Step 3. Deploying the HTTPS Tunnel Servlet (Sun Java System Message Queue 3.7 UR1 Administration Guide)

Sun Java System Message Queue 3.7 UR1 Administration Guide

Step 3. Deploying the HTTPS Tunnel Servlet

You can deploy the HTTP tunnel servlet as a Web archive (WAR) file on a Sun Java System Web Server or Sun Java System Application Server.

Deploying the HTTPS tunnel servlet as a .war file consists of using the deployment mechanism provided by the Web server/application server. The HTTPS tunnel servlet .war file (imqhttps.war) is located in a directory that depends on your operating system (see Appendix A, Platform-Specific Locations of Message Queue^TM Data).

You should make sure that encryption is activated for the Web server, enabling end-to-end secure communication between the client and broker.

Deploying as a Web Archive File

For deployment on a Sun Java System Web Server, see Deploying the HTTPS Tunnel Servlet on Sun Java System Web Server.

For deployment on a Sun Java System Application Server, see Deploying the HTTPS Tunnel Servlet on Sun Java System Application Server.

Deploying the HTTPS Tunnel Servlet on Sun Java System Web Server

This section describes how you deploy the HTTPS tunnel servlet as a .war file on the Sun Java System Web Server. You can verify successful HTTPS tunnel servlet deployment by accessing the servlet URL using a Web browser. It should display status information.

Before deploying the HTTPS tunnel servlet, make sure that JSSE .jar files are included in the Web server’s classpath. The simplest way to do this is to copy the files jsse.jar, jnet.jar, and jcert.jar to WebServer_TOPDIR/bin/https/jre/lib/ext .

To Deploy the https Tunnel Servlet as a .war File

In the browser-based administration GUI, select the Virtual Server Class tab. Click Manage Classes.

Select the appropriate virtual server class name (for example, defaultClass) and click the Manage button.

Select Manage Virtual Servers.

Select an appropriate virtual server name and click the Manage button.

Select the Web Applications tab.

Click on Deploy Web Application.

Select the appropriate values for the WAR File On and WAR File Path fields so as to point to the modified imqhttps.war file (see Step 2. Modifying the HTTP Tunnel Servlet .war File’s Descriptor File.)

Enter a path in the Application URI field.

The Application URI field value is the /contextRoot portion of the tunnel servlet URL:

https://hostName :portNumber / contextRoot/tunnel

For example, if you set the contextRoot to imq, the Application URI field would be:

/imq

Enter the installation directory path (typically somewhere under the Sun Java System Web Server installation root) where the servlet should be deployed.

Click OK.

Restart the Web server instance.

The servlet is now available at the following URL:
https://hostName:portNumber/imq/tunnel
Clients can now use this URL to connect to the message service using a secure HTTPS connection.

Disabling a Server Access Log

You do not have to disable the server access log, but you will obtain better performance if you do.

To Disable the Server Access Log

Select the Status tab.

Choose the Log Preferences Page.

Use the Log client accesses control to disable logging.

Deploying the HTTPS Tunnel Servlet on Sun Java System Application Server

This section describes how you deploy the HTTPS tunnel servlet as a .war file on the Sun Java System Application Server.

Two steps are required:

Deploy the HTTPS tunnel servlet using the Application Server deployment tool.
Modify the application server instance’s server.policy file.

Using the Deployment Tool

The following procedure shows how to deploy the HTTPS tunnel servlet in an Application Server environment.

To Deploy the HTTPS Tunnel Servlet in an Application Server Environment

In the Web-based administration GUI, choose

App Server > Instances > server1 > Applications > Web Applications

Click the Deploy button.

In the File Path: text field, enter the location of the HTTPS tunnel servlet .war file (imqhttps.war), and click OK.

The location of the imqhttps.war file depends on your operating system (see Appendix A, Platform-Specific Locations of Message Queue^TM Data).

Set the value for the Context Root text field, and click OK.

The Context Root field value is the /contextRoot portion of the tunnel servlet URL:

https://hostName :portNumber / contextRoot/tunnel

For example, you could set the Context Root field to:

/imq

The next screen shows that the tunnel servlet has been successfully deployed, is enabled by default, and in this case is located at:
/var/opt/SUNWappserver8/domains/domain1/server1/applications/ j2ee-modules/imqhttps_1
The servlet is now available at the following URL:
https://hostName:portNumber/ contextRoot/tunnel
Clients can now use this URL to connect to the message service using an HTTPS connection.

Modifying the server.policy file

Application Server enforces a set of default security policies that unless modified would prevent the HTTPS tunnel servlet from accepting connections from the Message Queue broker.

Each application server instance has a file that contains its security policies or rules. For example, the location of this file for the server1 instance on Solaris is:

/var/opt/SUNWappserver8/domains/domain1/server1/config/
server.policy

To make the tunnel servlet accept connections from the Message Queue broker, an additional entry is required in this file.

To Modify the Application Server’s server.policy File

Open the server.policy file.

Add the following entry:

grant codeBase
"file:/var/opt/SUNWappserver8/domains/domain1/server1/
                applications/j2ee-modules/imqhttps_1/-”
{
        permission java.net.SocketPermission "*",
                “connect,accept,resolve";
};