141 lines
9.6 KiB
HTML
141 lines
9.6 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="concept" />
|
|
<meta name="DC.Title" content="Configure data-retrieval connections to the local system and managed secondary systems" />
|
|
<meta name="abstract" content="Any time iSeries Navigator tasks on the Web retrieves data from OS/400, either on the local iSeries or any managed secondary systems, the IBM Toolbox for Java is used to create a socket connection for data retrieval." />
|
|
<meta name="description" content="Any time iSeries Navigator tasks on the Web retrieves data from OS/400, either on the local iSeries or any managed secondary systems, the IBM Toolbox for Java is used to create a socket connection for data retrieval." />
|
|
<meta name="DC.Relation" scheme="URI" content="rzatgsecurity.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="../rzahh/ssljsse.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2004, 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2004, 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="rzatgsecuritytoolbox" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Configure data-retrieval connections to the local system and managed
|
|
secondary systems</title>
|
|
</head>
|
|
<body id="rzatgsecuritytoolbox"><a name="rzatgsecuritytoolbox"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Configure data-retrieval connections to the local system and managed
|
|
secondary systems</h1>
|
|
<div><p>Any time iSeries™ Navigator tasks on the Web retrieves data
|
|
from OS/400<sup>®</sup>,
|
|
either on the local iSeries or any managed secondary systems, the IBM<sup>®</sup> Toolbox
|
|
for Java™ is
|
|
used to create a socket connection for data retrieval.</p>
|
|
<p>These types of connections are always established between the iSeries Navigator
|
|
tasks on the Web application and OS/400 on the local iSeries. They
|
|
will also be established to any managed secondary systems. If the local system
|
|
running the iSeries Navigator
|
|
tasks on the Web interface is not behind a firewall, or if any managed secondary
|
|
systems you want to access are not behind a firewall, you should configure
|
|
and use SSL for the Java Toolbox socket connections. Also, ensure
|
|
that iSeries Navigator
|
|
Tasks on the Web is configured with the desired behavior for creating and
|
|
using SSL or non-secure IBM Toolbox for Java connections.</p>
|
|
<p>iSeries Navigator
|
|
tasks on the Web works with the IBM Toolbox for Java to establish connections for communicating
|
|
between OS/400 and
|
|
the iSeries Navigator
|
|
tasks on the Web interface. These connections are used to access data on the
|
|
local iSeries,
|
|
as well as any managed secondary systems. If your iSeries running the iSeries Navigator
|
|
tasks on the Web interface or any of your managed secondary systems are not
|
|
behind a firewall or on an isolated network, you should use SSL for your IBM Toolbox
|
|
for Java connections.
|
|
To use SSL for data-access connections, you will need to Configure the Java Toolbox
|
|
to establish a secure socket connection.</p>
|
|
<div class="section"><h4 class="sectiontitle">Configure how iSeries Navigator tasks on the Web uses
|
|
SSL connections with the IBM Toolbox for Java</h4><p>iSeries Navigator tasks on the Web gives
|
|
you the ability to require SSL connections for communicating between the iSeries Navigator
|
|
tasks on the Web interface and OS/400, to attempt to use SSL if possible,
|
|
to not use SSL, and to warn users if SSL is not used. The configuration of
|
|
your network will determine which setting is right for you. These connections
|
|
are only used to send data between the iSeries Navigator tasks on the Web application
|
|
and OS/400 on
|
|
the local and any managed secondary systems. If your local iSeries and
|
|
any managed secondary iSeries systems are behind a firewall, you may choose
|
|
to not use SSL connections. If you are in a mixed environment with some managed
|
|
secondary systems behind a firewall and some not, you may want to attempt
|
|
SSL connections if possible. If you want iSeries Navigator tasks on the Web to
|
|
do something other than always attempt to make SSL connections and warn users
|
|
if SSL connections are not used, you need to modify the <span class="uicontrol">SocketConnectionSSL</span> parameter
|
|
in the following file:</p>
|
|
