186E: ssl_getpwd() failed, password exceeded maximum size of 4095.
o Reason: ssl_getpwd() failed, password exceeded the maximum size of 4095.
o Solution: The password must be smaller than 4K.
• Message: SSL0187E: It is invalid to enable password prompting for the SSLServerCert directive without specifying a Crypto Card Token.
o Reason: It is invalid to enable password prompting for the SSLServerCert directive without specifying a crypto card token.
o Solution: Specify a crypto card token or disable password prompting for the SSLServerCert directive.
• Message: SSL0188E: SSL initialization for server: %s, port: %u failed. SSL timeouts cannot be set in a virtualhost when the SSLCacheDisable directive has not been specified globally.
o Reason: When the SSL session cache is being used, only the global timeout settings apply because they are managed by the external session cache daemon. See information about the SSLCacheDisable and SSLCacheEnable directives in the information center topic entitled SSL directives.
o Solution: If separate SSL timeouts are required, disable use of the session ID cache (SSLCacheDisable), otherwise make sure the SSLV3Timeout and SSLV2Timeout directives are only set in the global scope.
SSL initialization messages
This topic contains error messages that might result due to SSL initialization problems and provides solutions to help you troubleshoot these problems.
The following messages display as a result of initialization problems:
• Message: SSL0100E: GSK could not initialize,
o Reason: Initialization failed when the SSL library returned an unknown error.
o Solution: None. Report this problem to Service.
• Message: SSL0101E: GSK could not initialize, Neither the password nor the stash file name was specified. Could not open key file.
o Reason: The stash file for the key database could not be found or is corrupted.
o Solution: Use IKEYMAN to open the key database file and recreate the password stash file.
• Message: SSL0102E: GSK could not initialize, Could not open key file.
o Reason: The server could not open the key database file.
o Solution: Check that the Keyfile directive is correct and that the file permissions allow the Web server user ID to access the file.
• Message: SSL0103E: Internal error - GSK could not initialize, Unable to generate a temporary key pair.
o Reason: GSK could not initialize; Unable to generate a temporary key pair.
o Solution: Report this problem to Service.
• Message: SSL0104E: GSK could not initialize, Invalid password for key file.
o Reason: The password retrieved from the stash file could not open the key database file.
o Solution: Use IKEYMAN to open the key database file and recreate the password stash file. This problem could also result from a corrupted key database file. Creating a new key database file may resolve the problem.
• Message: SSL0105E: GSK could not initialize, Invalid label.
o Reason: Specified key label is not present in key file.
o Solution: Check that the SSLServerCert directive is correct, if coded, and that the label is valid for one of the keys in the key database.
• Message: SSL0106E: Initialization error, Internal error - Bad handle
o Reason: An internal error has occurred.
o Solution: Report this problem to Service.
• Message: SSL0107E: Initialization error, The GSK library unloaded.
o Reason: A call to the GSKit function failed because the dynamic link library unloaded (Windows® only).
o Solution: Shut down the server and restart.
• Message: SSL0108E: Initialization error, GSK internal error.
o Reason: The communication between client and the server failed due to an error in the GSKit library.
o Solution: Retry connection from the client. If the error continues, report the problem to Service.
• Message: SSL0109E: GSK could not initialize, Internal memory allocation failure.
o Reason: The server could not allocate memory needed to complete the operation.
o Solution: Take action to free up some additional memory. Try reducing the number of threads or processes running, or increasing virtual memory.
• Message :SSL0110E: Initialization error, GSK handle is in an invalid state for operation.
o Reason: The SSL state for the connection is invalid.
o Solution: Retry connection from the client. If the error continues, report the problem to Service.
• Message: SSL0111E: Initialization error, Key file label not found.
o Reason: Certificate or key label specified was not valid.
o Solution: Verify that the certificate name specified with the SSLServerCert directive is correct or, if no SSLServerCert directive was coded, that a default certificate exists in the key database.
• Message: SSL0112E: Initialization error, Certificate is not available.
o Reason: The client did not send a certificate.
o Solution: Set Client Authentication to optional if a client certificate is not required. Contact the client to determine why it is not sending an acceptable certificate.
• Message: SSL0113E: Initialization error, Certificate validation error.
o Reason: The received certificate failed one of the validation checks.
o Solution: Use another certificate. Contact Service to determine why the certificate failed validation.
• Message: SSL0114E: Initialization error, Error processing cryptography.
o Reason: A cryptography error occurred.
o Solution: None. If the problem continues, report it to Service.
• Message: SSL0115E: Initialization error, Error validating ASN fields in certificate.
o Reason: The server was not able to validate one of the ASN fields in the certificate.
o Solution: Try another certificate.
