Install on Apache Tomcat
Install on Apache Tomcat
lac42
You can install
CA Live API Creator
on Apache Tomcat Web server as an installable web application ARchive (WAR). This article includes information about how to install CA Live API Creator
on a local machine running Apache Tomcat.Use the following process to install
CA Live API Creator
on Apache Tomcat Web server:3
Verify the Prerequisites
Before you install
CA Live API Creator
on Tomcat Web server, ensure that you have completed the following prerequisite steps:- You have installed Tomcat.For more information about how to download and install Tomcat, see the Apache Tomcat website.
- You have installed the Java Development Kit (JDK) version thatCA Live API Creatorsupports.For more information:
- About how to install JDK, see the Oracle downloads website.
- About the version of JDK thatCA Live API Creatorsupports, see Installation Requirements and Supported Platforms.You can verify what version of Java JDK you have installed and whether you have it installed correctly by issuing the following command:java -version
- (On Windows) You have created aJAVA_HOMEenvironment variable that has a variable value to the location of your Java JDK installation. For example,JAVA_HOMEwith
. If Java is installed in a path that contains one or more spaces, use the short names of those directories for the variable value (for example,C:\Program Files\Java\jdk1.8.0_92
instead ofPROGRA~2
).Program FilesThis setting is in effect after you open a new Command window. - You have reviewed the installation best practices.For more information about the best practices, see Installation Best Practices.
(Optional) Bundle the Admin Repository into the WAR File
If you want to bootstrap
CA Live API Creator
with a specific configuration for your API metadata, bundle the admin repository into the CALiveAPICreator.war
file. For example, you have configured CA Live API Creator
in your development environment, and you want to include this configuration in the CALiveAPICreator.war
file and deploy it to a server.If you are persisting the authentication tokens that
CA Live API Creator
dynamically generates by way of an authentication database, you can also bundle the definition of the data source for the authentication token database (the ApiKey.json
file) into the WAR file.You can bundle the admin repository and the definition of the data source for the authentication token database into the WAR file using a script. For more information about this script, see Example: Deploy the Bundled WAR to a Cluster.
For more information:
- About the admin repository, see View your API Definition.
- About theApiKey.jsonfile, see Create a Database for your Authentication Tokens.
Follow these steps:
- Create theWEB-INF/classesdirectory.
- Create the
file from your admin repository (theconfiguration.zip
andteamspaces
directories).systemFor more information about these directories, see View your API Definition. - Copy the following files to theWEB-INF/classesdirectory:
- Theconfiguration.zipfile.
- (Optional) TheApiKey.jsonfile for your environment.
- From the command line window, bundle the files that are in theWEB-INFdirectory into the WAR file by issuing the following command:jar uvf <war file> WEB-INFStep 3 of the sample script bundles these files into the WAR file.
The admin repository (and optionally the definition of the data source for the authentication token database) is added to the
CALiveAPICreator.war
file.Install on Tomcat
Prerequisite:
The ${CATALINA_HOME}/webapps/ROOT
directory does not exist. If this directory exists, delete or rename it.You can install the
CA Live API Creator
components—API Creator, API Server, and Data Explorer—simultaneously or (if you are an advanced user and you want greater flexibility) each of the components individually. Use the WAR files that are included in the CA Live API Creator
installation zip file.Install all the components simultaneously using the
/development/
CALiveAPICreator.war
file.Follow these steps:
- Retrieve the
file from yourdevelopment/CALiveAPICreator.warCA Live API Creatorinstallation bundle and copy it to the${CATALINA_HOME}/webappsdirectory. - (If you wantCA Live API Creatorto be at the root URL) Rename theCALiveAPICreator.warfile to${CATALINA_HOME}/webapps/ROOT.war.
Install an individual
CA Live API Creator
component using the WAR file pertaining to that component. These files are located in the
directory./production
Follow these steps:
- Retrieve the WAR file for the component that you want to install from theproductiondirectory and copy it to the${CATALINA_HOME}/webappsdirectory:
- APICreator.war, which installs API Creator.
- APIServer.war, which installs API Server.
- DataExplorer.war, which installs Data Explorer.
