x

To add a JDBC connection:

1. In the left console pane of the Server menu, select Data Provider.
2. Beneath the JDBC section, click Add.

   The JDBC Data Provider Definition pane displays.

3. Provide the appropriate values for your JDBC connection as listed and defined in the following table.

   Parameter	Description
   JDBC Connection Pool Properties
   Name *	Enter the name of the JDBC data provider to add.
   Driver Class	The JDBC driver class is the name of the class that contains the code for this JDBC Driver. You can select a predefined database from the drop-down list or enter your own. The following are sample values for the driver: com.microsoft.jdbc.sqlserver.SQLServerDriver COM.ibm.db2.jdbc.app.DB2Driver com.informix.jdbc.IfxDriver sun.jdbc.odbc.JdbcOdbcDriver oracle.jdbc.driver.OracleDriver com.sybase.jdbc2.jdbc.SybDriver The required .jar files for the JDBC driver must be installed and registered in the Service Manager classpath. You can use the Path Settings option on the console to add Java classes and libraries.
   Connection URL	The JDBC connection URL to use when creating a connection to the target database. The URL generally includes the server name or IP address, the port or service, the data source name, and a driver specific prefix. You can select a predefined database from the drop-down list or enter your own. The following are sample values for the URL: jdbc:microsoft:sqlserver://server:1433;DatabaseName=DB jdbc:db2:database jdbc:informix-sqli://HOST:PORT/DB:INFORMIXSERVER=SERVER_NAME jdbc:odbc:DBjdbc:oracle:thin:@HOST:PORT:SIDjdbc:sybase:Tds:HOST:PORT For more information, see the JDBC documentation for the specific data source.
   User	User name with respect to the JDBC URL and driver.
   Password	Password with respect to the JDBC URL and driver.
   Connection Pool Properties
   Initial Pool Size *	Number of connections to place in the pool at startup.
   Maximum Number of Idle Connections *	Maximum number of idle connections to retain in the pool. 0 means no limit except what is enforced by the maximum number of connections in the pool.
   Maximum Number of Connections *	Maximum number of connections in the pool. 0 means no limit.
   Login Timeout	Time in seconds to wait for a pooled connection before throwing an exception. 0 means wait forever.
   Behavior When Exhausted	What to do when the pool reaches the maximum number of connections. Block means wait for a connection to become available for the period defined by the login timeout parameter. Fail means throw an exception immediately.
   Validation SQL	SQL statement that can be executed to validate the health of a pooled connection. The statement should return a result set of at least one row.
   Validate on Borrow	If set to true, the validation SQL statement will be executed on a pooled connection before returning the connection to the caller.
   Validate on Return	If set to true, the validation SQL statement will be executed on a pooled connection before replacing the connection in the pool.

4. Click Test to check for proper connections.

   If a connection cannot be made, an error message displays describing the problem. Typically, the driver has not been installed or the classpath has not been set.

5. Click Add to return to the Data Provider pane.

x

To add a JLINK data source:

1. In the left console pane of the Server menu, select Data Provider.
2. Beneath the JLINK section, click Add.

   The JLink pane displays.

   

3. In the Name field, type the name of a new server. In this example, type NEWSERV.
4. In the Description field, type a brief description for the new server. The default is JLINK Data Provider.
5. From the Type drop-down list, select a JLINK server type.

   The default is WebFOCUS Pro Server.

6. Type the required values for Host and Port.
7. Type the required values for User and Password.
8. From the Engine drop-down list, select a database engine.

   The default is 0 (EDA).

9. From the Encoding drop-down list, select a codepage.

   The default value is 137 (U.S. English).

10. To encrypt data that is transported over the wire (optional), select the Encryption check box.
11. In the Trace File field, type the path and name of the file for the trace output.
12. To set trace levels, select any number of the check boxes listed (optional).
13. Click Add.

x

The Services Provider pane enables you to define properties required to support iWay business services as Web Services.

To configure for a Web service:

1. In the left console pane of the Server menu, select Services Provider.

   The Services Provider pane opens, as shown in the following image.