• Message: SSL0116E: Initialization error, Error connecting to LDAP server.
o Reason: The Web server failed to connect to the CRL LDAP server.
o Solution: Verify that the values entered for the SSLCRLHostname and SSLCRLPort directives are correct. If access to the CRL LDAP server requires authentication, is the SSLCRLUserID directive coded and was the password added to the stash file pointed to by the SSLStashfile directive.
• Message: SSL0117E: Initialization error, Internal unknown error. Report problem to service.
o Reason: Initialization error, Internal unknown error. Report problem to service.
o Solution: Initialization error, Internal unknown error. Report problem to service.
• Message: SSL0118E: Initialization error, Open failed due to cipher error.
o Reason: Report problem to service.
o Solution: Report problem to service.
• Message: SSL0119E: Initialization error, I/O error reading keyfile.
o Reason: I/O error trying to read SSL keyfile.
o Solution: Check the file permissions for keyfile.
• Message: SSL0120E: Initialization error, Keyfile has and invalid internal format. Recreate keyfile.
o Reason: Initialization error, the keyfile has an invalid internal format. Recreate the keyfile.
o Solution: Verify the keyfile is not corrupted.
• Message: SSL0121E: Initialization error, Keyfile has two entries with the same key. Use Ikeyman to remove the duplicate key.
o Reason: The keyfile has two entries with the same key. Use Ikeyman to remove the duplicate key.
o Solution: Use Ikeyman to remove the duplicate key.
• Message: SSL0122E: Initialization error, Keyfile has two entries with the same label. Use Ikeyman to remove the duplicate label.
o Reason: The keyfile has two entries with the same label. Use Ikeyman to remove the duplicate label.
o Solution: Use Ikeyman to remove the duplicate label.
• Message: SSL0123E: Initialization error, The keyfile password is used as an integrity check. Either the keyfile has become corrupted or the password is incorrect.
o Reason: The keyfile password is used as an integrity check. Either the keyfile has become corrupted or the password is incorrect.
o Solution: Use Ikeyman to verify that the keyfile is valid, check permissions on the stash file, verify passwords.
• Message: SSL0124E: SSL Handshake Failed, Either the default key in the keyfile has an expired certificate or the keyfile password expired. Use iKeyman to renew or remove certificates that are expired or to set a new keyfile password.
o Reason: Either the default key in the keyfile has an expired certificate or the keyfile password expired.
o Solution: Use iKeyman to renew or remove certificates that are expired or to set a new keyfile password.
• Message: SSL0125E: Initialization error, There was an error loading one of the GSK dynamic link libraries. Be sure GSK is installed correctly.
o Reason: There was an error loading one of the GSK dynamic link libraries. Be sure GSK is installed correctly.
o Solution: Verify GSK is installed and appropriate level for release of IBM® HTTP Server.
• Message: SSL0126E: Handshake Failed, Either the certificate has expired or the system clock is incorrect.
o Reason: Either the certificate expired or the system clock is incorrect.
o Solution: Use the key management utility (iKeyman) to recreate or renew your server certificate or change the system date to a valid date.
• Message: SSL0127E: Initialization error, No ciphers specified.
o Reason: Initialization error, no ciphers specified.
o Solution: Report problem to service.
• Message: SSL0128E: Initialization error, Either the certificate expired or the system clock is incorrect.
o Reason: Initialization error, no certificate.
o Solution: Report problem to service.
• Message: SSL0129E: Initialization error, The received certificate was formatted incorrectly.
o Reason: The received certificate is formatted incorrectly.
o Solution: Use Ikeyman to validate certificates used for connection.
• Message: SSL0130E: Initialization error, Unsupported certificate type.
o Reason: Unsupported certificate type.
o Solution: Check certificates that are used for this connection in Ikeyman.
• Message: SSL0131I: Initialization error, I/O error during handshake.
o Reason: I/O error during handshake.
o Solution: Check network connectivity.
• Message: SSL0132E: Initialization error, Invalid key length for export.
o Reason: Invalid key length for export.
o Solution: Report problem to service.
• Message: SSL0133W: Initialization error, An incorrectly formatted SSL message was received.
o Reason: An incorrectly formatted SSL message was received.
o Solution: Check client settings.
• Message: SSL0134W: Initialization error, Could not verify MAC.
o Reason: Could not verify MAC.
o Solution: Report problem to service.
• Message: SSL0135W: Initialization error, Unsupported SSL protocol or unsupported certificate type.
o Reason: Unsupported SSL protocol or unsupported certificate type.
o Solution: Check server ciphers and certificate settings.
