Deploying the HTTPS Tunnel Servlet on Sun Java System Application Server (Sun Java System Message Queue 3.7 UR1 Administration Guide)

Sun Java System Message Queue 3.7 UR1 Administration Guide

Deploying the HTTPS Tunnel Servlet on Sun Java System Application Server

This section describes how you deploy the HTTPS tunnel servlet as a .war file on the Sun Java System Application Server.

Two steps are required:

Deploy the HTTPS tunnel servlet using the Application Server deployment tool.
Modify the application server instance’s server.policy file.

Using the Deployment Tool

The following procedure shows how to deploy the HTTPS tunnel servlet in an Application Server environment.

To Deploy the HTTPS Tunnel Servlet in an Application Server Environment

In the Web-based administration GUI, choose

App Server > Instances > server1 > Applications > Web Applications

Click the Deploy button.

In the File Path: text field, enter the location of the HTTPS tunnel servlet .war file (imqhttps.war), and click OK.

The location of the imqhttps.war file depends on your operating system (see Appendix A, Platform-Specific Locations of Message Queue^TM Data).

Set the value for the Context Root text field, and click OK.

The Context Root field value is the /contextRoot portion of the tunnel servlet URL:

https://hostName :portNumber / contextRoot/tunnel

For example, you could set the Context Root field to:

/imq

The next screen shows that the tunnel servlet has been successfully deployed, is enabled by default, and in this case is located at:
/var/opt/SUNWappserver8/domains/domain1/server1/applications/ j2ee-modules/imqhttps_1
The servlet is now available at the following URL:
https://hostName:portNumber/ contextRoot/tunnel
Clients can now use this URL to connect to the message service using an HTTPS connection.

Modifying the server.policy file

Application Server enforces a set of default security policies that unless modified would prevent the HTTPS tunnel servlet from accepting connections from the Message Queue broker.

Each application server instance has a file that contains its security policies or rules. For example, the location of this file for the server1 instance on Solaris is:

/var/opt/SUNWappserver8/domains/domain1/server1/config/
server.policy

To make the tunnel servlet accept connections from the Message Queue broker, an additional entry is required in this file.

To Modify the Application Server’s server.policy File

Open the server.policy file.

Add the following entry:

grant codeBase
"file:/var/opt/SUNWappserver8/domains/domain1/server1/
                applications/j2ee-modules/imqhttps_1/-”
{
        permission java.net.SocketPermission "*",
                “connect,accept,resolve";
};