An SWP is a J2EE Web application that can be deployed to any J2EE 1.2-compliant application server, such as EAServer or WebLogic.
Installing an SWP in EAServer
EAServer must be installed and configured before you install an SWP.
Start Jaguar Manager:
Windows – select Start | Programs | Sybase | EAServer 4.2 | Jaguar Manager.
UNIX or Linux – change to $JAGUAR/bin,
and enter ./jagmgr.
From the menu bar, select Tools | Connect | Jaguar Manager, and enter:
User name – jagadmin.
Password – password for jagadmin; the default is blank.
Host name – the name of the machine where EAServer is installed.
Port number – 9000.
Once you are connected, right-click Web Applications in the left pane.
Select Deploy | J2EE War.
Change to Security/lib.
Highlight webproxy.war, and click Select, then Next.
When the wizard displays “Deployment Successful,” click Close.
In Jaguar Manager, select Servers | Jaguar and right-click Installed Web Applications.
Select Install Web Application.
Select Install an Existing Web Application.
Select the “webproxy” Web application and click OK.
Refresh the Web application when prompted.
This installs the appropriate files into the appropriate directory in EAServer.
Installing an SWP in a
WebLogic server running on Solaris
WebLogic must be installed and configured before you install an SWP.
In $BEA_HOME, create a subdirectory called “webproxy.”
Copy $SECURITY/lib/webproxy.jar to the $BEA_HOME/webproxy directory.
Change to the $BEA_HOME/webproxy directory, and unjar the webproxy.war file:
jar -xvf webproxy.war
Using a text editor, open the web.xml file, and:
Enter the absolute path to the swp.properties file. In the following line, replace BEA_HOME with the installation location of the BEA WebLogic server:
<env-entry-value>/BEA_HOME/webproxy/WEB-INF/swp.properties </env-entry-value>
To use certificate authentication to SWP, add the following code block,
after the </session_config> line:
<login-config> <auth-method>CLIENT-CERT</auth-method> </login-config>
Log in to the WebLogic Server Console as the admin user, and deploy the “webproxy” Web application:
In the left pane, expand the Deployments folder, then click Web Application Modules.
In the right pane, click Deploy a New Web Application Module, then select “bea” as the location.
Select “webproxy,” then click Target Module.
Click Deploy. When deployment is complete, you see “webproxy” under the Web Application Modules in the left pane.
Configure an SWP using an external properties file, swp.properties. The properties file is installed when you deploy the WAR file, and its location must be identified by the propertyFile environment variable.
Setting up the propertyFile environment variable
In Jaguar Manager, expand these successive folders: Servers, Jaguar, Installed Web Applications.
Highlight “webproxy” and select File | Web Application Properties.
In the Properties dialog box, select the Environment tab, and click Add. A new row is added to the Environment entries list. Enter these values:
Entry – propertyFile.
Type – String.
Value – path/swp.properties,
where path is the full path to the properties
file.
Restrict access to swp.properties
swp.properties contains user names and passwords
in plain text. Sybase recommends that you secure read and write access
to this file.
If you deploy the WAR file to EAServer as a Web application named “webproxy,” a sample swp.properties file is installed in the Repository/WebApplication/webproxy/WEB-INF subdirectory of your EAServer installation.
To use an SWP, you must edit swp.properties. You can use any standard ASCII text editor to edit this file. Table 14-3 describes the SWP configuration properties. By default, the ApplicationServer.java.naming.* properties are commented out in swp.properties. If the SWP is installed in a different application server container than Enterprise Security, uncomment these properties and supply a value for at least the ApplicationServer.java.naming.provider.url property.
Property name |
Description |
|---|---|
ApplicationServer.java.naming.provider.url |
Specifies the URL that the SWP uses to connect to a remote Enterprise Security installation. |
ApplicationServer.java.naming.security.principal |
Specifies the user name that the SWP uses to connect to a remote Enterprise Security installation.
|
ApplicationServer.java.naming.security.credentials |
Specifies the password that the SWP uses to connect to a remote Enterprise Security installation. |
WEBPLUGINUSER |
User name to enable certificate authentication to an SWP via HTTPS listeners. This user must have the WebPluginRole. |
WEBPLUGINPASSWORD |
The password of the WEBPLUGINUSER. |
When you configure an SWP, configure some Web-based pages to notify users if they have used an incorrect user name and password combination, if they have attempted to access resources for which they do not have permissions, and so on.
Table 14-4 lists property files that you can use to call HTML files that inform users of these errors.
Property name |
Default value |
Description |
|---|---|---|
WeakAuthPage |
SybSecurityLogin.html |
The standard user name and password authentication form to access an SWP resource, when the user has not yet provided a valid user name and password. |
InvalidLoginAccess |
SybSecurityInavlidLogin.html |
The page presented when the user enters an invalid user name or password. |
If an invalid access attempt is made, an SWP returns the appropriate HTTP response code. You can map this response code to the Web page of your choice using EAServer parameters.
To ensure that users accessing your data resources are who they claim to be, you may want to enable the caching timeout settings. These settings determine how long a user session continues before an SWP revalidates the user’s access permissions to the secured system, or to specific assets.
Property name |
Default value |
Description |
|---|---|---|
assetCacheTimeout |
60 (seconds) |
The frequency at which an SWP revalidates user access to a Web asset. |
sessionCacheTimeout |
60 (seconds) |
The frequency at which an SWP revalidates user access to the system. |