• Message: SSL0136W: Initialization error, Invalid certificate signature.
o Reason: Invalid certificate signature.
o Solution: Check certificate in Ikeyman.
• Message: SSL0137W: Initialization error, Invalid certificate sent by partner.
o Reason: Invalid certificate sent by partner.
o Solution: If this occurs during an SSL Proxy connection, the remote SSL server sent a bad certificate to IBM HTTP Server. Check the certificate and certificate authority chain at the other end of the SSL connection.
• Message: SSL0138W: Initialization error, Invalid peer.
o Reason: Invalid peer.
o Solution: Report problem to service.
• Message: SSL0139W: Initialization error, Permission denied.
o Reason: Permission denied.
o Solution: Report problem to service.
o Reason: If a System Authorization Facility (SAF) SSL keyring is in use, the current user ID is not authorized to read the keyring.
o Solution: See the information about access to SAF keyrings in Performing required z/OS system configurations
• Message: SSL0140W: Initialization error, The self-signed certificate is not valid.
o Reason: The self-signed certificate is not valid.
o Solution: Check the certificate in Ikeyman.
• Message: SSL0141E: Initialization error, Internal error - read failed.
o Reason: Internal error - read failed.
o Solution: Report to service.
• Message: SSL0142E: Initialization error, Internal error - write failed.
o Reason: Internal error - write failed.
o Solution: Report to service.
• Message: SSL0143I: Initialization error, Socket has been closed.
o Reason: Socket has been closed unexpectedly.
o Solution: Check the client and network. Report problem to service.
• Message: SSL0144E: Initialization error, Invalid SSLV2 Cipher Spec.
o Reason: Invalid SSLV2 cipher spec.
o Solution: Check the SSLCipherSpec directive.
• Message: SSL0145E: Initialization error, Invalid SSLV3 Cipher Spec.
o Reason: Invalid SSLV3 Cipher Spec.
o Solution: Check the SSLCipherSpec directive.
• Message: SSL0146E: Initialization error, Invalid security type.
o Reason: Invalid security type.
o Solution: Report to service.
• Message: SSL0147E: Initialization error, Invalid security type combination.
o Reason: Invalid security type combination.
o Solution: Report to service.
• Message: SSL0148E: Initialization error, Internal error - SSL Handle creation failure.
o Reason: Internal error - SSL handle creation failure.
o Solution: Report to service.
• Message: SSL0149E: Initialization error, Internal error - GSK initialization has failed.
o Reason: Internal error - GSK initialization has failed.
o Solution: Report to service.
• Message: SSL0150E: Initialization error, LDAP server not available.
o Reason: LDAP server not available.
o Solution: Check CRL directives.
• Message: SSL0151E: Initialization error, The specified key did not contain a private key.
o Reason: The specified key did not contain a private key.
o Solution: Check the certificate in use in Ikeyman.
• Message: SSL0152E: Initialization error, A failed attempt was made to load the specified PKCS#11 shared library.
o Reason: A failed attempt was made to load the specified PKCS#11 shared library.
o Solution: Check SSLPKCSDriver directive and file system.
• Message: SSL0153E: Initialization error, The PKCS#11 driver failed to find the token specified by the caller.
o Reason: The PKCS#11 driver failed to find the token specified by the caller.
• Message: SSL0154E: Initialization error, A PKCS#11 token is not present for the slot.
o Reason: A PKCS#11 token is not present for the slot.
o Solution: Verify PKCS#11 directives.
• Message: SSL0155E: Initialization error, The password/pin to access the PKCS#11 token is invalid.
o Reason: The password and pin to access the PKCS#11 token is invalid.
• Message: SSL0156E: Initialization error, The SSL header received was not a properly SSLV2 formatted header.
o Reason: The SSL header received was not a properly SSLV2 formatted header.
• Message: SSL0157E: Initialization error, The function call, %s, has an invalid ID.
o Reason: The function call, %s, has an invalid ID.
o Solution: Report problem to service.
• Message: SSL0158E: Initialization error, Internal error - The attribute has a negative length: %s.
o Reason: Internal error - The attribute has a negative length.
o Solution: Report problem to service.
• Message: SSL0159E: Initialization error, The enumeration value is invalid for the specified enumeration type: %s.
o Reason: The enumeration value is invalid for the specified enumeration type: %s.
o Solution: Report problem to service.
• Message: SSL0160E: Initialization error, The SID cache is invalid: %s.
o Reason: The SID cache is invalid.
o Solution: Report problem to service.