<p><span class="uicontrol">\QIBM\UserData\WebASE\ASE5\SYSINST\config\cells\LOCAL\applications<br />
|
|
\iSeriesNavigatorforWeb.ear\deployments\iSeriesNavigatorforWeb<br />
|
|
\iSeriesNavigator.war\WEB-INF\web.xml</span></p>
|
|
<p>Open <span class="uicontrol">web.xml</span>,
|
|
and change the contents inside the <span class="uicontrol"><param-value></span> tags
|
|
to modify how SSL is used:</p>
|
|
<pre> <!-- =============================================== -->
|
|
<!-- Socket Connection SSL Configuration pparameter -->
|
|
<!-- Indicates whether SSL should be used, must -->
|
|
<!-- be used, or will not be used for the socket -->
|
|
<!-- connections used to retrieve data from the -->
|
|
<!-- target iSeries system for an iSeries Navigator -->
|
|
<!-- Task. -->
|
|
<!-- possible values: -->
|
|
<!-- warning, required, attemptbutnotrequired, notused. -->
|
|
<!-- =============================================== -->
|
|
<init-param>
|
|
<param-name>SocketConnectionSSL</param-name>
|
|
<span class="uicontrol"><param-value>warning</param-value></span>
|
|
<description>Whether SSL socket connections with the target iSeries are required.</description>
|
|
</init-param></pre>
|
|
<p>If you make changes to <span class="uicontrol">web.xml</span>,
|
|
you need to end and restart the WebSphere<sup>®</sup> system instance in order
|
|
for your changes to take effect. Use the following values to change how SSL
|
|
is used in the above code example:</p>
|
|
<dl><dt class="dlterm">warning:</dt>
|
|
<dd>This is the default setting. When <span class="uicontrol">SocketConnectionSSL</span> is
|
|
set to <span class="uicontrol">warning</span>, iSeries Navigator tasks on the Web uses
|
|
the Java Toolbox
|
|
to establish a secure socket connection. If a secure connection is established,
|
|
no warning message displays. If a secure connection cannot be made, a warning
|
|
message will appear for several seconds, but it will still allow the user
|
|
to connect. This setting will display one warning per session per managed
|
|
system that a user connects to. A user must log out and log back in to see
|
|
the warning message again.</dd>
|
|
<dt class="dlterm">required:</dt>
|
|
<dd>When <span class="uicontrol">SocketConnectionSSL</span> is set to <span class="uicontrol">required</span>, iSeries Navigator
|
|
tasks on the Web uses the Java Toolbox to establish a secure socket
|
|
connection. If a secure connection is established, no warning message displays.
|
|
If a secure connection cannot be made, an error message will appear and the
|
|
connection will be denied. The user will not be allowed to continue with the
|
|
requested task.</dd>
|
|
<dt class="dlterm">attemptbutnotrequired:</dt>
|
|
<dd>When <span class="uicontrol">SocketConnectionSSL</span> is set to <span class="uicontrol">attemptbutnotrequired</span>,
|
|
no warning message will be displayed, but iSeries Navigator tasks on the Web will
|
|
still attempt to establish a secure socket connection using the IBM Toolbox for Java.
|
|
If a secure connection cannot be established, a non-secure connection will
|
|
be made.</dd>
|
|
<dt class="dlterm">notrequired:</dt>
|
|
<dd>When <span class="uicontrol">SocketConnectionSSL</span> is set to <span class="uicontrol">notrequired</span>,
|
|
a secure connection is not required and iSeries Navigator tasks on the Web will <span class="uicontrol">not</span> attempt
|
|
to establish a secure socket connection using the IBM Toolbox for Java. A non-secure connection will be made.</dd>
|
|
</dl>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzatgsecurity.htm" title="If you are accessing the iSeries Navigator tasks on the Web interface over an external network, such as the Internet, it is recommended that you connect using a secure HTTP connection. Additionally, if the server hosting the iSeries Navigator Tasks on the Web interface resides outside of a firewall, or if you are managing a secondary system outside of a firewall, it is recommended that you also configure the IBM Toolbox for Java to establish secure socket connections for data access.">Configure security for iSeries Navigator tasks on the Web</a></div>
|
|
</div>
|
|
<div class="reltasks"><strong>Related tasks</strong><br />
|
|
<div><a href="../rzahh/ssljsse.htm">Configure the JavaToolbox to establish a secure socket connection</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |