SDX 6.4.x Application Library Guide > Activating Services Through SOAP > Configuring Dynamic Service Activator

Configuring Dynamic Service Activator

The tasks to configure the Dynamic Service Activator are:

1. Configuring Security for Gateway Clients
2. Configuring General Properties for Dynamic Service Activator
3. Configuring Subscriber Types for Dynamic Service Activator
4. Configuring the NIC Proxies
5. Configuring Access to Methods and Scripts
6. (Optional) Deleting Subscriber Types, NIC Proxies, Methods, Scripts, and Clients
7. Configuring the Logging Properties

Configuring Security for Gateway Clients

As described in Dynamic Service Activator Operation, Dynamic Service Activator interacts with the Web application server to determine whether a gateway client has access to a method or script. To configure security for gateway clients:

1. Configure the name and credentials, such as a password, that the Web application server uses to authenticate the gateway client.

You must use the same name for the gateway client when you define the scripts and methods to which the gateway client has access (see Configuring the NIC Proxies).

2. Assign gateway clients to the defined security role for Dynamic Service Activator.

The default role is DSAAuthorizedClient; to change the default setting, edit the dsa\WEB-INF\web.xml file, which you can extract from the dsa.war file. For example:

jar xvf dsa.war WEB-INF/bootstrap.properties

3. Define the security roles for Dynamic Service Activator in the Web application server.

If you are using the JBoss application server and the sample data for Dynamic Service Activator, modify the roles.properties and users.properties files located in the <JBoss-install-dir>/jboss/server/default/conf folder. For information about the sample data, see Sample Data for Dynamic Service Activator.

1. In the roles.properties file, associate users with the security role by adding these properties:

Fred=DSAAuthorizedClient 

Joe=DSAAuthorizedClient 

Bob=DSAAuthorizedClient 

2. In the users.properties file, associate a password with those users by adding these properties:

Fred=secret 

Joe=secret 

Bob=secret 

For information about these tasks, see the documentation for your Web application server, and the information about security at

http://java.sun.com/j2ee/1.4/docs/tutorial/doc/index.html

Configuring General Properties for Dynamic Service Activator

The general properties for Dynamic Service Activator determine the behavior of the application rather than the relationship between a gateway client and the application.

To use SDX Configuration Editor to configure general properties for Dynamic Service Activator:

1. In the WebApplication folder in the navigation pane, select the DynamicServiceActivation.xml configuration file.
2. Select the Dynamic Service Activation tab.

The Dynamic Service Activation pane appears.

3. Edit or accept the default values for the fields.

See Dynamic Service Activation General Properties.

4. Select File > Save.
5. Right-click the configuration file, and select SDX System Configuration > Export to LDAP Directory.

Dynamic Service Activation General Properties

In SDX Configuration Editor, you can modify the following fields in the Dynamic Service Activation pane in a DynamicServiceActivation.xml configuration file.

Logging Subsystem Configuration Namespace

• Namespace that defines the properties for the logging operations.
• Value—Path, relative to the root namespace, that defines the object for the namespace
• Default—/WebApplication
• Property name—loggingNamespace

Disable Access Control Mechanism

• Determines the type of access that gateway clients have to methods and scripts.
• Value

• True—Gateway clients have unrestricted access to all methods and scripts.
• False—Gateway clients have access only to methods and scripts that you specify in the configuration.

• Default—False
• Property name—disableAccessControls

Configuring Subscriber Types for Dynamic Service Activator

You configure which types of information identify subscribers to the SAE. The subscriber types that you can configure in SDX Configuration Editor are the same as the subscriber types that you can use in applications created with the SAE CORBA remote API. To use SDX Configuration Editor to configure subscriber types:

1. In the WebApplication folder in the navigation pane, select the DynamicServiceActivation.xml configuration file.
2. Select the Subscriber Types tab.

The Subscriber Types pane appears.

3. Select Subscriber Type from the drop-down list next to the Create a New Instance of button, and click the Create a New Instance of button.

The instance name for the Subscriber Type is used to construct the subscriber's URI.

4. In the Subscriber Type section, edit or accept the default values for the fields.

See Subscriber Type Fields.

5. Select File > Save.
6. Right-click the configuration file, and select SDX System Configuration > Export to LDAP Directory.

Subscriber Type Fields

In SDX Configuration Editor, you can modify the following fields in the Subscriber Types pane in a DynamicServiceActivation.xml configuration file.

Subscriber ID Type

• Type of information used to identify a subscriber.
• Value

• SIT_ADDRESS—Subscriber's IP address
• SIT_DN—Distinguished name of subscriber profile
• SIT_LOGIN_NAME—Subscriber's login name
• SIT_IF_NAME—Name of the interface and name of the virtual router to which the subscriber connects
• SIT_IF_INDEX—SNMP index of the interface and name of the virtual router to which the subscriber connects
• SIT_ADDR_IF_NAME—Subscriber's IP address, name of the managed interface, and name of the virtual router to which the subscriber connects
• SIT_PRIMARY_USER_NAME—Primary username

• Default—No value
• Property name—sidType

NIC Proxy Namespace

• Namespace that defines the properties for the NIC proxy operations for the specified subscriber ID type.
• Value—/nicProxies/<NIC proxy name>
• Guidelines—Each subscriber type must use a different NIC proxy. All NIC proxies for Dynamic Service Activator are stored in a /nicProxies folder.
• Default—No value
• Examples

• /nicProxies/ip for a SIT_ADDRESS subscriber type
• /nicProxies/dn for a SIT_DN subscriber type

• Property name—nicProxyNamespace

Configuring the NIC Proxies

You create a NIC proxy for each subscriber type to be configured. (See Configuring Subscriber Types for Dynamic Service Activator.) Subscriber types that have different subscriber ID types can use the same NIC proxy. For example, a subscriber type configured as SubscriberType1 that has a subscriber ID type of SIT_IF_NAME, and a subscriber type configured as subscriberType2 that has a subscriber ID type of SIT_IF_INDEX can both use the same NIC proxy. Likewise, a subscriber type configured as SubscriberType1 and a subscriber type configured as subscriberType2 that both have a subscriber ID type of SIT_ADDRESS can use the same NIC proxy.

