This chapter provides information relating to the configuration of all aspects of Web Access. Within this chapter you will see how to customize many features of the Web Access product.
Topics in this chapter include:
|
|
Web Access Configuration Files |
|
|
Standard Configuration Settings |
|
|
Setting up User Information |
|
|
Setting Preferences in WebStore |
|
|
Working with the Realm file |
|
|
Web Server Configuration Information |
|
|
Configuring Web Access for Secure Servers |
All configuration settings for Web Access are contained within Web Realm files which, by default, live in the following directory:
/opt/SUNWwa/properties
The number of property files you have on your system will directly depend on the number of Virtual Domains you have set up. Each domain consists of its own configurable realm file.
When Web Access is first installed on the system, it contains three property files:
|
|
realm.SCS.properties - contains the default settings for customers who are only using the Sun Calendar Server. |
|
|
realm.Sims3.properties - contains the default settings for customers using SIMS 3.5. |
|
|
realm.Sims4.properties - contains the default settings for customers using SIMS 4. |
The following sections describe how to set and change the standard configuration settings found in the realm file.
Domain Configuration
The domain configuration setting is found with the realm file for your installation. This setting allows you to specify the delimiter necessary for users to enter the Web Access interface at login time.
By default, the domain is recognized by Web Access, but if you have multiple virtual domains set up for users, they must specify the domain they wish to enter in the login page by entering their user name, a delimiter, and their domain name. The configurable portion of this function is the delimiter that they enter. You may specify any delimiter for use on the system.
 |
Changing the Domain Delimiter
|
# su
Password: <Enter your root password>
| |
2. |
Open the realm file that you wish to change the delimiter for using a text editor. |
| |
|
You are presented with a standard text file containing the configuration settings for this realm. |
| |
3. |
Move to the notation in the file referencing the Domain configuration. |
#
# Domain configuration...
#
# domain.separator: Separator between user ID and
domain name.
#
# Defaults:
# domain.separator: +
#
| |
4. |
Modify the domain separator in the following code to the delimiter you wish to use. |
domain.separator=+
| |
5. |
Save the file to your system |
| |
6. |
Stop and restart the web server. |
Configuring Your Locale
Working within the WebRealm, you must define the locale where all Web Access operations are to take place.
For a listing of the locale codes, see the document entitled enable.I18N.txt in the following directory:
/opt/SUNWwa/doc/
|
|
Locale - enter the 2 letter language identification code. |
|
|
Country - enter the 2 letter country identification code. |
The default settings for these are:
|
|
locale=en |
|
|
country=us |
Note - Along with the locale and country properties, there is also a third, optional, property entitled variant which is used for some locales. For more information on the variant property, see the document entitled enable.I18N.txt.
There are also character sets associated with each locale which are designated using the following property names:
|
|
charset - the MIME-preferred name for the character set used in email |
|
|
filesystem.charset - the MIME-preferred name for the character set used in the file system of the operating system |
|
|
calendar.charset - the calendar locale name, which includes the character set name |
The default settings for these are:
|
|
charset=ISO-8859-1 |
|
|
filesystem.charset=ISO-8859-1 |
|
|
calendar.charset=C.ISO-8859-1 |
For more information on these settings, please see:
/opt/SUNWwa/doc/enable.I18N.txt
| |
To change the Locale configuration setting,
|
| |
1. |
Open the realm file for the domain you want to change configuration settings for. By default, the WebRealm property file is found in the following directory: |
/opt/SUNWwa/properties/realm.<realm-name>.properties
| |
2. |
Move to the Locale configuration section of the properties file. |
| |
3. |
Change the locale, country, variant, charset, filesystem.charset and calendar.charset properties to your preferred settings. |
| |
4. |
Save the properties file. |
| |
5. |
Stop the server using the htserver stop command. |
| |
6. |
Restart the server using the htserver start command. |
Your changes have now been implemented on the system.
Creating a Locale Property File while Maintaining the Default Realm
A realm property file can be created which can override a few properties in an existing realm property file. By adding the realm.parent property to the file with the overrides, Web Access will be able to determine where the rest of the property values can be found.