• Message: SSL0161E: Initialization error, The attribute has an invalid numeric value: %s.
o Reason: The attribute has an invalid numeric value: %s.
o Solution: Check SSL directives.
• Message: SSL0162W: Setting the LD_LIBRARY_PATH or LIBPATH for GSK failed.
o Reason: Could not update the environment for GSK libraries.
o Solution: Report problem to service.
• Message: SSL0163W: Setting the LIBPATH for GSK failed, could not append /usr/opt/ibm/gskkm/lib.
o Reason: Could not append to LD_LIBRARY_PATH or LIBPATH for GSK failed.
o Solution: Report problem to service.
• Message: SSL0164W: Error accessing Registry, RegOpenKeyEx/RegQueryValueEx returned [%d].
o Reason: Error accessing registry.
o Solution: Check GSK installation and windows registry.
• Message: SSL0165W: Storage allocation failed.
o Reason: Storage allocation failed.
o Solution: Check memory usage, report problem to service.
• Message: SSL0166E: Failure attempting to load GSK library.
o Reason: Failure while attempting to load GSK library.
o Solution: Check the GSK installation.
• Message: SSL0167E: GSK function address undefined.
o Reason: GSK function address is undefined.
o Solution: Check the GSK installation and level.
• Message: SSL0168E: SSL initialization for server: %s, port: %u failed due to a configuration error.
o Reason: Iinitialization for server: %s, port: %u failed due to a configuration error.
o Solution: Check the SSL configuration.
• Message: SSL0169E: Keyfile does not exist: %s.
o Reason: Keyfile does not exist.
o Solution: Check to ensure the path that is provided to the KeyFile directive exists, and is readable by the user that IBM HTTP Server is running as.
• Message: SSL0170E: GSK could not initialize, no keyfile specified.
o Reason: Keyfile is not specified.
o Solution: Specify Keyfile directive.
• Message: SSL0171E: CRL cannot be specified as an option for the SSLClientAuth directive on HPUX because the IBM HTTP Server does not support CRL on HPUX.
o Reason: CRL cannot be specified as an option for the SSLClientAuth directive on HPUX because IBM HTTP Server does not support CRL on HPUX.
o Solution: Remove CRL directives.
• Message: SSL0172E: If CRL is turned on, you must specify an LDAP hostname for the SSLCRLHostname directive.
o Reason: If CRL is turned on, you must specify an LDAP hostname for the SSLCRLHostname directive.
o Solution: Specify SSLCRLHostname.
• Message: SSL0173E: Failure obtaining supported cipher specs from the GSK library.
o Reason: Failure obtaining supported cipher specs from the GSK library.
o Solution: Check the GSK installation, report problem to service.
• Message: SSL0174I: No CRL password found in the stash file: %s.
o Reason: No CRL password is found in the stash file: %s.
o Solution: Check the stash file permissions, regenerate stash file.
• Message: SSL0174I: No CRYPTO password found in the stash file: %s.
o Reason: No CRYPTO password is found in the stash file: %s.
o Solution: Check stash file permissions, regenerate stash file.
• Message: SSL0175E: fopen failed for stash file: %s.
o Reason: fopen failed for stash file.
o Solution: Check stash file permissions, regenerate stash file.
• Message: SSL0176E: fread failed for the stash file: %s.
o Reason: fread failed for the stash file.
o Solution: Make sure the stash file is readable by user IBM HTTP Server is running as.
• Message: SSL0179E: Unknown return code from stash_recover(), %d.
o Reason: Unknown return code from stash_recover(), %d.
o Solution: Check the stash file.
• Message: SSL0181E: Unable to fork for startup of session ID cache.
o Reason: Unable to fork for startup of session ID cache.
o Solution: Check the location of sidd daemon, file permissions.
• Message: SSL0182E: Error creating file mapped memory for SSL passwords.
o Reason: Error creating file mapped memory for SSL passwords.
o Solution: Report problem to service.
• Message: SSL0183E: Exceeded map memory limits.
o Reason: Exceeded map memory limits.
o Solution: Report problem to service.
• Message: SSL0184E: Could not find a password for the resource: %s.
o Reason: SSL0184E: Could not find a password for the resource: %s.
o Solution: Report problem to service, disable password prompting.
• Message: SSL0185E: ssl_getpwd() failed, unable to obtain memory.
o Reason: ssl_getpwd() failed, unable to obtain memory.
o Solution: Report problem to service, disable password prompting.
• Message: SSL0186E: Linked list mismatch.
o Reason: SSL0186E: Linked list mismatch.
o Solution: Report problem to service, disable password prompting.
