Sun Java System Message Queue 3.7 UR1 Administration Guide

Step 3. Deploying the HTTPS Tunnel Servlet

You can deploy the HTTP tunnel servlet as a Web archive (WAR) file on a Sun Java System Web Server or Sun Java System Application Server.

Deploying the HTTPS tunnel servlet as a .war file consists of using the deployment mechanism provided by the Web server/application server. The HTTPS tunnel servlet .war file (imqhttps.war) is located in a directory that depends on your operating system (see Appendix A, Platform-Specific Locations of Message QueueTM Data).

You should make sure that encryption is activated for the Web server, enabling end-to-end secure communication between the client and broker.

Deploying as a Web Archive File

For deployment on a Sun Java System Web Server, see Deploying the HTTPS Tunnel Servlet on Sun Java System Web Server.

For deployment on a Sun Java System Application Server, see Deploying the HTTPS Tunnel Servlet on Sun Java System Application Server.

Deploying the HTTPS Tunnel Servlet on Sun Java System Web Server

This section describes how you deploy the HTTPS tunnel servlet as a .war file on the Sun Java System Web Server. You can verify successful HTTPS tunnel servlet deployment by accessing the servlet URL using a Web browser. It should display status information.

Before deploying the HTTPS tunnel servlet, make sure that JSSE .jar files are included in the Web server’s classpath. The simplest way to do this is to copy the files jsse.jar, jnet.jar, and jcert.jar to WebServer_TOPDIR/bin/https/jre/lib/ext .

ProcedureTo Deploy the https Tunnel Servlet as a .war File

  1. In the browser-based administration GUI, select the Virtual Server Class tab. Click Manage Classes.

  2. Select the appropriate virtual server class name (for example, defaultClass) and click the Manage button.

  3. Select Manage Virtual Servers.

  4. Select an appropriate virtual server name and click the Manage button.

  5. Select the Web Applications tab.

  6. Click on Deploy Web Application.

  7. Select the appropriate values for the WAR File On and WAR File Path fields so as to point to the modified imqhttps.war file (see Step 2. Modifying the HTTP Tunnel Servlet .war File’s Descriptor File.)

  8. Enter a path in the Application URI field.

    The Application URI field value is the /contextRoot portion of the tunnel servlet URL:

    https://hostName :portNumber / contextRoot/tunnel

    For example, if you set the contextRoot to imq, the Application URI field would be:

    /imq

  9. Enter the installation directory path (typically somewhere under the Sun Java System Web Server installation root) where the servlet should be deployed.

  10. Click OK.

  11. Restart the Web server instance.

    The servlet is now available at the following URL:


    https://hostName:portNumber/imq/tunnel

    Clients can now use this URL to connect to the message service using a secure HTTPS connection.

Disabling a Server Access Log

You do not have to disable the server access log, but you will obtain better performance if you do.

ProcedureTo Disable the Server Access Log

  1. Select the Status tab.

  2. Choose the Log Preferences Page.

    Use the Log client accesses control to disable logging.

Deploying the HTTPS Tunnel Servlet on Sun Java System Application Server

This section describes how you deploy the HTTPS tunnel servlet as a .war file on the Sun Java System Application Server.

Two steps are required:

Using the Deployment Tool

The following procedure shows how to deploy the HTTPS tunnel servlet in an Application Server environment.

ProcedureTo Deploy the HTTPS Tunnel Servlet in an Application Server Environment

  1. In the Web-based administration GUI, choose

    App Server > Instances > server1 > Applications > Web Applications

  2. Click the Deploy button.

  3. In the File Path: text field, enter the location of the HTTPS tunnel servlet .war file (imqhttps.war), and click OK.

    The location of the imqhttps.war file depends on your operating system (see Appendix A, Platform-Specific Locations of Message QueueTM Data).

  4. Set the value for the Context Root text field, and click OK.

    The Context Root field value is the /contextRoot portion of the tunnel servlet URL:

    https://hostName :portNumber / contextRoot/tunnel

    For example, you could set the Context Root field to:

    /imq

    The next screen shows that the tunnel servlet has been successfully deployed, is enabled by default, and in this case is located at:


    /var/opt/SUNWappserver8/domains/domain1/server1/applications/
    j2ee-modules/imqhttps_1

    The servlet is now available at the following URL:


    https://hostName:portNumber/
    contextRoot/tunnel

    Clients can now use this URL to connect to the message service using an HTTPS connection.

Modifying the server.policy file

Application Server enforces a set of default security policies that unless modified would prevent the HTTPS tunnel servlet from accepting connections from the Message Queue broker.

Each application server instance has a file that contains its security policies or rules. For example, the location of this file for the server1 instance on Solaris is:

/var/opt/SUNWappserver8/domains/domain1/server1/config/
server.policy

To make the tunnel servlet accept connections from the Message Queue broker, an additional entry is required in this file.

ProcedureTo Modify the Application Server’s server.policy File

  1. Open the server.policy file.

  2. Add the following entry:


    grant codeBase
    "file:/var/opt/SUNWappserver8/domains/domain1/server1/
                    applications/j2ee-modules/imqhttps_1/-”
    {
            permission java.net.SocketPermission "*",
                    “connect,accept,resolve";
    };