The following example shows how to accomplish this by creating another locale realm for Japanese while retaining the default properties in realm.Sims4.properties.
| |
1. |
Create a new file called realm.SimsJapan.properties. |
| |
2. |
Add the following property names and values: |
|
|
locale=ja |
|
|
country=JP |
|
|
charset=ISO-2022-JP |
|
|
filesystem.charset=EUC-JP |
|
|
calendar.charset=ja_JP.EUC-JP |
|
|
realm.parent=Sims4 |
| |
3. |
Create a new directory called /opt/SUNWwa/public_html/WebAccess/ja. |
| |
4. |
Copy /opt/SUNWwa/public_html/WebAccess/index.html into the new ja directory. |
| |
5. |
Edit the new index.html file, changing the realm name from Sims4 to SimsJapan. |
| |
6. |
Instruct users who need to read Japanese email and calendars log into the new location. |
For more information on creating locale realms, please see:
/opt/SUNWwa/doc/enable.I18N.txt
Configuring Authentication
For any given WebRealm, there is defined a specific authentication method. In total, this authentication method is implemented by the following components:
|
|
The login URL implementation. |
|
|
The authentication class, subclassed from |
com.sun.webaccess.auth.AuthClass.
|
|
The logout URL implementation. |
The Login URL Implementation
This URL may produce any valid HTML content, and may be implemented and installed in any fashion that presents a desirable login URL, depending upon site specific and server specific naming and installation conventions. For Web Access for SIMS, the default login page may be found at:
/opt/SUNWwa/public_html/WebAccess/index.html
Regardless of the specifics of the implementation, this page should accomplish the following:
| |
1. |
Display a welcome screen that is appropriate to the given WebRealm(s). |
| |
2. |
Provide an anchor(/href), to initiate the login procedure, that follows this general form: |
<A HREF="/servlet/com.sun.webaccess.selector.Frameset?realm=<realm-
name>">...</A>
Note - In the above listed example, <realm-name> represents the selection of the WebRealm for this particular setup.
This page serves as the jumping off point for all WebRealms. A particular site may wish to provide reference to multiple WebRealms, or may wish to dedicate a fixed URL as a login point for each WebRealm. This is a configurable option, and is up to the administrator of the site as to how it will be implemented.
When the user logs in through this page, they have, in effect, selected the WebRealm in which they will operate on the system.
The SIMS Authentication Class
The SIMS authentication class "SimsAuth" is an implementation of "AuthClass." It utilizes the HTTP authorization mechanism. At the present time, only the "BASIC" authorization system is supported. The administrator may elect (and it is strongly recommended that they do) to require that the user operate with an SSL(https) connection. This configuration appears in the WebRealm property file thus:
SimsAuth.sslRequired= yes|no
If the administrator decides to require SSL connections, the Secure Web Service must be enabled and configured using the Sun Web Server (SWS) admin facility. Server credentials are managed using the "authstore" utility. Information regarding SWS security administration may be found in the SWS documentation.
The SimsAuth class authenticates against the user credentials (userPassword) stored in the SIMS LDAP directory.
The "getCredentials()" method of the SimsAuth class returns a Hashtable with two entries: "userId" and "userPwd".
The Logout URL Implementation
The logout page indicates to the user that their session has been correctly shut down. It may also display any other WebRealm specific information that DOES NOT require authentication/authorization. This page is not displayed until the session has been completely shut down. Upon successful session shutdown, the server will cause activation of the page via a browser side redirect.
The logout page is configured in the WebRealm property file in the following fashion:
prop.logoutUrl=<logout-url>
where <logout-url> defines the UR? of the logout page to which the user's browser will be redirected upon successful session shutdown. The SIMS definition for this property is:
prop.logoutUrl=/WebAccess/en/html/auth/SimsLogout.html
The WebStore implements a uniform name space that maps to multiple backend information servers. The WebStore provides the Web Access servlets with all information needed to establish "user state". At the present time, the WebStore provides no defaulting mechanisms, though this will change in future Web Access releases.
Some examples of the sort of information available from the WebStore are:
|
|
mail.IMAP.server - The user's mail host. |
|
|
mail.prefs.vacation.message - The user's vacation message. |
Along with these settings, there are various pieces of state for which a servlet may require persistence.