• Message: SSL0186E: ssl_getpwd() failed, password exceeded maximum size of 4095.
o Reason: ssl_getpwd() failed, password exceeded the maximum size of 4095.
o Solution: The password must be smaller than 4K.
• Message: SSL0187E: It is invalid to enable password prompting for the SSLServerCert directive without specifying a Crypto Card Token.
o Reason: It is invalid to enable password prompting for the SSLServerCert directive without specifying a crypto card token.
o Solution: Specify a crypto card token or disable password prompting for the SSLServerCert directive.
• Message: SSL0188E: SSL initialization for server: %s, port: %u failed. SSL timeouts cannot be set in a virtualhost when the SSLCacheDisable directive has not been specified globally.
o Reason: When the SSL session cache is being used, only the global timeout settings apply because they are managed by the external session cache daemon. See information about the SSLCacheDisable and SSLCacheEnable directives in the information center topic entitled SSL directives.
o Solution: If separate SSL timeouts are required, disable use of the session ID cache (SSLCacheDisable), otherwise make sure the SSLV3Timeout and SSLV2Timeout directives are only set in the global scope.
SSL stash utility messages
This topic contains error messages that might result due to Secure Sockets Layer (SSL) stash utility problems and provides solutions to help you troubleshoot these problems.
The following messages appear due to SSL Stash utility errors:
• Message: SSL0700S: Invalid function
o Reason: An invalid parameter was entered. The valid values are crl or crypto.
o Solution: Rerun the command with the proper function.
• Message: SSL0701S: The password was not entered.
o Reason: The password was not entered on the command line.
o Solution: Rerun the command with the password added.
• Message: SSL0702S: Password exceeds the allowed length of 512.
o Reason: The password that was entered is longer than the allowed maximum of 512 characters.
o Solution: Use a shorter password.
IBM HTTP Server basic administration of server
This topic describes how to start and stop the IBM® HTTP Server administration server on distributed platforms.
null
For this task
Start the IBM HTTP Server administration server as follows. You must be logged in as a root user, or If you installed as non root user for IHS then you must SU - to same user which is owned by IHS.
If it is Windows then you should be administrator.
Procedure
Windows :
From the Start menu
Click Start > Programs > IBM HTTP Server > Start Administration Server.
A message box displays that indicates the server has started.
If the IBM HTTP Server administration server does not start, complete the following steps:
1.Open the Control Panel.
2.Click Services.
3.Double-click IBM HTTP Server Administration Server to start the server.
Confirm that IBM HTTP Server administration server started successfully by checking the admin_error.log file for a "start successful" message. If you use the developer installation option, then the IBM HTTP Server administration server does not install as a service. You have to run the httpd.exe file from a command line with the -f option. From the default directory, type:
httpd -f conf\admin.conf
ALL UNIX (AIX, HP-UX, Linux, Solaris):
The adminctl command starts and stops the IBM HTTP Server administration server. You can find the adminctl command in the bin subdirectory, within the IBM HTTP Server installation directory. If that directory is not in your PATH, the full path should be given on the command line. Start or stop the IBM HTTP Server administration server using the default admin.conf configuration file as follows:
null
1.Run the adminctl start command to start the server or run the adminctl stop command to stop the server.
Issue the commands from the default directories, based on your operating system:
AIX : /usr/IBM/HTTPServer/bin/adminctl start|stop
HP-UX, Linux, Solaris : /opt/IBM/HTTPServer/bin/adminctl start|stop
null
For example, The adminctl command is not in your PATH, the IBM HTTP Server installation directory is /usr/IBM/HTTPServer, and the default configuration file is used as follows:
/usr/IBM/HTTPServer/bin/adminctl start
/usr/IBM/HTTPServer/bin/adminctl stop
Important: The admin.conf configuration file supports single-byte characters (SBCS) only.
2.Confirm that IBM HTTP Server administration server started successfully by checking the admin_error.log.
Note: Some times IBM HTTP server process will be found Hung (defunct process) in UNIX environments resulting server will not respond or function even though server’s status is running.
Possible Cause’s: More child process for single instance / reached the maximum open files limit / more memory or CPU usage / reached the maximum user limit..Etc..!
Resolution: How to kill in the above situation.
Kill – (Process ID) , Kill -9 (Process ID) for force fully kill.
If you want to number of defunct process or chilled process which is causing problem.
for i in `ps -ef|grep master Process id of http server|grep -v grep |awk '{print $2}'`; do echo $i;kill -9 $i; done
Thursday, April 29, 2010
Thinking in Patterns, Problem-Solving Techniques using Java
nullThe pattern concept
“Design patterns help you learn from others' successes instead of your
own failures[2].”