You can copy one or more component WAR files into the${CATALINA_HOME}/webappsdirectory. - (If you want API Server to be at the root URL) Rename the
file toAPIServer.war
.ROOT.war
(Optional) Verify your Installation
- Verify thatCA Live API Creatorinstalled correctly and that there are no exceptions by checking the logs. Using a text editor, open the${CATALINA_HOME}/logs/catalina.outfile.If you are using Windows, the file might have a date in its name.The following response is expected:Start Server startup in <miliseconds> msIf you see an error and the server does not start properly, fix the error then stop and restart the server by issuing the following commands:(Windows)shutdownstartup(Unix/Mac)sh shutdown.shsh startup.sh
- Verify that you are running the configured Tomcat by checking the Tomcat command window. A wrong version of Tomcat can execute. Ensure that a previous version of a Tomcat install on Windows is not set to an environmental variable. A good indicator is that there are no files in the${CATALINA_HOME}/logsfolder.If WARNING messages from the
appear, you can safely ignore them. These messages are not errors.StandardJarScanner
Optional Configuration
The following topics provide optional configuration details.
The following optional configurations require that you restart your Tomcat service after you configure.
Configure Tomcat for the Northwind Sample Database
Complete the following if you want to allow application developers who use
CA Live API Creator
to use the Northwind sample database.Prerequisite:
The Northwind sample database is a Derby data source. Ensure that the correct version of the JavaDB/Apache Derby JDBC driver is in the ${CATALINA_HOME}/lib
directory. For more information about the version of JavaDB/Apache Derby JDBC driver that CA Live API Creator
supports, see Installation Requirements and Supported Platforms.Follow these steps:
- Copy the<CA Live API Creatordownload package>Samples/databases/Northwind.zipfile to a directory on the same machine as Tomcat by issuing the following commands:In this example, the location is/opt/ca/sampleDBs.cp Northwind.zip /opt/CA/lac/sampleDBscd /opt/ca/sampleDBs
- Unzip the copied zip file into theNorthwinddirectory by issuing the following command:unzip -d Northwind Northwind.zipThe newNorthwind(the case is important) directory now contains a few files and directories such aslog,seg0, etc. We recommend that you keep the zip file in this location so that you can easily restore the Northwind database to a pristine state.
- Instruct Tomcat to use the/opt/ca/sampleDBsdirectory as the default Derby directory by setting thederby.system.homesystem property to the/opt/ca/sampleDBs.There are many ways to change the value for this system property. If you are not sure how to do it, the easiest way is to set an environment variable before starting Tomcat by issuing the following command:export CATALINA_OPTS=-Dderby.system.home="/opt/ca/sampleDBs"./startup.sh
The Northwind sample database is installed.
Speed Up Tomcat
You can speed up the time it takes Tomcat to start by specifying which JAR files Tomcat should not scan for configuration information when you use the
JarScanner
functionality. On a basic Tomcat installation, specifying Tomcat to skip unneeded JARs can reduce its startup time from 40 seconds to 4 seconds and prevents warnings.Open the
${CATALINA_HOME}/conf/catalina.properties
file and add the following JARs to the tomcat.util.scan.StandardJarScanFilter.jarsToSkip
JAR scanning property:cdata*.jar,db2*.jar,derby*.jar,mariadb*.jar,mongo*.jar,mysql*.jar,\ojdbc*.jar,postgres*.jar,sqljdbc*.jar,\guava*.jar,mchange*.jar,mvel*.jar,quartz*.jar,shiro*.jar,slf4j*.jar,\kafka*.jar,org.eclipse.paho.client*.jar,ecj*.jar,el-api.jar
Configure
CA Live API Creator
to Access URLs That Contain Special CharactersYou can configure your database that contains binary primary keys to access URLs that contain special character, and you can also configure
CA Live API Creator
to access URLS that have special characters.Access URLs from Databases that Contain Binary Primary Keys
You can configure your database that contains binary primary keys to access URLs that contain special characters, such as slash (/), by adding the following configuration parameters and setting them to
true
when you start Tomcat:org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASHorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH
For example:
-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true-Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true
Access URLs that Have Special Characters
The URLs that you pass into
CA Live API Creator
that have special characters, such as an opening curly brace ({), a closing curly brace (}), or a vertical bar (|), can result in HTTP status code 400 error. You can do one of the following to prevent this error:- Encode your URL.For more information about how to encode your URL when you call Free SQL resources with query parameters using the syntax inCA Live API Creator, see Define Free SQL Resource Types.For an example of how to encode your URL using a tool, see URL Encode/Decode tool site.