The WebStore is configured within a WebRealm property file. Name space mapping begins with entries of the form:
access.<prop-name>=<access-class>
which directs Web Access to process all requests for a property identified by <prop-name> through an object instance of <access-class>, which is derived from the com.sun.webaccess.store.AccessClass class. Properties without an explicit mapping will be serviced by a default mapping that is established thus:
access.DEFAULT_ACCESS=<access-class>
All WebRealms are required to define the DEFAULT_ACCESS mapping. Specific access classes may permit additional mappings that are unique to that access class, e.g., the LDAPAccess class.
The "FileAccess" Access Class
The FileAccess class is one of the two access classes provided by the initial release of the Web Access system. All data requested from or stored into a FileAccess object will come from or be stored to a file on disk. One file will exist for each user. The location of the directory in which these files resides is configured within a WebRealm property file thus:
access.FileAccess.dirPath=<dir-path>
<dir-path> should be unique for every WebRealm. The default SIMS configuration follows:
access.FileAccess.dirPath=/var/opt/SUNWwa/SimsUsers
User files are distributed in a hashing fashion to multiple directories within the directory configured by "dirPath".
An example of an access class mapping that uses FileAccess follows:
access.DEFAULT_ACCESS=com.sun.webaccess.store.FileAccess
declares that all properties for which there is NOT an explicit mapping will be serviced by a FileAccess object.
The "LDAPAccess" Access Class
The LDAPAccess class is the other access class provided by the initial Web Access release. It is intended to provide access to those data that reside in a SIMS LDAP directory. It may be usable with directory systems other than that provided with SIMS, but this is an untested feature. All data requested from and SOME data stored into an LDAPAccess object will come from and MAY be stored to the configured LDAP directory. The LDAP directory is configured for a given WebRealm thus:
access.LDAPAccess.ldapServiceUrl=ldap://<ldap-hostname>:<ldap-
portnum>
access.LDAPAccess.ldapSearchBase=<search-base>
An LDAPAccess access class mapping requires additional information to complete any given request. This is in the form of an additional mapping that translates the property name requested by the Web Access servlet to an LDAP attribute name. Mappings of this type assume the form:
access.LDAPAccess.<prop-name>=<ldap-attr-name>
If this secondary mapping is not provided, it is implied that <ldap-attr-name> is the same as <prop-name>
An example of a complete LDAPAccess access class mapping follows:
access.mail.IMAP.server=com.sun.webaccess.store.LDAPAccess
access.LDAPAccess.mail.IMAP.server=mailHost
which maps a Web Access servlet property called "mail.IMAP.server" to an LDAP attribute named "mailHost".
Global Property Page Configuration Settings
The following topics are in reference to configuring the Global Property page on the Web Access system.
Disabling User Password Editing through the Global Property Page
Web Access gives you the capability to disallow your users from editing their passwords using the Global property page on the system. By default, this setting is configured to allow for the editing of passwords through this page.
To disable this feature:
$ su
Password: <Enter your root password>
| |
2. |
Open the realm file you want to configure. |
| |
3. |
Move to the section of the realm file that relates to editing user passwords: |
# User editing of his/her password through the Global property page
# enable - Allow password editing, display password fields
(default)
# disable - Don't allow password editing, hide password fields
# props.passwordEditing=enable
| |
4. |
Uncomment the last line of code and change enable to disable. |
props.passwordEditing=disable
| |
|
Your modifications will take effect the next time the server is started. |
Customizing Your Display
As an administrator, you may not wish to provide identical functionality to all users. It is possible, on a per WebRealm basis, for you to specify the default functionality available from a user's selector. This is accomplished by changing the Selector configuration information within the realm file. Using these configuration settings, you can specify the following:
|
|
Whether or not particular functionality (e.g., Mail, Calendar, etc.) appears in the viewer's interface. |
|
|
If the icons that represent the various interfaces in the selector. |
|
|
If the alternative text that appears in place of the icons (unicode must be used for multibyte text) |
|
|
If the location of the system help files. |
|
|
Whether to add buttons to the selector. |
Every button present on a WebRealm user's selector must be configured in the following fashion:
|
|
selector.button<button-num>.method=<button-class> |
|
|
selector.button<button-num>.href=<href-definition> |
|
|
selector.button<button-num>.img=<button-icon-image> |
|
|
selector.button<button-num>.alt=<button-alt-text-value> |
|
|
selector.button<button-num>.targ=<button-targ> |
<button-class> specifies the object class which will be invoked to emit the appropriate HTML for any given button.