   

2. From the Data Store Type drop-down list, select a repository you want to configure.

   The following are available:

   • Embedded Database (no data provider required)
   • File System (no data provider required)
   • IBM DB2
   • MaxDB
   • Microsoft SQL Server
   • Oracle
   • Sybase

   You must configure the tables before using the repository. For more information on configuring repository tables, see the iWay Installation and Configuration Guide.

   Note: iWay Service Manager is installed with an embedded HSQL repository, which is the default data store for information that is generated during design time and then published into a deployed runtime environment.

   For more information on the properties on this window, see the table in Services Provider Settings.

3. From the Data Provider Name drop-down list, select an available data provider.

   For more information on how to add a data provider, see How to Add a Data Provider.

4. Type new values or modify existing values.
5. Click Update.

x

The following table lists and describes the Services Provider settings.

Property	Type/Value	Description
Data Store Type	Choice	Acts as a metadata repository. The default value is Embedded Database. Select a database from the drop-down list: File System (not supported for production use), IBM DB2, MaxDB, Microsoft SQL Server, Oracle, and Sybase.
Data Provider Name	String	JDBC driver defined in the Data Provider pane. Select from the drop-down list, or click Add to define a new JDBC connection.
Connection Pooling	Boolean	When selected, turns on connection pooling for the JDBC driver.
Publishing Location	Directory	Directory where the WSDL files produced by the iWay Business Services Provider (iBSP) are stored. If the directory does not exist, select the check box to create the named directory.
Adapter Library	Directory	Directory where the iWay adapter JAR files are located. If the directory does not exist, select the check box to create the named directory.
Policy Based Security	Boolean	When selected, enforces iBSP security policy. For more information, see the iWay Business Services Provider User's Guide.

x

To add a data provider:

1. Click Add in the Data Provider Name section.

   The Data Provider - JDBC pane opens.

   

2. Enter a name for the JDBC data provider.
3. From the Driver Class drop-down list, select the JDBC class for the data provider.

   You can also manually enter the name.

4. From the Connection URL drop-down list, select the connection URL to use when creating a connection to the target database.

   You can also manually enter the URL.

5. Enter the user ID to access the repository database.
6. Enter the password to access the repository database.
7. Click Test.

   You should receive a response that says:

   The JDBC data provider test completed successfully.

   If you receive an error, troubleshoot accordingly. Ensure the driver is in the iWay60\lib directory. For more information, see the iWay Installation and Configuration Guide.

8. Click Update if the test is successful.

   You connection appears on the Data Provider pane. If you need to change its parameters, you can click the name of the connection.

   

   If you need to define both the target and source repositories, repeat this procedure to define another repository.

x

You can migrate repositories using the iWay Service Manager Administration Console. These repositories can be for iWay Service Manager, the older iWay Adapter Manager, Servlet iBSP, or iWay Connector for JCA. The structure of the repository has not changed.

Some of the things you can migrate include:

• Migrate the data in the default iWay SM HSQL database to another database repository.
• Migrate an older iWay Adapter Manager repository into the default iWay SM HSQL database.
• Migrate a Servlet iBSP or iWay Connector for JCA database repository.

Note: Monitoring tables are not migrated.

In this section:

• Source repository refers to the older existing repository you wish to migrate.
• Target repository refers to the new repository you wish to use.

Top of page

x

A directory is a set of information with similar attributes organized in a logical and hierarchical manner. The protocol accesses LDAP directories, regardless of the form of the directory itself. LDAP sees the directory in a standard manner.

• A directory is a tree of directory entries.
• An entry consists of a set of attributes.
• An attribute has a name (an attribute type or attribute description) and one or more values. The attributes are defined in a schema.
• Each entry has a unique identifier: its Distinguished Name (DN). This consists of its Relative Distinguished Name (RDN) constructed from some attribute(s) in the entry, followed by the parent entry's DN. Think of the DN as a full filename and the RDN as a relative filename in a folder.