- By configuring the one of following files in your Tomcat Java container:The file that you configure is dependent on your Tomcat version.
- Theserver.xmlfile. The following example configures Tomcat to accept the |{ and } special characters in the URL requests it receives:<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" relaxedQueryChars="|{}"/>
- The${CATALINA_HOME}/conf/catalina.propertiesfile. The following example configures Tomcat to accept the |{ and } special characters in the URL requests it receives:tomcat.util.http.parser.HttpParser.requestTargetAllow=|{}
Allow Multipart/Form-Data Requests to be Parsed Automatically
You can allow multipart/form-data requests to be parsed even when the target servlet does not specify
@MultipartConfig
or have a <multipart-config>
element.Follow these steps:
- Open the${CATALINA_HOME}/conf/context.xmlfile and insert the following XML code within the<Context>tag:allowCasualMultipartParsing="true"
- Save your changes, and then close the file.
You have allowed multipart/form-data requests to be parsed.
Configure External Logging
You can create a logger for externalizing your API logs.
For more information, see External Logging.
Minimize Security Vulnerabilities by Enabling HTTP Security Headers
You can minimize security vulnerabilities on
CA Live API Creator
applications, such as API Creator and Data Explorer, which are web-based applications, by adding security headers to Tomcat. HTTP security headers give browsers explicit instructions about how to communicate with a website. You can minimize security vulnerabilities on
CA Live API Creator
applications at one of the following levels: - At the Java-container level, within Tomcat.
- At theCA Live API Creatorapplication-level, within theWEB-INF/web.xmlfile that is in the/development/CALiveAPICreator.warfile. TheWEB-INF/web.xmlfile contains the web application deployment descriptor for your application.
The following procedure details how to minimize security vulnerabilities on
CA Live API Creator
applications within Tomcat.Follow these steps:
- Open theconf/web.xmlfile.
- Instruct Tomcat to support the HTTP Header Security filter by uncommenting the following section:<filter> <filter-name>httpHeaderSecurity</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <async-supported>true</async-supported></filter>
- Add the following section to the file, customizing the URL for API Creator and Data Explorer:<filter-mapping> <filter-name>httpHeaderSecurity</filter-name> <url-pattern>/APICreator/*</url-pattern> <url-pattern>/DataExplorer/*</url-pattern></filter-mapping>For more information about the options for the HTTP Header Security filter, see the Tomcat documentation.This configuration ensures that the REST calls that API Server facilitates are not affected with these security headers that would add overhead to the REST responses.
You have protected
CA Live API Creator
applications at the Java-container level.Next Steps
Complete the following procedures after you have installed
CA Live API Creator
on Tomcat.Enable Other Options at Server Startup
The following are options that you can enable at startup:
Add these options before starting your server only once. Do not add these options as part of normal operations.
For more information about these options and other options that you can add when you start API Server, see API Server Startup Options.
Bypass the Extra Step at Login to Accept the EULA
If you are deploying into production using a cluster or if you are scripting deployment, you can bypass the API Creator screen that asks the initial API developer (a TeamSpace user) to log in to accept the user license, which pre-accepts the terms of the EULA. You can pre-accept the terms of the EULA by adding the
ca_accept_license
option when you start API Server, for example:-Dca_accept_license=ENU
Specify an Alternate License File
The first time that you start Tomcat with
CA Live API Creator
, you must install the API Server license file. You can install this file when you start your Tomcat service by adding the LAC_DEFAULT_LICENSE_FILE
option when you start API Server, for example:<...Tomcat startup...> -DLAC_DEFAULT_LICENSE_FILE=/Users/jdoe/License.txt
Change the Password for the System Administrator User and for the Initial API Developer
If you did not change the passwords for the system administrator (
sa
) user and for the initial API developer (a TeamSpace user) for the default TeamSpace as options when you started your Java container, change the passwords. Add the LAC_INITIAL_SA_PASSWORD
and the LAC_INITIAL_ADMIN_PASSWORD
options either when you start API Server.For more information:
- About how to change the sa password, see Manage the System Administrator User Password.
- About how to change the initial API developer password, see Manage TeamSpace Users.