| |
Modifying the Selector Interface
|
$ su
Password: <Enter your root password>
| |
2. |
Open the realm file you want to configure. |
| |
3. |
Move to the Selector configuration section of the file: |
| |
|
# Selector configuration... |
| |
4. |
Make the modifications you want to the section. |
Note - Remember that you must change these settings using the fashion described earlier in this section.
| |
|
Your modifications will appear the next time the server is started. |
Mail Configuration Settings
Web Access allows you to set many aspects of the mail client interface. This section outlines the configurable aspects of the mail client, and gives step-by-step instructions as to how to change these settings.
All settings for the mail client are found in the Web Access Realm Properties file which is, by default, stored in:
/opt/SUNWwa/properties/realm.<realm-name>.properties
| |
Configuring the IMAP Server
|
<Can these be adjusted, or are they a system setting that occurs during install?>
$ su
Password: <Enter your root password>
| |
2. |
Open the realm file that you wish to change the IMAP server setting for using a text editor. |
| |
|
You are presented with a standard text file containing the configuration settings for this realm. |
| |
3. |
Move to the notation in the file referencing the "Mail" servlet settings. |
#
# The following WebStore mappings pertain to the "Mail" servlet.
#
| |
|
The first "Mail" servlet setting: |
# mail.IMAP.server...
access.mail.IMAP.server=com.sun.webaccess.store.LDAPAccess
access.LDAPAccess.mail.IMAP.server=mailHost
| |
|
contains the IMAP server settings you will need to set. |
| |
4. |
Change these settings to the appropriate values for your system. |
| |
5. |
Save the file to your system. |
| |
6. |
Stop and restart the web server. |
Configuring Vacation Settings
Web Access gives you the ability to turn the display of vacation settings in the Mail Property page on and off. This allows you to control whether or not your users have the ability to set and configure vacation settings for their mail.
$ su
Password: <Enter your root password>
| |
2. |
Open the realm file that you wish to change the delimiter for using a text editor. |
| |
|
You are presented with a standard text file containing the configuration settings for this realm. |
| |
3. |
Move to the following notation in the realm file: |
| |
|
# Display the vacation mail property settings in the mail property page |
| |
4. |
To disable this feature, change the following property from enable to disable. |
| |
|
mail.vacation.property=enable |
| |
5. |
Save the file to your system. |
| |
6. |
Stop and restart the web server. |
Setting Attachment Limits
Through the realm file, you have the ability to set limits on the size of attachments that users are able to send through the system. This is accomplished by following these steps.
$ su
Password: <Enter your root password>
| |
2. |
Open the realm file that you wish to change the delimiter for using a text editor. |
| |
|
you are presented with a standard text file containing the configuration settings for this realm. |
| |
3. |
Move to the following notation in the realm file: |
# The compose.maxAttachmentSize property sets the maximum size of mail
# attachments in the compose window in units of megabytes.
Note - By default, this is set to 1 Mb.
| |
4. |
To modify the attachment size, simply uncomment the following line and change the numeric entry to the size setting you want for the system. |
compose.maxAttachmentSize=1
Note - Each number represents a megabyte in size. For example, setting this number to 3.5 would allow users to send attachments up to 3.5 megabytes in size.
Calendar Configuration Setting
The only calendar configuration setting you may need to modify is the debug setting. This setting enables print statements from the protocol level that can be used by the Web Access support staff to determine problems with the system.
All user settings are determined by the SIMS directory. For information on the SIMS directory, and how to set up users, see the Sun Internet Mail Server 4.0 Administrator's Guide.
Web Access has the ability to communicate with a variety of servers including, but not limited to the:
|
|
Sun Internet Mail Server (SIMS) 4.0 |
|
|
Sun Directory Server (SDS) 3.1 |
|
|
Sun Calendar Server (SCS) 1.0 |
|
|
Solaris CDE Calendaring Server |
For information on configuration for these and other servers that you are using with Web Access, see the documentation that accompanies that server.
Copyright © 1999 Sun Microsystems, Inc. All Rights Reserved.