To configure NIC proxies, click the NIC Proxy Configurations tab in the DynamicServiceActivation.xml file.

A NIC proxy for Dynamic Service Activator is stored in the /nicProxies folder. The name of the NIC proxy must match the name configured in the Subscriber Types pane. For information about configuring NIC proxies, see SDX Network Guide: SAE, Juniper Networks Routers, and NIC, Chapter 7, Configuring Applications to Communicate with an SAE.

Configuring Access to Methods and Scripts

Before configuring access to methods and scripts, determine how you want to organize the methods, scripts, and clients (see Before You Install Dynamic Service Activator).

NOTE: Generally, to keep the organization simple, make all client objects subordinate to method and script objects.

Configuring access to methods and scripts involves adding methods, scripts, and clients to the directory, and configuring access properties between each client and each method or script.

To use SDX Configuration Editor to configure access to methods and scripts:

1. In the WebApplication folder in the navigation pane, select the DynamicServiceActivation.xml configuration file.
2. Select the Methods/Scripts tab.

The Methods/Scripts pane appears.

3. Select Method/Script from the drop-down list next to the Create a New Instance of button, and click the Create a New Instance of button.
4. If you created a method or script object, in the Methods/Scripts pane scroll down to the field List of clients who may invoke this method or script, and Select Client from the drop-down list next to the Create a New Instance of button and click the Create a New Instance of button.
5. Specify the properties for each combination of method or script and client in the Methods/Scripts pane.

See Method and Scripts Fields.

6. Select File > Save.
7. Right-click the configuration file, and select SDX System Configuration > Export to LDAP Directory.

Method and Scripts Fields

In SDX Configuration Editor, you can modify the following fields in the Methods/Scripts pane in a DynamicServiceActivation.xml configuration file.

Method or Script Name

• Method or script to activate on the SAE.
• Value—Text string that exactly matches the name of the method or script
• Property name—methodName

SAE Locator Index

• Zero-based index of the argument that Dynamic Service Activator should use to locate the SAE server on which to activate the method or script.
• Value—Integer in the range 0-4294967295
• Guidelines—For methods, set this value to 0.

Each method or script receives a set of arguments in the gateway client's SOAP request. For example, the second argument has the index 1 and could be a subscriber's IP address. Dynamic Service Activator would pass the argument to the NIC to locate the SAE managing that subscriber.

• Property name—saeLocatorArg

Constraints for Arguments (for methods and scripts)

• See Configuring Access Constraints.
• Guideline—This property is optional.

Client ID

• Subscriber name that Dynamic Service Activator uses to authenticate this client.
• Value—Text string that matches subscriber name
• Default—Anonymous
• Example—<add key="Client ID.Text" value="anonymous" />
• Property name—Client ID.Text
• Guidelines—If you disable the access control mechanism (see Configuring General Properties for Dynamic Service Activator) and you configure the Web application server to authenticate clients with any username and password (see Configuring Security for Gateway Clients), Dynamic Service Activator sends the text string "anonymous client" as the first argument to the SAE's Java scripts interface module.
• Property name—clientID

Constraints for arguments (for clients)

• See Configuring Access Constraints.
• Guideline—This property is optional.

Configuring Access Constraints

Access constraints are regular expressions that the arguments for the method or script in the SOAP request must match. If the arguments for the method or script in a particular SOAP request do not match these regular expressions, then Dynamic Service Activator rejects the request. Access constraints are optional.

You use the fields labeled Constraints for arguments to specify the regular expressions. These fields comprise an entry box, a display table, and a set of action buttons.

To add optional access constraints:

1. Click in the entry box.
2. Enter the access condition in the format

<property>=<regularExpression>

• <property>—Zero-based index of the argument
• <regularExpression>—Regular expression

For information about the regular expression syntax, see

http://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html

3. Click Add.

To modify optional access conditions:

1. Select the access condition you want to delete in the table.

The access condition appears in the entry box.

2. Modify the text in the entry box.
3. Click Modify.

The modified condition appears in the display table.

To delete optional access conditions:

1. Select the access condition you want to delete in the display table.
2. Click Delete.

Deleting Subscriber Types, NIC Proxies, Methods, Scripts, and Clients

You can delete configuration entries in the various panes from the DynamicServiceActivation.xml file.

To delete an instance of a configuration entry:

1. Select the configuration entry from the menu to the left of the field called Delete an Instance.
2. Click Delete an Instance.

The Confirmation dialog box appears.

3. Click OK.

SDX Configuration Editor deletes the method or client.

Configuring the Logging Properties

To configure logging properties:

1. With SDX Configuration Editor, access the WebApplication.xml file.

The Logging pane appears.

2. Configure the logging properties.

You can see default settings for logging in this file. For information about configuring logging, see SDX Monitoring and Troubleshooting Guide, Chapter 2, Configuring Logging for SDX Components.

3. Save the file.