Specify the Location from Where you Want
CA Live API Creator
to Pull your Admin RepositoryBy default, at initial server startup,
CA Live API Creator
pulls your admin repository from the location you set using the LAC_REPOSITORY_ROOT
option. You can change this location by adding the LAC_REPOSITORY_CONFIGURATION_URL
option either when you start API Server.
Specify the Location to Where you Want
CA Live API Creator
to Add your Admin RepositoryThe first time that you start Tomcat with
CA Live API Creator
, you must set the location for your admin repository at startup by adding the LAC_REPOSITORY_ROOT
option either when you start API Server, for example:<...Tomcat startup...> -DLAC_REPOSITORY_ROOT=${HOME}/CALiveAPICreator.repository
You can change the location by adding this option when you start API Server.
Start your Tomcat Service
- From Terminal or a command prompt, navigate to the${CATALINA_HOME}/bindirectory.
- Follow the steps based on your operating system:
- (Mac/Unix)Do the following:
- Issue the following command:sh startup.shThe first time that you start Tomcat withCA Live API Creator, you must install your license file. You can install your license file as a Java system property or as an environment variable.You can stop your Tomcat Service using theshutdowncommand.
- If you encounter a permission error, issue the following command:chmod 755 catalina.sh
- (Windows)Do the following:
- From a command prompt, change directory to${CATALINA_HOME}\bindirectory.
- Issue the following command:startup
The Tomcat service is started and
CA Live API Creator
is installed.Log in to API Creator
You can access the
CA Live API Creator
component WAR files that you have copied to the ${CATALINA_HOME}/webapps
directory using a URL that includes the name of the WAR file. For example, if you have copied the DataExplorer.war
file into this directory, you can access Data Explorer using the following URL:http://localhost:8080/DataExplorer
Follow these steps:
- Enter the following URL into a browser window:http://localhost:8080/APICreatorThe API Creator logon authentication dialog opens.
- Complete the following fields, and then clickLogin:If thedefaultTeamSpace is the only TeamSpace that exists, you are the initial TeamSpace user, and you are just starting to use API Creator, the user name for this user isadmin.ServerThe URL and location of API Server, which can include the root web application archive (WAR) file's name.Example:/APIServerThe server location and name depends on the type of installation and configuration of your API.UsernameThe username for the initial API developer thatCA Live API Creatorcreates when you installCA Live API Creator, which is
. Enteradmin
.adminPasswordThe password for the initial API developer. Enter
.Password1 - If this is your first time logging in to API Creator, accept the terms of the End User License Agreement (EULA). You must accept these terms before you can use API Creator.
You are logged in to API Creator as the administrator user (admin).
Import the API Server License
The API Server license controls access to API Creator and services. If you did not specify a license file when starting Tomcat, you must now upload it.
For more information about how to upload the license in API Creator, see Import the API Server License.
Install the Admin CLI
If you want to manage your
CA Live API Creator
installation from the command line or using scripts, install the Admin command-line interface (CLI). With the Admin CLI installed, you can manage your admin services, such as migrating APIs–including your JavaScript user libraries, resources, authentication providers, and API Gateway definitions–to a newer version of CA Live API Creator
.For more information:
- About how to install the Admin CLI and its dependencies, see Install and Use the Command Line Utilities for DevOps.
- About how to migrate APIs to a newer version ofCA Live API Creator, see Migrate CA Live API Creator.
Begin your Exploration of the API Samples
For more information about these samples, see Tutorials and Samples.
Advanced Configuration
The following topics provide advanced configuration details.
Configure to Run as a Cluster
You can configure
CA Live API Creator
for scalability and increased performance by configuring it to run as a cluster within multiple nodes.For more information about how to configure
CA Live API Creator
to run as a cluster, see Configure Live API Creator to Run as a Cluster.Create a Database for your Authentication Tokens
By default,
CA Live API Creator
generates authentication tokens, stores them in the in-memory Derby database, and synchronizes them to your admin repository in the following cases:- You have configuredCA Live API Creatorto run as a single node.
- You are running in a local development environment.
- You have specified an authentication provider that uses theDefault Auth Providerauthentication method (for example, thebuilt-in authenticationauthentication provider) or a custom JavaScript authentication provider that uses theJavaScript Auth Providerauthentication method as the authentication provider for your API.
You can optionally have
CA Live API Creator
store the authentication tokens that it generates for API users in a database instead by creating one.For more information about how to create this database, see Create a Database for your Authentication Tokens.