Overview
This document is intended to supplement the Kuali Rice 2.1.2 Installation Guide and aid the creation of an embedded rice client application. The information on this page is targeted for the Rice 2.1.2 release.
Running a Rice client application in Embedded Mode means:
- one or more Rice modules - in particular, KEW and KIM - are executing from within the client application
- the client application has direct access to the Rice Standalone Server database
Access to the Rice Database
A Rice client application requires three schemas:
- A schema that backs the Rice Standalone Server - generally referred to as the Rice database. The client application uses this schema to store all KEW transactions and expose services on the KSB registry.
- A Rice-provisioned schema for accessing the Rice database through a role with appropriate permissions (e.g. CRUD on KEW tables, but read-only on KNS tables). Because Rice is "schema-unaware", private synonyms pointing to the objects in the Rice database are created in this schema.
- A schema that backs the Rice client tables. This is generally hosted in the client application's database. It is used primarily for managing local Rice related Quartz jobs and thus, does not require access to any other schema.
Prerequisites
- A database account with access to the Rice database
- Procure the UC Davis-specific JARs for the modules you will be embedding along with any of their associated dependencies using either of the following methods:
- Download
ucd-rice-standalone-server-implWAR from Artifactory , selecting the most recent version. This WAR contains all dependencies. - Download JARs for the specific module from this location in the Artifactory , selecting the most recent version.
- Download
- A certificate for the machines hosting the client application that will be connecting to the Rice Standalone Server.
- Development Environments
- For the development environments, you may generate a self signed certificate for the client machine and add to the attached rice-test.keystore using the following command:
keytool -keystore rice-test.keystore -storepass nowUCme_nowUdont -v -alias <your alias> -genkeypair -validity 9999 -dname "CN=<your fully qualified machine name>, OU=<your organization>, O=UC Davis, L=Davis, ST=California, C=US"
- Install the updated rice-test.keystore in your environment where it will be referenced in the rice configuration files.
- A copy of the updated rice-test.keystore must also be installed on the Rice Standalone Server, and all Rice clients it the environment (KFS, KC).
- An additional cert is required for client applications connecting to the rice-sandboxes environment. The rice-sandboxes.ucdavis.edu machine does not currently have an InCommon cert, therefore a certificate from rice-sandboxes.ucdavis.edu (rice-sandboxes_ucdavis_edu.pem) must be imported into the java cacerts bundle on the client machine. The following command shows how to import the cert (attached) for the rice-sandboxes.ucdavis.edu development machine:
keytool -importcert -file rice-sandboxes_ucdavis_edu.pem -keystore cacerts -storepass changeit -alias rice-sandboxes.ucdavis.edu
- Certificates for the various development environments (rice-sandboxes, rice-testint1, rice-qa-a, rice-qa-b) are attached to this document.
- For the development environments, you may generate a self signed certificate for the client machine and add to the attached rice-test.keystore using the following command:
- Production Environment
- For the production environment, an InCommon Certificate is required for the client application which will be connecting to the production Rice Standalone Server.
- The InCommon certificate is then installed in client application keystore along with the private key and the certificate is then forwarded to the rice team.
- The client application must also request the rice team forward the certificates from all of the applications in the production environment, including the rice central server. These certificates must also be installed in the client application keystore, with the proper alias.
- For more information on how to request an InCommon certificate for your application, visit the following link and click on the SSL Certificate category: MyUCDavis > UCD Resources > Software
- Development Environments
It is recommended that certificates be imported into the client keystore with an alias which matches the rice application id (e.g., rice, kfs, ...etc). Keeping the alias a simple intuitive value will help prevent alias mismatches between the various keystores, which will cause KSB communication to fail.
Rice Libraries
In Rice 1.0.x, there were only two main jars, rice-api and rice-impl. With the modularity work there are more api jars corresponding to service apis and framework components. Additionally, the implementation module has been split (though there is still a shared implementation module as not all components of the Rice implementation have been fully modularized as of the Rice 2.x.x release). This work was done according to the design outlined at the following page: Modularity Design
The libraries and their dependencies required for the modules which your application will be using must be included in your client application. Ideally you only include the modules of rice you are using. In practice, you may need to include them all until rice's modularity work is complete. The only modules rice recommends compiling against are api & framework modules.