A DN may change over the lifetime of the entry, for instance, when entries are moved within a tree. To reliably and unambiguously identify entries, a unique key (called a UUID) may be provided in the set of the entry's operational attributes.

iWay provides a simple access function to supply the value of a single LDAP attribute for use as a configuration parameter. The following function accesses the information in the directory:

_LDAP( filter, attribute, context [,providername])

For example: _LDAP("cn=John Doe",mail,'dc=example') might return the mailing address for John.

LDAP providers may also be used to hold certificates for security operations.

Top of page

x

A keystore is a database of key material. Key material is used for a variety of purposes, including authentication and data integrity. There are various types of keystores available, including "PKCS12" and Sun's "JKS." Some keystores can contain both encryption keys and security certificates. Formally, however, a keystore holds the private key for one or more PKI key pairs.

A truststore is a database of key material. It holds the public certificates of trusted partners for message exchange. Although it is possible to share a single file with the keystore, more formally a truststore and a keystore are separate entities.

A certificate store, also called a certstore, is a database of public key certificates and Certificate Revocation Lists. The CRL is required to stop the use of a certificate when it would otherwise be considered valid. A CRL is not needed to tell you a certificate is bad once its expiration date is reached. In fact, CRLs are usually cleaned of expired CRLs after one complete CRL revision period has elapsed. This means the expired CRL will continue to appear in at most one CRL after it expired.

If certificate revocation is turned on, you will need one CRL for each CA in the certificate chain you want to verify. If a CRL is missing, there is no way to know whether certificates issued by that Certificate AUthority are still valid. Therefore, all certificates issued by this CA will be considered revoked. A CRL that contains no certificates is acceptable. It belongs to a Certificate Authority that did not revoke any certificates.

x

CertStore providers define the directories from which certificates and CRLs can be loaded. A configured Directory Certstore provider can be used as a named provider in the components that support CRL checking for messages.

x

The following section describes LDAP certstore providers.

Top of page

Top of page

x

To define a keystore provider using the iWay Service Manager Administration Console:

1. In the left console pane of the Server menu, select Security Provider.

   The Security Provider pane opens.

   

2. Click New in the Keystores section.

   

   The Keystore Definition pane opens.

   

3. Enter the parameters for the keystore and make sure to select the appropriate values from the Keystore Type and the Keystore Provider drop-down lists that will correspond to your keystore configuration.
4. In the Callback Handler field, optionally enter the fully qualified name of a callback handler that will satisfy authentication callbacks for the keystore.

   The callback handler must satisfy the javax.security.auth.callback.CallbackHandler interface and be available in the classpath for iWay Service Manager.

5. Click Add.

   You are returned to the main Security Provider pane and the new keystore that was defined is added to the list.

   

6. To define multiple keystore providers, repeat this procedure.

   A defined keystore provider can be used as a named provider when configuring other iWay components (for example, listeners, services, emitters, and so on).

x

To define an SSL context provider using the iWay Service Manager Administration Console:

1. In the left console pane of the Server menu, select Security Provider.

   The Security Provider pane opens.

   

2. Click New in the SSL Contexts section.

   The SSL Context Provider pane opens.

   

3. Enter the appropriate values for the SSL context provider parameters.

   For more information, see Parameters for SSL Context Providers.

4. Click Add when you are finished.

   You are returned to the main Security Provider pane and the new SSL context provider that was defined is added to the list.

   

   Note: To activate any new security providers that have been configured, you must restart iWay Service Manager.

5. To define multiple SSL context providers, repeat this procedure.

   A defined SSL context provider can be used as a named provider when configuring IP-based components such as AS2 and HTTP.

x

The following table lists and describes all of the available parameters for SSL context providers.

