Sun GlassFish Web Space Server 10.0 Secure Web Access Add-On Guide

Assumptions

The following assumptions are made for this case study:

Sample page 1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0053)http://abc.siroe.com/mailclient/destin/?Cmd=navbar -->
<HTML XMLNS:WM><HEAD>
<META http-equiv=Content-Type content="text/html; CHARSET=utf-8">
<META http-equiv=Pragma content=no-cache>
<META http-equiv=Expires content=0><!--Copyright (c) 2000 Microsoft Corporation.
All rights reserved.--><!--CURRENT FILE== "IE5" "WIN32" navbar -->
<STYLE>WM\\:DROPMENU {
BEHAVIOR: url(http://abc.siroe.com/mailweb/controls/dropmenu.htc)
}
</STYLE>
<LINK href="destin_files/navbar.css" type=text/css rel=stylesheet>
<SCRIPT language=javascript>
var g_szUserBase= "http://abc.siroe.com/mailclient/destin"+"/";
var g_szFolder= ".";
var g_szVirtualRoot= "http://abc.siroe.com/mailweb";
var g_szImagePath= g_szVirtualRoot + "/img/";
</SCRIPT>
<SCRIPT src="/destin_files/navbar.js"></SCRIPT>
<META content="MSHTML 6.00.2600.0" name=GENERATOR></HEAD>
<BODY oncontextmenu=return(event.ctrlKey); onselectstart=return(false);
id=outbar_mainbody style="BACKGROUND-COLOR: appworkspace" leftMargin=0
topMargin=0 scroll=no>
<TABLE class=nbTableMain id=nbTableMain style="HEIGHT: 100%" cellSpacing=0
cols=1 cellPadding=0 rows="2">
<TBODY>
<TR>
<TD class=treeBrand>
<DIV class=treeOFLOW><IMG
style="PADDING-RIGHT: 0px; PADDING-LEFT: 0px; PADDING-BOTTOM: 0px; PADDING-TOP: 0px"
src="/destin_files/logo-ie5.gif" border=0></DIV></TD></TR>
<TR height="100%">
<TD>
<TABLE class=nbTable cellSpacing=0 cols=1 cellPadding=0 rows="4">
<TBODY>
<TR>
<TD class=nbFlybar id=show_navbar onkeydown=flybar_keydown()
onclick=ToggleTab(this.id) tabIndex=0 noWrap>
<DIV class=treeOFLOW>Shortcuts</DIV></TD></TR>
<TR style="HEIGHT: 100%">
<TD id=idOutbarpane style="TEXT-ALIGN: center" vAlign=top><A
id=inbox
href="http://abc.siroe.com/mailclient/destin/Inbox/?Cmd=contents&amp;Page=1"
target=viewer alt="Go to inbox"><IMG class=nbImage alt="Go to inbox"
src="destin_files/navbar-inbox.gif"></A>
<DIV class=nbLabel>Inbox</DIV><BR><A id=calendar
href="http://abc.siroe.com/mailclient/destin/Calendar/?Cmd=contents"
target=viewer alt="Go to calendar"><IMG class=nbImage
alt="Go to calendar" src="destin_files/navbar-calendar.gif"></A>
<DIV class=nbLabel>Calendar</DIV><BR><A id=contacts
            href="http://abc.siroe.com/mailclient/destin/Contacts/?Cmd=contents"
target=viewer alt="Go to contacts"><IMG class=nbImage
alt="Go to contacts" src="destin_files/navbar-contacts.gif"></A>
<DIV class=nbLabel>Contacts</DIV><BR><A id=options
href="http://abc.siroe.com/mailclient/destin/?Cmd=options"
target=viewer alt="Go to options"><IMG class=nbImage
alt="Go to options" src="destin_files/navbar-options.gif"></A>
<DIV class=nbLabel>Options</DIV></TD></TR>
<TR style="HEIGHT: 1.5em">
<TD class=nbFlybar id=show_folders onkeydown=flybar_keydown()
onclick=ToggleTab(this.id) tabIndex=0 noWrap>
<DIV class=treeOFLOW>Folders</DIV></TD></TR>
<TR>
<TD class=nbTreeProgress id=treeProgress style="DISPLAY: none"
vAlign=top noWrap><SPAN id=idLoading
style="OVERFLOW: hidden">Loading...</SPAN>
</TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE>
</BODY></HTML>

Description

Description shows the mapping between the sample ruleset and the case study.

Table 4–3 Mapping Between Sample Ruleset and Case Study

Page Content 

Rule Applied 

Rewriter Output 

Description 

var g_szVirtualRoot=
"http://abc.siroe.com/mailweb";

<Variable name="URL"> g_szVirtualRoot </Variable> 

var g_szVirtualRoot= 
"http://gateway.sesta.com
/http://abc.siroe.com/mailweb";

g_szVirtualRoot is a variable whose value is a simple URL.

This rule tells Rewriter to search for a variable g_szVirtualRoot of type URL. If such a variable exists in the web page, Rewriter converts this to an absolute URL, and prefixes the Gateway URL.

src="/destin_files/
logo-ie5.gif"

<Attribute name="src" /> 

src="http://gateway.sesta.com/
http://abc.siroe.com/
destin_files/logo-ie5.gif

src is the name of an attribute, and does not have any tag or valuePattern attached to it. 

This rule tells Rewriter to search for all attributes with the name src, and rewrite the value of that attribute.

href="http://abc.siroe.com

/mailclient/destin/Inbox/
?Cmd=contents&amp;Page=1"

<Attribute name="href"/>

href="http://gateway.sesta.com/
http://abc.siroe.com
/mailclient/destin/
Inbox/?Cmd=contents&amp;Page=1"

href is the name of an attribute, and does not have any tag or valuePattern attached to it. 

This rule tells Rewriter to search for all attributes with the name href, and rewrite the value of that attribute.


Note –

The order of priority for applying the ruleset is hostname-subdomain-domain.

For example, assume that you have the following entries in the Domain-based rulesets list:

sesta.com|ruleset1
eng.sesta.com|ruleset2
host1.eng.sesta.com|ruleset3

ruleset3 is applied for all pages on host1.

ruleset2 is applied for all pages in the eng subdomain, except for pages retrieved from host1.

ruleset1 is applied for all pages in the sesta.com domain, except for pages retrieved from the eng subdomain, and from host1.


  1. Click Save to complete.

  2. Restart the Gateway from a terminal window:


    ./psadmin start-sra-instance –u amadmin – f  <password file> –N <profile name>– t  <gateway>
    

Ruleset for Outlook Web Access

Secure Remote Access server supports MS Exchange 2000 SP3 installation and MS Exchange 2003 of Outlook Web Access (OWA) on the Sun Java System Web Server and the IBM application server.

ProcedureTo Configure the OWA Ruleset

  1. Log in to the Portal Server administration console as administrator.

  2. Select the Secure Remote Access tab, and select the Gateway profile for which you want to set the attribute.

  3. In the Map URIs to RuleSets field, enter the server name where Exchange 2000 is installed followed by the Exchange 2000 Service Pack 4 OWA ruleset.

    For example:


    exchange.domain.com|exchange_2000sp3_owa_ruleset.

Using Public Folders

On the Exchange side Public Folders are configured to use NTLM Authorization. It needs to be changed to use HTTP Basic Authorization.

To do this, go to the Exchange server and select the Control Panel-->Administrative Tools, then open Internet Information Services.

Under Default Web Site there is a tab for Public Folders called Public. Right Click and select properties. Click on Directory Security Tab. Select "Edit.." on the Anonymous Access and Authentication control panel. Unselect everything else and select only Basic Authentication.