Server Configuration Components

SecuredWebAccess Component

The SecuredWebAccess component protects invocation of services by requiring a user name and password. The HTTP BASIC algorithm is used. As a result, there is no secure encryption of user names and passwords. The component assigns roles to each request and then compares the list of assigned roles with the role required to invoke the service.

The parameter configFile specifies the name of a configuration file for the component. The configuration file contains a list of rules that define roles for each service request and user invoking the request.

There are two ways to define roles for the service request. First the component attempts to use the user name and password provided in the request. If they are defined somewhere in the users section, the component will assign roles defined in the roles attribute.

Then it evaluates roles as defined in the roles section. The role is assigned to the request if conditions defined in child elements are fulfilled. There are four elements that you can combine and use to define various conditions.

require. It is fulfilled if the currently evaluated request already has a role specified by the role attribute.
location. It is fulfilled if the current request is processed from the location defined by the IP address and network mask specified in the ip and mask parameters.
and. It is fulfilled if and only if all child elements are fulfilled.
or. It is fulfilled if at least one of the child elements is fulfilled.

Example:

In this example, joseph will become manager if he uses the correct password (two) and if his request is sent from the network 172.17.17.0/255.255.248.0 or 172.16.17.0/255.255.248.0.

<dqc-users>
  <users>
    <user username="pepa" password="one" roles="admin" />
    <user username="joseph" password="two" roles="role1" />
  </users>
  <roles>
    <role name="manager">

      <or>
        <require role="admin" />
        <location ip="172.17.17.71" mask="255.255.248.0" />
        <and>
          <require role="role1" />
          <location ip="172.16.17.72" mask="255.255.248.0" />
        </and>
      </or>
    </role>
    <role name="ip_based_role">
      <location ip="172.16.17.72" mask="255.255.248.0" />
    </role>
  </roles>
</dqc-users>

HttpDispatcher Component

The HttpDispatcher component receives all HTTP requests and distributes them for processing to deployed services. It also initiates request role resolution. If you plan to use secured Web access, you must start the SecuredWebAccess prior to this component. That is, in the configuration file, it must be listed before the HttpDispatcher component.

The HttpDispatcher can log requests and responses to a log file. Logging is configured by adding filter elements inside the HttpDispatcher definition. For details about logging, see Logging Requests and Responses.

OnlineServices Component

The OnlineServices component is responsible for initializing and deploying all services that should be available for online requests. The configuration expects the path to the file system folder that contains all necessary configuration files. This folder is specified by the element configFolder.

To be able to change configuration files without stopping and restarting the online server, all files and directories located in this configuration folder are copied into the temporary file system. The server reads or locks them in the temporary file system. This enables you to modify the files in the original configuration folder.

For example, you can change some lookup files without immediately affecting the running server. When you finish all changes, you can apply them at once using the refresh command in the OnlineCtl command line tool or by using the /admin/refreshCfg page.

Top of page

Example: OnlineServices Component

The following sample OnlineServices component initializes and deploys the services available for online requests.

<?xml version='1.0' encoding='windows-1250'?>
<server>
        <port>7777</port>
        <wsPort>8888</wsPort>
        
        <authentication>
                <methods>
                        <method ...>
                          ...
                        </method>
                        ...
                </methods>
        </authentication>
        
        <serverComponents>
                <component class="cz.adastra.cif.online.security.SecuredWebAccess">
                  <configFile>etc/dqc-users.xml</configFile>
                </component>
                <component class="cz.adastra.cif.online.web.HttpDispatcher">
                        <protocol>http</protocol>
                </component>
                <component class="cz.adastra.cif.online.OnlineServicesComponent">
                        <configFolder>etc/online</configFolder>
                </component>
        </serverComponents>
        
        <databaseConnections>
                <databaseConnection>
                        <name>TransactionLog</name>
                        <url>jdbc:mysql://localhost:3306/adqc</url>
                        <driverClass>com.mysql.jdbc.Driver</driverClass>
                        <user>adqc</user>
                        <password>adqc</password>
                </databaseConnection>
        </databaseConnections>
        
        <tempFolders>
                <tempFolder path="c:/tmp" />
        </tempFolders>
</server>