Parameter	Description
Name	Name for the SSL context provider.
Description	Brief description of the use of this SSL context provider.
Keystore Provider	Specified security provider to be used as a keystore for this SSL context provider. Select the available keystore provider from the drop-down list.
Truststore Provider	Specified security provider to be used as a truststore for this SSL context provider. Select the available truststore provider from the drop-down list.
Security Protocol	Drop-down list options for the supported security protocol, which include: SSL - General SSL support SSLv2 - Supports SSL version 2 or higher SSLv3 - Supports SSL version 3 TLS - General TLS support TLSv1 - Supports TLS version 1
SSL Context Provider	JCA provider for SSL context. Select one of the following options from the drop-down list: NOT_SPECIFIED SunJSSE
Server Key Alias	Alias for the key to be used to identify secure servers using this SSL context. If not supplied, the key will be selected using JSSE default behavior.
Client Key Alias	Alias for the key to be used to identify secure clients using this SSL context. If not supplied, the key will be selected using JSSE default behavior.
Session Cache Size	The maximum number of SSL sessions that will be retained in the session cache.
Session Timeout	Maximum length of time (in seconds) that an SSL session can remain in the cache.
Enable Certificate Revocation	If set to True, use the CRLs from the CertStore to check whether the signer's certificate has been revoked.
JCE PKIX Trust Manager Provider	Defines the JCE provider to construct the PKIX Trust Manager. Select one of the following values from the drop-down list: NOT_SPECIFIED {NOT_SPECIFIED} SunJSSE {SunJSSE}
JCE Signature Provider	Defines the JCE provider used to verify the digital certificate signatures during the handshake. Select one of the following values from the drop-down list: NOT_SPECIFIED {NOT_SPECIFIED} SUN {SUN} SunRsaSign {SunRsaSign} SunJSSE {SunJSSE}
PKIX Certificate Store	The certificate store from which certificate revocation lists are loaded.
Enabled Cipher Suites	If supplied, only cipher suites on this list will be enabled for SSL sockets or SSL engines created using this provider. Make sure that enabled cipher suites are supported by other components that are specified. You can enter your values as comma-delimited list or use the FILE() function.
Hostname Verification	If set to True, client SSL connections using this provider will attempt to verify that the server's certificate matches its host name.

x

To define NHTTP and HttpClient providers:

1. In the left console pane of the Server menu, select Pooling Providers.

   The Pooling Providers pane opens.

   

2. Click New in the Defined HttpClient Providers section.

   The HttpClient Provider Settings pane opens.

   

3. Enter the appropriate values for the HttpClient Provider parameters.
4. Click Add when you are finished.

   You are returned to the main Pooling Providers pane and the new HttpClient Provider that was defined is added to the list.

5. To define multiple Pooling Providers, repeat this procedure.

x

The following table lists and describes all of the available parameters for HttpClient providers.

Parameter	Description
Name *	Name for the HttpClient provider.
Description	Brief description of the use of this HttpClient provider.
Maximum Connections Per Host *	Defines the maximum number of simultaneous connections allowed per host. When this threshold is reached, new connections will not be accepted until current connections are closed and the total number of connections is below the limit. Leave this field blank (default) or set a value of zero to have no maximum limit of connections.
Maximum Total Number of Connections *	Defines the maximum number of simultaneous connections that are allowed overall. When this threshold is reached, new connections will not be accepted until current connections are closed and the total number of connections is below the limit. Leave this field blank (default) or set a value of zero to have no maximum limit of connections.
Connection Timeout	Maximum length of time (in milliseconds) that a request will block while waiting for a connection to become available from the pool. The value 0 means there is no timeout.
Set TCP No Delay	If set to True, disables Nagle's Algorithm on the client socket. This will result in faster line turnaround at the expense of an increased number of packets.
Proxy	If set to True, emit through a proxy server.
Proxy User ID	User ID for the proxy challenges.
Proxy Password	Password to access the proxy server.
Proxy Domain	Domain for NTLM proxy authentication.
Proxy Host	Host where the proxy can be accessed.
Proxy Port	Port where the proxy can be accessed.
SSL Context Provider	Named iWay Security provider for SSL Context. Defaults to the value assigned to the SSL Context Provider.
IP Interface Host	Local IP Interface from which the outgoing IP socket originates.
Idle Timeout	Time in seconds that an unused connection can remain in the pool. If set to 0, connections will remain in the pool indefinitely.