Configuring Java CAPS Environment Components for Communications Adapters

Configuring HTTPS Adapter Environment Properties

Adapter External System properties must be configured from within the Environment. Until you have successfully configured all Adapters for your Java CAPS project, your project cannot be properly executed or deployed. The following list identifies the HTTPS Adapter properties. There are four Environment Configuration categories that the HTTPS Adapter implements.

Property Categories Configured in the Application Server Environment

HTTP Settings

HTTP Settings includes the configuration parameters listed in the following table.

Caution –

Calling the clear() method in the Collaboration Editor (Java) clears all properties in this HTTP Settings section. Once the properties have been cleared, you must manually rebuild the header and payload sections of the Request message in the Transformation Designer.

Table 60 Environment Configuration—HTTP Settings


Name	Description	Required Value
URL	Specifies the default URL to be used for establishing an HTTP or HTTPS connection. When a URL is not assigned to the HTTP OTD, the default value is used as the URL for both the `GET` and `POST` commands. See GET and POST Methods. If “https” protocol is specified, SSL must be enabled. See the SSL properties table.	A valid URL. You must include the full URL. For example, `http://www.sun.com` or `http://google.yahoo.com/bin/query` If using GET functionality, you can provide the properties, using encoded query string notation. For example (all on one line). `http://www.ee.cornell.edu/cgi-bin/cgiwrap/~wes/ pq?FirstName=John&LastName=Doe` Note – For international URLs, be sure the targeting URL supports the encoding used in this property. A list of the character encoding supported by the Java 2 platform is at the Sun Web site: `http://java.sun.com`
Content Type	The default Content type header value to include when sending a request to the server. If no value is specified, a default value of application/x-www-form-urlencoded is supplied by the Adapter. Note – A change of the configuration value will only alter the header value, and not the actual Content type. When necessary, you can undertake any conversion or transformation of data manually.	A valid string.
Encoding	The default encoding used when reading or writing textual data.	A valid entry. The default is ASCII.

Proxy Configuration

The properties in this section specify the information required for the Adapter to access the external systems through a proxy server.

Use the Proxy Configuration settings in the client HTTPS Environment properties, when setting the desired URL dynamically within a Collaboration (Java) or Business Process.

Note –

It is a known behavior of the Java Virtual Machine (JVM) to bypass an invalid proxy server through a local connection. As a result, you may still get a response, even if the proxy setting is invalid. This false response only happens with an HTTP connection. An HTTPS connection ensures authenticated handshaking from the proxy.

The HTTPS Adapter client bypasses the proxy server when accessing local addresses. This contrasts a web browser’s behavior where all requests are sent to a proxy even if they are local.

Proxy Configuration includes the configuration parameters listed in the following table.

Table 61 Environment Configuration—Proxy Configuration


Name	Description	Required Value
Proxy Host	Specifies the host name of the HTTP proxy. This specifies the HTTPS proxy host to which requests to an HTTP server or reception of data from an HTTP server may be delegated to a proxy. This sets the proxy port for secured HTTP connections.	A valid HTTPS proxy host name.
Proxy Port	Specifies the port of the HTTPS proxy. This specifies the HTTPS proxy port to which requests to an HTTP server or reception of data from an HTTP server may be delegated to a proxy. This sets the proxy port for secured HTTP connections.	A valid HTTPS proxy port. The default is 8080.
Proxy Username	Specifies the user name necessary for authentication to access the proxy server.	A valid user name. Note – The user name is required by URLs that require HTTP basic authentication to access the site. Be sure to enter a value for this property before you enter a value for the Proxy password properties.
Proxy Password	Specifies the password required for accessing the HTTPS proxy.	The appropriate password. Note – Be sure to enter a value for the Proxy username properties before entering this property.

An additional task to properly configure the Proxy properties is to edit the PropertyPermission utility of the server.policy file in the application server:

To Edit the Property Permission Utility of the server.policy File

Navigate to
c:\JavaCAPS\appserver\is\lib\install\templates\
where, c:\JavaCAPS is the location of your installation.

Add the following syntax to the server.policy file:

permission java.util.PropertyPermission “*”, “read,write”;

For the permission changes to take place, you need to create a new domain.

See Creating and Starting the Domain to create a new domain.

Security

The Environment Configuration Security properties are used to perform HTTP authentication and SSL connections. They include the following configuration sections:

Table 62.
Table 63.

Authentication

Details for the Authentication settings used for HTTP authentication are detailed in the following table.

Table 62 Environment Configuration — Security, Authentication


Name	Description	Required Value
HTTP Username	Specifies the user name for authenticating the web site specified by the URL.	A valid user name. Note – Enter a value for this property before you enter a value for the HTTP password properties.
HTTP Password	Specifies the password used for authenticating the web site specified by the URL.	A valid password. Note – Be sure to enter a value for the HTTP username properties before entering this property.

SSL

Details for the SSL settings used for SSL connections are detailed in the following table.