Below is a list of the old 1.0.3.3 libraries and their 2.x.x counterparts:
Old Library |
New Library |
|---|---|
rice-api-1.0.3.3.jar |
rice-core-api-2.x.x.jar |
|
rice-core-framework-2.x.x.jar |
|
rice-core-service-api-2.x.x.jar |
|
rice-core-service-framework-2.x.x.jar |
|
rice-edl-framework-2.x.x.jar |
|
rice-ken-api-2.x.x.jar |
|
rice-kew-api-2.x.x.jar |
|
rice-kew-framework-2.x.x.jar |
|
rice-kim-api-2.x.x.jar |
|
rice-kim-framework-2.x.x.jar |
|
rice-kns-2.x.x.jar |
|
rice-krad-app-framework-2.x.x.jar |
|
rice-krad-web-framework-2.x.x.jar |
|
rice-krms-api-2.x.x.jar |
|
rice-krms-framework-2.x.x.jar |
|
rice-ksb-api-2.x.x.jar |
|
rice-location-api-2.x.x.jar |
|
rice-location-framework-2.x.x.jar |
rice-impl-1.0.3.3.jar |
rice-impl-2.x.x.jar |
|
rice-core-impl-2.x.x.jar |
|
rice-core-service-impl-2.x.x.jar |
|
rice-edl-impl-2.x.x.jar |
|
rice-kew-impl-2.x.x.jar |
|
rice-kim-impl-2.x.x.jar |
|
rice-krms-impl-2.x.x.jar |
|
rice-ksb-client-impl-2.x.x.jar |
|
rice-ksb-server-impl-2.x.x.jar |
|
rice-location-impl-2.x.x.jar |
rice-sampleapp-1.0.3.3.jar |
rice-core-service-web-2.x.x.jar |
|
rice-core-web-2.x.x.jar |
|
rice-ksb-web-2.x.x.jar |
|
rice-location-web-2.x.x.jar |
Properties Configuration
We use a simple XML configuration to declare properties as key-value pairs. For example:
<config>
<param name="datasource.ojb.platform">Oracle9i</param>
<param name="datasource.platform">org.kuali.rice.core.framework.persistence.platform.OraclePlatform</param>
<param name="datasource.url">jdbc:oracle:thin:@ldap://oraldap1.ucdavis.edu:389/rice_test,cn=OracleContext,dc=ucdavis,dc=edu</param>
<param name="datasource.driver.name">oracle.jdbc.driver.OracleDriver</param>
<param name="datasource.pool.validationQuery">select 1 from duak</param>
<param name="datasource.pool.maxWait">30000</param>
<param name="datasource.pool.size">30</param>
<param name="datasource.pool.maxActive">50</param>
<param name="datasource.minIdle">7</param>
<param name="datasource.initialSize">7</param>
<param name="datasource.accessToUnderlyingConnectionAllowed">true</param>
<param name="datasource.username">my_db_user</param>
<param name="datasource.password">my_db_password</param>
<config>
Configuration File Options
- Default Rice Configuration
- By default Rice looks for
rice-config.xmlin/usr/local/rice/at launch time. Externalizing the configuration out to the file system allows us to substitute different values for different properties in different environments. We don't need to create a configuration file for say, the TEST vs. the PROD environment, and then build the application (i.e. the same WAR can be deployed in any instance). - See a set of sample properties .
- By default Rice looks for
- Other Kuali Application Configurations
- Kuali COEUS is a fully enabled rice application. The Kuali COEUS config file, kc-config.xml , is included here for reference.
Core Data Source Configuration
Kuali Rice uses Java Open Transaction Manager, so we declare the appropriate beans.
<bean id="jotm" class="org.springframework.transaction.jta.JotmFactoryBean">
<property name="defaultTimeout" value="${transaction.timeout}"/>
</bean>
We must declare three data sources:
- A transactional data source where the local client application's Rice tables are located. This is required by JOTM.
classpath:edu/ucdavis/myapp/config/application-data.xml
<bean id="dataSource" class="org.kuali.rice.core.framework.persistence.jdbc.datasource.XAPoolDataSource"> <property name="transactionManager" ref="jotm" /> <property name="driverClassName" value="${datasource.driver.name}" /> <property name="url" value="${datasource.url}" /> <property name="maxSize" value="${datasource.pool.size}" /> <property name="minSize" value="${datasource.initialSize}" /> <property name="maxWait" value="${datasource.pool.maxWait}" /> <property name="validationQuery" value="${datasource.pool.validationQuery}" /> <property name="username" value="${datasource.username}" /> <property name="password" value="${datasource.password}" /> </bean> - A non-transactional data source pointing to those same Rice tables. This is required by Quartz.
classpath:edu/ucdavis/myapp/config/application-data.xml
<bean id="nonTransactionalDataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close"> <property name="url" value="${datasource.url}"/> <property name="username" value="${datasource.username}"/> <property name="password" value="${datasource.password}"/> <property name="driverClassName" value="${datasource.driver.name}" /> <property name="initialSize" value="${datasource.initialSize}" /> <property name="minIdle" value="${datasource.minIdle}" /> <property name="maxActive" value="${datasource.maxActive}" /> <property name="maxWait" value="${datasource.maxWait}" /> <property name="validationQuery" value="${datasource.validationQuery}" /> <property name="testOnBorrow" value="${datasource.testOnBorrow}" /> <property name="testOnReturn" value="${datasource.testOnReturn}" /> <property name="testWhileIdle" value="${datasource.testWhileIdle}" /> <property name="accessToUnderlyingConnectionAllowed" value="${datasource.accessToUnderlyingConnectionAllowed}" /> </bean>To take advantage of pooling capabilities,
testOnBorrowshould be set totrue. - A transactional data source pointing to the database of the Rice Standalone Server.