Probably the most important step forward in object-oriented design is the “design patterns”
null
movement, chronicled in Design Patterns (ibid)[3]. That book shows 23 different solutions to
particular classes of problems. In this book, the basic concepts of design patterns will be
introduced along with examples. This should whet your appetite to read Design Patterns by
Gamma, et. al., a source of what has now become an essential, almost mandatory, vocabulary
for OOP programmers.
The latter part of this book contains an example of the design evolution process, starting with
an initial solution and moving through the logic and process of evolving the solution to more
appropriate designs. The program shown (a trash sorting simulation) has evolved over time,
and you can look at that evolution as a prototype for the way your own design can start as an
adequate solution to a particular problem and evolve into a flexible approach to a class of
problems.
What is a pattern?
Initially, you can think of a pattern as an especially clever and insightful way of solving a
particular class of problems. That is, it looks like a lot of people have worked out all the angles
of a problem and have come up with the most general, flexible solution for it. The problem
could be one you have seen and solved before, but your solution probably didn’t have the kind
of completeness you’ll see embodied in a pattern.
Although they’re called “design patterns,” they really aren’t tied to the realm of design. A
pattern seems to stand apart from the traditional way of thinking about analysis, design, and
implementation. Instead, a pattern embodies a complete idea within a program, and thus it
can sometimes appear at the analysis phase or high-level design phase. This is interesting
because a pattern has a direct implementation in code and so you might not expect it to show
up before low-level design or implementation (and in fact you might not realize that you need
a particular pattern until you get to those phases).
The basic concept of a pattern can also be seen as the basic concept of program design: adding
a layer of abstraction. Whenever you abstract something you’re isolating particular details,
and one of the most compelling motivations behind this is to separate things that change
from things that stay the same.
null
Another way to put this is that once you find some part of
your program that’s likely to change for one reason or another, you’ll want to keep those
changes from propagating other changes throughout your code. Not only does this make the
code much cheaper to maintain, but it also turns out that it is usually simpler to understand
(which results in lowered costs).
Often, the most difficult part of developing an elegant and cheap-to-maintain design is in
discovering what I call “the vector of change.” (Here, “vector” refers to the maximum gradient
and not a container class.)
This means finding the most important thing that changes in your
system, or put another way, discovering where your greatest cost is. Once you discover the
vector of change, you have the focal point around which to structure your design.
So the goal of design patterns is to isolate changes in your code. If you look at it this way,
you’ve been seeing some design patterns already in this book. For example, inheritance can be
thought of as a design pattern (albeit one implemented by the compiler). It allows you to
express differences in behavior (that’s the thing that changes) in objects that all have the
same interface (that’s what stays the same). Composition can also be considered a pattern,
since it allows you to change—dynamically or statically—the objects that implement your
class, and thus the way that class works.
You’ve also already seen another pattern that appears in Design Patterns: the iterator (Java
1.0 and 1.1 capriciously calls it the Enumeration; Java 2 containers use “iterator”). This
hides the particular implementation of the container as you’re stepping through and selecting
the elements one by one. The iterator allows you to write generic code that performs an
operation on all of the elements in a sequence without regard to the way that sequence is
built. Thus your generic code can be used with any container that can produce an iterator.
Pattern taxonomy
One of the events that’s occurred with the rise of design patterns is what could be thought of
as the “pollution” of the term – people have begun to use the term to mean just about
anything synonymous with “good.” After some pondering, I’ve come up with a sort of
hierarchy describing a succession of different types of categories:
1. Idiom: how we write code in a particular language to do this particular type of thing.
This could be something as common as the way that you code the process of stepping
through an array in C (and not running off the end).
2. Specific Design: the solution that we came up with to solve this particular problem.
This might be a clever design, but it makes no attempt to be general.
3. Standard Design: a way to solve this kind of problem. A design that has become
more general, typically through reuse.
4. Design Pattern: how to solve an entire class of similar problem. This usually only
appears after applying a standard design a number of times, and then seeing a
common pattern throughout these applications.
I feel this helps put things in perspective, and to show where something might fit. However, it
doesn’t say that one is better than another. It doesn’t make sense to try to take every problem
solution and generalize it to a design pattern – it’s not a good use of your time, and you can’t
force the discovery of patterns that way; they tend to be subtle and appear over time.
One could also argue for the inclusion of Analysis Pattern and Architectural Pattern in this
taxonomy.
Design principles
(Update from slides to here)
When I put out a call for ideas in my newsletter[4], a number of suggestions came back which
turned out to be very useful, but different than the above classification, and I realized that a
list of design principles is at least as important as design structures, but for a different reason:
these allow you to ask questions about your proposed design, to apply tests for quality.
