You can deploy the HTTP tunnel servlet as a Web archive (WAR) file on a Sun Java System Web Server or Sun Java System Application Server.
Deploying the HTTPS tunnel servlet as a .war file consists of using the deployment mechanism provided by the Web server/application server. The HTTPS tunnel servlet .war file (imqhttps.war) is located in a directory that depends on your operating system (see Appendix A, Platform-Specific Locations of Message QueueTM Data).
You should make sure that encryption is activated for the Web server, enabling end-to-end secure communication between the client and broker.
For deployment on a Sun Java System Web Server, see Deploying the HTTPS Tunnel Servlet on Sun Java System Web Server.
For deployment on a Sun Java System Application Server, see Deploying the HTTPS Tunnel Servlet on Sun Java System Application Server.
This section describes how you deploy the HTTPS tunnel servlet as a .war file on the Sun Java System Web Server. You can verify successful HTTPS tunnel servlet deployment by accessing the servlet URL using a Web browser. It should display status information.
Before deploying the HTTPS tunnel servlet, make sure that JSSE .jar files are included in the Web server’s classpath. The simplest way to do this is to copy the files jsse.jar, jnet.jar, and jcert.jar to WebServer_TOPDIR/bin/https/jre/lib/ext .
In the browser-based administration GUI, select the Virtual Server Class tab. Click Manage Classes.
Select the appropriate virtual server class name (for example, defaultClass) and click the Manage button.
Select Manage Virtual Servers.
Select an appropriate virtual server name and click the Manage button.
Select the Web Applications tab.
Click on Deploy Web Application.
Select the appropriate values for the WAR File On and WAR File Path fields so as to point to the modified imqhttps.war file (see Step 2. Modifying the HTTP Tunnel Servlet .war File’s Descriptor File.)
Enter a path in the Application URI field.
The Application URI field value is the /contextRoot portion of the tunnel servlet URL:
https://hostName :portNumber / contextRoot/tunnel
For example, if you set the contextRoot to imq, the Application URI field would be:
/imq
Enter the installation directory path (typically somewhere under the Sun Java System Web Server installation root) where the servlet should be deployed.
Click OK.
Restart the Web server instance.
The servlet is now available at the following URL:
https://hostName:portNumber/imq/tunnel |
Clients can now use this URL to connect to the message service using a secure HTTPS connection.
You do not have to disable the server access log, but you will obtain better performance if you do.
Select the Status tab.
Choose the Log Preferences Page.
Use the Log client accesses control to disable logging.
This section describes how you deploy the HTTPS tunnel servlet as a .war file on the Sun Java System Application Server.
Two steps are required:
Deploy the HTTPS tunnel servlet using the Application Server deployment tool.
Modify the application server instance’s server.policy file.
The following procedure shows how to deploy the HTTPS tunnel servlet in an Application Server environment.
In the Web-based administration GUI, choose
App Server > Instances > server1 > Applications > Web Applications
Click the Deploy button.
In the File Path: text field, enter the location of the HTTPS tunnel servlet .war file (imqhttps.war), and click OK.
The location of the imqhttps.war file depends on your operating system (see Appendix A, Platform-Specific Locations of Message QueueTM Data).
Set the value for the Context Root text field, and click OK.
The Context Root field value is the /contextRoot portion of the tunnel servlet URL:
https://hostName :portNumber / contextRoot/tunnel
For example, you could set the Context Root field to:
/imq
The next screen shows that the tunnel servlet has been successfully deployed, is enabled by default, and in this case is located at:
/var/opt/SUNWappserver8/domains/domain1/server1/applications/ j2ee-modules/imqhttps_1 |
The servlet is now available at the following URL:
https://hostName:portNumber/ contextRoot/tunnel |
Clients can now use this URL to connect to the message service using an HTTPS connection.
Application Server enforces a set of default security policies that unless modified would prevent the HTTPS tunnel servlet from accepting connections from the Message Queue broker.
Each application server instance has a file that contains its security policies or rules. For example, the location of this file for the server1 instance on Solaris is:
/var/opt/SUNWappserver8/domains/domain1/server1/config/ server.policy
To make the tunnel servlet accept connections from the Message Queue broker, an additional entry is required in this file.