Configure data-retrieval connections to the local system and managed secondary systems

Any time iSeries™ Navigator tasks on the Web retrieves data from OS/400^®, either on the local iSeries or any managed secondary systems, the IBM^® Toolbox for Java™ is used to create a socket connection for data retrieval.

These types of connections are always established between the iSeries Navigator tasks on the Web application and OS/400 on the local iSeries. They will also be established to any managed secondary systems. If the local system running the iSeries Navigator tasks on the Web interface is not behind a firewall, or if any managed secondary systems you want to access are not behind a firewall, you should configure and use SSL for the Java Toolbox socket connections. Also, ensure that iSeries Navigator Tasks on the Web is configured with the desired behavior for creating and using SSL or non-secure IBM Toolbox for Java connections.

iSeries Navigator tasks on the Web works with the IBM Toolbox for Java to establish connections for communicating between OS/400 and the iSeries Navigator tasks on the Web interface. These connections are used to access data on the local iSeries, as well as any managed secondary systems. If your iSeries running the iSeries Navigator tasks on the Web interface or any of your managed secondary systems are not behind a firewall or on an isolated network, you should use SSL for your IBM Toolbox for Java connections. To use SSL for data-access connections, you will need to Configure the Java Toolbox to establish a secure socket connection.

Configure how iSeries Navigator tasks on the Web uses SSL connections with the IBM Toolbox for Java

iSeries Navigator tasks on the Web gives you the ability to require SSL connections for communicating between the iSeries Navigator tasks on the Web interface and OS/400, to attempt to use SSL if possible, to not use SSL, and to warn users if SSL is not used. The configuration of your network will determine which setting is right for you. These connections are only used to send data between the iSeries Navigator tasks on the Web application and OS/400 on the local and any managed secondary systems. If your local iSeries and any managed secondary iSeries systems are behind a firewall, you may choose to not use SSL connections. If you are in a mixed environment with some managed secondary systems behind a firewall and some not, you may want to attempt SSL connections if possible. If you want iSeries Navigator tasks on the Web to do something other than always attempt to make SSL connections and warn users if SSL connections are not used, you need to modify the SocketConnectionSSL parameter in the following file:

\QIBM\UserData\WebASE\ASE5\SYSINST\config\cells\LOCAL\applications
\iSeriesNavigatorforWeb.ear\deployments\iSeriesNavigatorforWeb
\iSeriesNavigator.war\WEB-INF\web.xml

Open web.xml, and change the contents inside the <param-value> tags to modify how SSL is used:

        <!-- =============================================== -->
        <!-- Socket Connection SSL Configuration pparameter  -->
        <!-- Indicates whether SSL should be used, must      -->
        <!-- be used, or will not be used for the socket     -->
        <!-- connections used to retrieve data from the      -->
        <!-- target iSeries system for an iSeries Navigator  -->
        <!-- Task.                                           -->
        <!-- possible values:                                -->
        <!--    warning, required, attemptbutnotrequired, notused.     -->
        <!-- =============================================== -->
        <init-param>
          <param-name>SocketConnectionSSL</param-name>          
          <param-value>warning</param-value>
          <description>Whether SSL socket connections with the target iSeries are required.</description>
        </init-param>

If you make changes to web.xml, you need to end and restart the WebSphere^® system instance in order for your changes to take effect. Use the following values to change how SSL is used in the above code example:

warning:: This is the default setting. When SocketConnectionSSL is set to warning, iSeries Navigator tasks on the Web uses the Java Toolbox to establish a secure socket connection. If a secure connection is established, no warning message displays. If a secure connection cannot be made, a warning message will appear for several seconds, but it will still allow the user to connect. This setting will display one warning per session per managed system that a user connects to. A user must log out and log back in to see the warning message again.
required:: When SocketConnectionSSL is set to required, iSeries Navigator tasks on the Web uses the Java Toolbox to establish a secure socket connection. If a secure connection is established, no warning message displays. If a secure connection cannot be made, an error message will appear and the connection will be denied. The user will not be allowed to continue with the requested task.
attemptbutnotrequired:: When SocketConnectionSSL is set to attemptbutnotrequired, no warning message will be displayed, but iSeries Navigator tasks on the Web will still attempt to establish a secure socket connection using the IBM Toolbox for Java. If a secure connection cannot be established, a non-secure connection will be made.
notrequired:: When SocketConnectionSSL is set to notrequired, a secure connection is not required and iSeries Navigator tasks on the Web will not attempt to establish a secure socket connection using the IBM Toolbox for Java. A non-secure connection will be made.