• Principle of least astonishment (don’t be astonishing).
• Make common things easy, and rare things possible
• Consistency. One thing has become very clear to me, especially because of Python:
the more random rules you pile onto the programmer, rules that have nothing to do
with solving the problem at hand, the slower the programmer can produce. And this
does not appear to be a linear factor, but an exponential one.
• Law of Demeter: a.k.a. “Don’t talk to strangers.” An object should only reference
itself, its attributes, and the arguments of its methods.
• Subtraction: a design is finished when you cannot take anything else away.
• Simplicity before generality[5]. (A variation of Occam’s Razor, which says “the
simplest solution is the best”). A common problem we find in frameworks is that they
are designed to be general purpose without reference to actual systems. This leads to a
dizzying array of options that are often unused, misused or just not useful. However,
most developers work on specific systems, and the quest for generality does not
always serve them well. The best route to generality is through understanding welldefined
specific examples. So, this principle acts as the tie breaker between otherwise
equally viable design alternatives. Of course, it is entirely possible that the simpler
solution is the more general one.
• Reflexivity (my suggested term). One abstraction per class, one class per
abstraction. Might also be called Isomorphism.
• Independence or Orthogonality. Express independent ideas independently. This
complements Separation, Encapsulation and Variation, and is part of the Low-
Coupling-High-Cohesion message.
• Once and once only: Avoid duplication of logic and structure where the duplication
is not accidental, ie where both pieces of code express the same intent for the same
reason.
In the process of brainstorming this idea, I hope to come up with a small handful of
fundamental ideas that can be held in your head while you analyze a problem. However, other
ideas that come from this list may end up being useful as a checklist while walking through
and analyzing your design.
Classifying patterns
The Design Patterns book discusses 23 different patterns, classified under three purposes (all
of which revolve around the particular aspect that can vary). The three purposes are:
1. Creational: how an object can be created. This often involves isolating the details of
object creation so your code isn’t dependent on what types of objects there are and thus
doesn’t have to be changed when you add a new type of object. The aforementioned
Singleton is classified as a creational pattern, and later in this book you’ll see examples
of Factory Method and Prototype.
2. Structural: designing objects to satisfy particular project constraints. These work
with the way objects are connected with other objects to ensure that changes in the
system don’t require changes to those connections.
3. Behavioral: objects that handle particular types of actions within a program. These
encapsulate processes that you want to perform, such as interpreting a language,
fulfilling a request, moving through a sequence (as in an iterator), or implementing an
algorithm. This book contains examples of the Observer and the Visitor patterns.
The Design Patterns book has a section on each of its 23 patterns along with one or more
examples for each, typically in C++ (rather restricted C++, at that) but sometimes in
Smalltalk. (You’ll find that this doesn’t matter too much since you can easily translate the
concepts from either language into Java.) This book will revisit many of the patterns shown in
Design Patterns but with a Java orientation, since the language changes the expression and
understanding of the patterns. However, the GoF examples will not be repeated here, since I
believe that it’s possible to produce more illuminating examples given some effort. The goal is
to provide you with a decent feel for what patterns are about and why they are so important.
After years of looking at these things, it began to occur to me that the patterns themselves use
basic principles of organization, other than (and more fundamental than) those described in
Design Patterns. These principles are based on the structure of the implementations, which is
where I have seen great similarities between patterns (more than those expressed in Design
Patterns). Although we generally try to avoid implementation in favor of interface, for awhile
I thought that it was easier to understand the patterns in terms of these structural principles,
and tried reorganizing the book around the patterns based on their structure instead of the
categories presented in Design Patterns.
However, a later insight made me realize that it’s more useful to organize the patterns in
terms of the problems they solve. I believe this is a subtle but important distinction from the
way Metsker organizes the patterns by intent in Design Patterns Java Workshop (Addison-
Wesley 2002), because I hope that you will then be able to recognize your problem and search
for a solution, if the patterns are organized this way.
In the process of doing all this “book refactoring” I realized that if I changed it once, I would
probably change it again (there’s definitely a design maxim in there), so I removed all
references to chapter numbers in order to facilitate this change (the little-known “numberless
chapter” pattern ☺).
The development challenge
Issues of development, the UML process, Extreme Programming.