Table 63 Environment Configuration — Security, SSL

Name

Description

Required Value

Protocol SSL

The SSL protocol to use when establishing an SSL connection with the server. If the protocol is not set by this method, the default protocol type, TLS (Sun JSSE), is used. If an SSL connection is not required, leave the default No SSL option.

If you are using the default Sun JSSE provider, choose one of the following settings:

TLSv1
TLS
SSLv2
SSLv3
SSL

If you are running the Sun Integration Server on AIX, choose or enter one of the following settings:

SSL-TLS
TLSv1
TLS
SSLv3
SSLv2
SSL

For details on these settings, see the appropriate JSSE documentation.

JSSE Provider Class

Specifies the fully qualified name of the JSSE provider class. For more information, see the Sun Java Web site at:

http://java.sun.com.

It is assumed that the provider class is in the runtime classpath.

The name of a valid JSSE provider class. The default is

com.sun.net.ssl.internal.ssl.Provider

If you are running the Sun Integration Server on AIX, specify

com.ibm.jsse.IBMJSSEProvider

X509 Algorithm Name

Specifies the X509 algorithm name to use for the trust and key manager factories.

The name of a valid X509 algorithm.

The default is SunX509. If you are running the Sun Integration Server on AIX, specify IbmX509.

KeyStore Type

Specifies the default KeyStore type. The keystore type is used for key/certificate management when establishing an SSL connection. If the default KeyStore type is not set by this method, the default KeyStore type, JKS, is used.

KeyStore

Specifies the default KeyStore file. The keystore is used for key/certificate management when establishing SSL connections.

A valid package location. There is no default value. It is recommended to use

<c:\JavaCAPS>\appserver\is\
domains<MyDomain>\config\
keystore.jks

where,

c:\JavaCAPS is the directory where the Sun Java Composite Application Platform Suite is installed and MyDomain is the name of your domain.

KeyStore Username

The username for accessing the keystore used for key/certificate management when establishing SSL connections.

Note –

If the keystore type is PKCS12 or JKS, the keystore username properties is not used. PKCS12 and JKS keystore types require passwords for access but do not require user names. If you enter a value for this property, it is ignored for PKCS12 and JKS.

KeyStore Password

Specifies the default KeyStore password. The password is used to access the KeyStore used for key/certificate management when establishing SSL connections; there is no default.

TrustStore Type

The TrustStore type of the TrustStore used for CA certificate management when establishing SSL connections. If the TrustStore type is not set by this method, the default TrustStore type, JKS, is used.

A valid TrustStore type.

TrustStore

Specifies the default TrustStore. The TrustStore is used for CA certificate management when establishing SSL connections.

A valid TrustStore name. There is no default value. It is recommended to use

 <c:\JavaCAPS>\appserver\is
\domains<MyDomain>\config\
cacerts.jks

where,

c:\JavaCAPSis the directory where the Sun Java Composite Application Platform Suite is installed and MyDomain is the name of your domain.

TrustStore Password

Specifies the default TrustStore password. The password is for accessing the TrustStore used for CA certificate management when establishing SSL connections.

A valid TrustStore password. There is no default value.

Additional SSL Section Notes

Following are additional notes related to the properties in the SSL section.

Verify Hostname

Description

Determines whether the host name verification is done on the server certificate during the SSL handshake.

You can use this property to enforce strict checking of the server host name in the request URL and the host name in the received server certificate.

Required Values.
Select True or False.

The default is False.

Additional information

Under some circumstances, you can get different Java exceptions, depending on whether you set this property to True or False. This section explains what causes these exceptions.

For example, suppose the host name in the URL is localhost, and the host name in the server certificate is localhost.stc.com. Then, the following conditions apply:

If Verify hostname is set to False:

Host name checking between the requested URL and the server certificate is turned off.

You can use an incomplete domain host name, for example, https://localhost:444, or a complete domain host name, for example, https://localhost.stc.com:444, and get a positive response in each case.
If Verify hostname is set to True:

Host name checking between the requested URL and the server certificate is turned on.

Note –
If you use an incomplete domain host name, for example, https://localhost:444, you can get the exception java.io.IOException: HTTPS hostname wrong.

You must use a complete domain host name, for example, https://localhost.stc.com:444.

Connection Pool Settings

Connection Pool Settings include the configuration parameters listed in the following table.

Table 64 Environment Configuration — Connection Pool Settings


Name	Description	Required Value
Steady Pool Size	Specifies the minimum number of physical connections the pool should keep available at all times. 0 (zero) indicates that there should be no physical connections in the pool and the new connections should be created as needed.	A valid numeric value. The default is 1.
Maximum Pool Size	Specifies the maximum number of physical connections the pool should keep available at all times. 0 (zero) indicates that there is no maximum.	A valid numeric value. The default is 10.
Maximum Idle Timeout	Specifies the number of seconds that a physical connection may remain unused before it is closed. 0 (zero) indicates that there is no limit.	A valid numeric value. The default is 300.