1 Introduction
HSI-DataSync-TCS, is a Spring Boot application that is responsible for providing one way synchronization of data from CSIS to Salesforce.
Despite being a Spring Boot application, the build is configured to produce a .ear file: hsi-datasync-tcs.ear
2 Configuration
2.1 Data Source
In WebSphere console, set up the following WebSphere variable:
- ORACLE_JDBC_DRIVER_PATH, in most case it should use /opt/IBM/JDBC
- Upload the ojdbc8.jar to folder
Create a JDBC Provider for Oracle.
- Create a new JDBC Provider: Oracle JDBC Provider 8, to distinguish the older version of ojdbc6
Add data source using the new Oracle JDBC Provider 8
Current Oracle Database applied secure connecting, the port 1521 is disabled, details setup please check: HSI WebSphere ssl Connect to Oracle (TCS)
| Name | CSIS | (Expired) |
| JNDI Name | jdbc/csis | |
| Hostname | dbdev.csd.toronto.ca (DEV) dbqa.csd.toronto.ca (QA) csis2.csd.toronto.ca (Prod) | |
| User | hsiusr | |
| Password | DEV: csisontheweb QA: csisontheweb PROD: Check with database administrator | |
| Database | CSISDV (dev) TCSLINKEXT(qa) ? (Prod) | CSISDV (dev) CSISQA (qa) V9PROD (Prod) |
| URL | DEV: jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST= dbdev.csd.toronto.ca)(PORT=1528))(CONNECT_DATA=(SERVICE_NAME=CSISDV))) | Dev: jdbc:oracle:thin:@//dbdev.csd.toronto.ca:1521/CSISDV |
| QA: jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST= dbqa.csd.toronto.ca)(PORT=1528))(CONNECT_DATA=(SERVICE_NAME= TCSLINKEXT))) | QA: jdbc:oracle:thin:@//dbqa.csd.toronto.ca:1521/CSISQA | |
| PROD: jdbc:oracle:thin:@//csis2.csd.toronto.ca:1521/V9PROD |
2.2 Enable Java Assertion Capability
In WAS admin console, navigate the page: Servers -> Server Types -> WebSphere Application Servers -> click the server of HSI-Intranet -> on Configuration tab -> Java and Process Management -> Process definition -> Java Virtual Machine -> Generic JVM arguments, add an entry as -ea.
2.3 WAS App Server System Properties
In WAS admin console, navigate to: Servers -> Server Types -> WebSphere Application Servers -> click the server of RGI -> on Configuration tab -> Java and Process Management -> Process definition -> Java Virtual Machine -> Custom properties. Define following properties.
Name | DEV/(new sandbox ) | QA | PROD |
|---|---|---|---|
| app.log.home | /inet/webas/logs/Children-Internet | ||
| app.log.level | DEBUG | ||
| env.id | DEV | QA | PROD |
hsi.datasync.auth.base-url | https://insideto-secure.toronto.ca | ||
hsi.salesforce.oauth.base-url | https://login.salesforce.com | ||
hsi.salesforce.oauth.client-id /Consumer key |
/ /3MVG9Z8h6Bxz0zc4NWhTFhzYWdsDqjL2hAjXCDnNHK6GYDbRTX2gIh2NuZHT4kwD148ERF04EYuGa0IzssvGn | 3MVG9_I_oWkIqLrl7h.HM0nqegTxG0ne42d3TL10BuZ8mH5RUgrrJKpIVgI9nRbqTWa_oRhONh0rbSyxjD5XA / | 3MVG9CEn_O3jvv0y4aRSakzzOvRbhrZJpUQkvh_C3FQu13fcwOIzwLKeDKY9E3YH_SA_EH8sLf0aFu7st_UUO |
hsi.salesforce.oauth.user-id |
/hsi.integration@toronto.ca.hsidev07 | hsi.integration@toronto.ca | |
| hsi.salesforce.record-type.parent | /0126A000000yrPjQAI | 0126A000000yrPjQAI | 0126A000000yrPjQAI |
| hsi.salesforce.record-type.child | /0123s000000aJkPAAU | 0123s000000aJkPAAU | 0123s000000aJkPAAU |
2.4 Proxy configuration for outbound API calls
In order to make outbound API calls to salesforce, we must define a proxy.
-Dhttp.proxyHost=proxy.toronto.ca
-Dhttp.proxyPort=8080
-Dhttps.proxyHost=proxy.toronto.ca
-Dhttps.proxyPort=8080
-Dhttp.nonProxyHosts=insideto-secure.toronto.ca (Use the value defined for: datasync.auth.base-url for the corresponding env, host name only)
2.5 JVM Heap Size
Initial: 512MB
Max: 2048MB
3 KeyStore and Certificates
| Env | URL |
|---|---|
| Dev | |
| QA | |
| PROD |
3.2 Create a new key store through WAS console
- Security > SSL certificate and key management > Key stores and certificates > New
- Name: DatasyncKeyStore
- Management scope: Choose the cluster where the app is deployed, PLEASE REPLACE THE ${CONFIG_ROOT} AND ${CELL} WITH THE REAL VALUE FOR CONTAINER FOLDER OR CREATE VARIABLES FOR THEM
- Prod: ${CONFIG_ROOT}/cells/${CELL}/DatasyncKeyStore.p12
- WSQA: ${CONFIG_ROOT}/cells/wsQACell01/DatasyncKeyStore.p12
- WSDEV: ${CONFIG_ROOT}/cells/wsDVCell01/DatasyncKeyStore.p12
- QA: ${CONFIG_ROOT}/cells/${CELL}/DatasyncKeyStore.p12
- DEV: ${CONFIG_ROOT}/cells/${CELL}/DatasyncKeyStore.p12
- Local: depends on naming of cell. E.g. ${CONFIG_ROOT}/cells/M4XD0143252Node01Cell/DatasyncKeyStore.p12
- Password: WebAS in DEV and QA, <a secure password> in production
- Type: PKCS12
3.3 Create new Key Set in WAS Console
- Security > SSL certificate and key management > Key sets > New
- Key set name: SalesforceAuthKeySet
- Key alias prefix name: salesforceauthkey
- Key Password: WebAS in DEV and QA, <a secure password> in production
- Key store: DatasyncKeyStore
3.4 Create a Key Alias
- SSL certificate and key management > Key sets > SalesforceAuthKeySet > Active key history > Add key alias reference
- Alias reference: salesforceauthkey
- Key password: WebAS in DEV and QA, <a secure password> in production (same password as step 1 and 2)
3.5 Create a Self-Signed Certificate
- SSL certificate and key management > Key stores and certificates > DatasyncKeyStore > Personal certificates > Create > Self Signed Certificate
- Alias: salesforceauthkey
- Signature algorithm: SHA256withRSA
- Key size: 2048 bits
- Common name: SalesforceAuth
- Validity: 760 days
- Org: City of Toronto
- Org Unit: Children Services
- Toronto
- Ontario
- CA
3.5 Extract Certificate
- SSL certificate and key management > Key stores and certificates > DatasyncKeyStore > Personal certificates
- Check off salesforceauthkey
- Extract...
- Choose
- /tmp/salesforceauth.cer or c:/temp/salesforceauth.cer
- Base64-encoded ASCII data
*** The extracted .cer file will need to be uploaded to the Salesforce App configuration page. Please forward this file to Snehal Surti (Unlicensed)