Is evaluation valuable? The Capability Immaturity Model:
Wiki Page: http://c2.com/cgi-bin/wiki?CapabilityImMaturityModel
Article: http://www.embedded.com/98/9807br.htm
Pair programming research:
http://collaboration.csc.ncsu.edu/laurie/
Unit testing
In an earlier version of this book I decided that unit testing was essential (for all of my books)
and that JUnit was too verbose and clunky to consider. At that time I wrote my own unit
testing framework using Java reflection to simplify the syntax necessary to achieve unit
testing. For the third edition of Thinking in Java, we developed another unit testing
framework for that book which would test the output of examples.
In the meantime, JUnit has changed to add a syntax remarkably similar to the one that I used
in an earlier version of this book. I don’t know how much influence I may have had on that
change, but I’m simply happy that it has happened, because I no longer feel the need to
support my own system (which you can still find ) and can simply
recommend the defacto standard.
I have introduced and described the style of JUnit coding that I consider a “best
practice” (primarily because of simplicity), in Thinking in Java, 3rd edition, chapter 15. That
section provides an adequate introduction to any of the unit testing you will see associated
with this book (however, the unit testing code will not normally be included in the text of this
book). When you download the code for this book, you will find (4/9/2003: Eventually, not
yet) unit tests along with the code examples whenever possible
Location of test code
Public: in test subdirectory; different package (don’t include in jar).
Package access: same package, subdirectory path underneath library code (don’t include in
jar)
Private access: (white box testing). Nested class, strip out, or Junit addons.
null
Simplifying Idioms
Before getting into more complex techniques, it’s helpful to look at some basic ways to keep
code simple and straightforward.
Messenger
The most trivial of these is the messenger, which simply packages information into an object
to be passed around, instead of passing all the pieces around separately. Note that without the
messenger, the code for translate() would be much more confusing to read:
//: simplifying:MessengerDemo.java
package simplifying;
import junit.framework.*;
class Point { // A messenger
public int x, y, z; // Since it's just a carrier
public Point(int x, int y, int z) {
this.x = x;
this.y = y;
this.z = z;
}
public Point(Point p) { // Copy-constructor
this.x = p.x;
this.y = p.y;
this.z = p.z;
}
public String toString() {
return "x: " + x + " y: " + y + " z: " + z;
}
}
class Vector {
public int magnitude, direction;
public Vector(int magnitude, int direction) {
this.magnitude = magnitude;
this.direction = direction;
}
}
class Space {
public static Point translate(Point p, Vector v) {
p = new Point(p); // Don't modify the original
// Perform calculation using v. Dummy calculation:
p.x = p.x + 1;
p.y = p.y + 1;
p.z = p.z + 1;
return p;
}
}
public class MessengerDemo extends TestCase {
public void test() {
Point p1 = new Point(1, 2, 3);
Point p2 = Space.translate(p1, new Vector(11, 47));
String result = "p1: " + p1 + " p2: " + p2;
System.out.println(result);
assertEquals(result,
"p1: x: 1 y: 2 z: 3 p2: x: 2 y: 3 z: 4");
}
public static void main(String[] args) {
junit.textui.TestRunner.run(MessengerDemo.class);
}
} ///:~
Since the goal of a messenger is only to carry data, that data is made public for easy access.
However, you may also have reasons to make the fields private.
Collecting Parameter
Messenger’s big brother is the collecting parameter, whose job is to capture information from
the method to which it is passed. Generally, this is used when the collecting parameter is
passed to multiple methods, so it’s like a bee collecting pollen.
A container makes an especially useful collecting parameter, since it is already set up to
dynamically add objects:
//: simplifying:CollectingParameterDemo.java
package simplifying;
import java.util.*;
import junit.framework.*;
class CollectingParameter extends ArrayList {}
class Filler {
public void f(CollectingParameter cp) {
cp.add("accumulating");
}
public void g(CollectingParameter cp) {
cp.add("items");
}
public void h(CollectingParameter cp) {
cp.add("as we go");
}
}
public class CollectingParameterDemo extends TestCase {
public void test() {
Filler filler = new Filler();
CollectingParameter cp = new CollectingParameter();
filler.f(cp);
filler.g(cp);
filler.h(cp);
String result = "" + cp;
System.out.println(cp);
assertEquals(result,"[accumulating, items, as we go]");
}
public static void main(String[] args) {
junit.textui.TestRunner.run(
CollectingParameterDemo.class);
}
} ///:~
The collecting parameter must have some way to set or insert values. Note that by this
definition, a messenger could be used as a collecting parameter. The key is that a collecting
parameter is passed about and modified by the methods it is passed to.
Object quantity
The two patterns described here are solely used to control the quantity of
objects.
Singleton could actually be thought of as a special case of Object Pool, but the applications of
the Object Pool tend to be uniqe enough from Singleton that it’s worth treating the two
separately.
Subscribe to:
Posts (Atom)