classpath:edu/ucdavis/myapp/config/application-data.xml
<bean id="standaloneDataSource" class="org.kuali.rice.core.framework.persistence.jdbc.datasource.XAPoolDataSource"> <property name="transactionManager" ref="jotm" /> <property name="driverClassName" value="${standalone.datasource.driver.name}" /> <property name="url" value="${standalone.datasource.url}" /> <property name="maxSize" value="${standalone.datasource.pool.size}" /> <property name="minSize" value="${standalone.datasource.initialSize}" /> <property name="maxWait" value="${standalone.datasource.pool.maxWait}" /> <property name="validationQuery" value="${standalone.datasource.pool.validationQuery}" /> <property name="username" value="${standalone.datasource.username}" /> <property name="password" value="${standalone.datasource.password}" /> </bean>
KEW Service Configuration
As of 1.0.1.1-UCD-SR1d, Rice applications will no longer encrypt workflow document content. This is accomplished by disabling encryption using the out-of-the-box non-encryption implementation (org.kuali.rice.core.impl.encryption.NoEncryptionEncryptionServiceImpl). It is instantiated by declaring classpath:edu/ucdavis/kuali/rice/kew/config/ucd-kew-service.xml in the Spring context.
Consequently, the encryption.key property is no longer required.
KRAD Service Configuration
- Maintenance Document Encryption
- As of 1.0.1.1-UCD-SR1d, Rice applications will no longer encrypt maintenance document content.
- This is accomplished by disabling encryption using the out-of-the-box non-encryption implementation (
org.kuali.rice.core.impl.encryption.NoEncryptionEncryptionServiceImpl). - Disable encryption by declaring the
classpath:edu/ucdavis/kuali/rice/krad/config/ucd-krad-service.xmlSpring file (see UCD Spring Bean Configuration). - Remove (or comment out) references to the
encryption.keyproperty (e.g. in rice-config.xml, kc-config.xml, embedded-client-config.xml, etc.).
UCD Spring Bean Configuration
Declare the UCD-implemented Rice services:
<param name="rice.kr.additionalSpringFiles">classpath:edu/ucdavis/kuali/rice/krad/config/ucd-krad-service.xml</param>
<param name="rice.kew.additionalSpringFiles">classpath:edu/ucdavis/kuali/rice/kew/config/ucd-kew-service.xml</param>
- If you're using Spring's
ContextLoaderListener, declare them inweb.xmlsrc/main/webapp/WEB-INF/web.xml<listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <context-param> <param-name>contextConfigLocation</param-name> <param-value> ... classpath:edu/ucdavis/kuali/rice/kim/config/ucd-krad-service.xml classpath:edu/ucdavis/kuali/rice/kew/config/ucd-kew-service.xml ... </param-value> </context-param>
CoreConfigurer Bean Configuration
Finally, we declare the coreConfigurer bean and inject all of the core data source beans.
<bean id="coreConfigurer" class="org.kuali.rice.core.impl.config.module.CoreConfigurer">
<property name="dataSource" ref="dataSource" />
<property name="nonTransactionalDataSource" ref="nonTransactionalDataSource" />
<property name="serverDataSource" ref="standaloneDataSource"/>
<property name="transactionManager" ref="jotm" />
<property name="userTransaction" ref="jotm" />
</bean>
<bean id="ksbConfigurer" class="org.kuali.rice.ksb.messaging.config.KSBConfigurer" />
<bean id="kradConfigurer" class="org.kuali.rice.krad.config.KRADConfigurer" />
<bean id="coreServiceConfigurer" class="org.kuali.rice.coreservice.impl.config.CoreServiceConfigurer" />
<bean id="kimConfigurer" class="org.kuali.rice.kim.config.KIMConfigurer" />
<bean id="kewConfigurer" class="org.kuali.rice.kew.config.KEWConfigurer" />
<bean id="kenConfigurer" class="org.kuali.rice.ken.impl.config.KENConfigurer" />
<bean id="edlConfigurer" class="org.kuali.rice.edl.impl.config.EDLConfigurer" />
<bean id="krmsConfigurer" class="org.kuali.rice.krms.config.KRMSConfigurer" />
<bean id="locationConfigurer" class="org.kuali.rice.location.impl.config.LocationConfigurer" />
Additional Rice Resources
- The Kuali Rice 2.1.2 Installation Guide
The installation guide contains useful information on all aspects of the Rice application from configuration of the standalone server to creation of a template rice client application and is a recommended additional resource for setting up your client application. If you use the maven command for creating a client application, be sure to update the -Darchetypeversion=2.1.2mvn archetype:generate -DarchetypeGroupId=org.kuali.rice -DarchetypeArtifactId=rice-archetype-quickstart -DarchetypeVersion=2.1.2
- The Kuali 2.1.2 Techincal Reference Guide
Recommended reading for understanding the overall Rice architecture.