Web-enabled applications can interact with CA OPS/MVS over a local network using RESTful Web Services.
Follow these steps:
For example, CA TOPSECRET users must define a master facility.
The opwebsvc.prop file has the configuration properties for the servlet.
You set up TLS/SSL and configure the CA OPS/MVS web interface using HTTPS.
This configuration prevents Tomcat from serving any requests over an unencrypted connection.
If you use CA TOPSECRET, you must define a master facility (MASTFAC) for the Tomcat Server started task. If the started task does not have a MASTER FAC, you need to add one. Once you define the facility facname, add it as a MASTFAC to the Tomcat Server region acid.
TSS ADD(acid) MASTFAC(facname)
Also, you must add this FAC as a facility to the users that need access through TSS ADD(acid) FAC(facname) where acid is the user acid, an attached profile, or the ALL record if all users should have access.
A Java servlet that runs on a Tomcat server delivers RESTful Web Services. You must first install the IBM Java Runtime Environment (JRE), a Tomcat server, and the Java servlet application server on the z/OS host where CA OPS/MVS runs. Each Java servlet provides web services to a single host that resides physically on the same host with CA OPS/MVS. Therefore, you must enable web services on each host for which you want web services.
Note: For more information about installing the IBM Java runtime and the CA CCS-supplied Tomcat server, see the Installation Guide. This guide also provides information about installing and configuring the Tomcat server supplied as a separate install by CA Common Services (CCS).
The opwebsvc.prop file contains the configuration properties for the OPS/MVS Web Service Servlet. This file is located in the following directory:
<installation_directory>/distrib
The following example shows sample contents of this file:
#______________________________________________________________________________
# Configuration properties for the OPS/MVS Web Sevices servlet.
#______________________________________________________________________________
#
# Should the Listener validate the XML documents that it processes?
# Note: this property in not necessary at this point. It is here for future
# enhancement.
#com.ca.automation.opsmvs.websvc.validateXml=no
#______________________________________________________________________________
# Log4j properties control which classes get logged and their format
# The first word of the value below can be set to one of:
# DEBUG, INFO, WARN, ERROR.
# DEBUG produces the most volume, ERROR the least volume.
#
log4j.logger.com.ca.automation=WARN, ToFile
# You can get selective detail, by specifying a particular Java class name.
# Uncomment lines like the samples below to debug the related classes.
#
# log4j.logger.com.ca.automation.opsmvs.websvc.WebSvcUtil=DEBUG, ToFile
log4j.appender.ToFile.encoding=IBM1047
log4j.appender.ToFile.MaxFileSize=4MB
log4j.appender.ToFile.MaxBackupIndex=10
log4j.appender.ToFile.layout=org.apache.log4j.PatternLayout
log4j.appender.ToFile.layout.ConversionPattern=%-5p %d{MMM dd yyyy 'at' hh:mm:ss a} | %c%m%n
#______________________________________________________________________________
Note: To diagnose problems with the CA OPS/MVS Web Servlet code, CA Support may direct you to modify one or more of the properties.
To guarantee that a user web request is authorized to access the referenced RDF tables, a set of z/OS credentials (for example, SAF-based userid and password) passes in the header of each HTTP request. Using these credentials, the server-side Java applet accesses the CA OPS/MVS data using the security context that is embodied in the given credentials. Access to requested RDF tables utilizes the existing CA OPS/MVS security mechanisms (security rules and/or external security SAF).
Note: A specific user has the same access to RDF information, which the same security mechanisms govern, regardless whether they use web services or they access the RDF tables through TSO.
The z/OS credentials that pass in the HTTP header use the standard HTTP basic authentication scheme. The HTTP basic authentication scheme encrypts the username and password using the BASE64 encryption algorithm.
To secure the transmission of the user ID and password from the remote client to the CA OPS/MVS servlet, configure your communications to use Transport Layer Security (TLS). TLS is a secure method of communication between the remote client and the Apache Tomcat web server. TLS is also known as Secure Sockets Layer (SSL). When sending HTTP requests to a TLS-secured web server, the HTTPS network scheme is required in your URI.
For example, your URI becomes https://localhost:8443/opsmvs/web/tables.
The server-side applet utilizes the JAAS (Java Authentication and Authorization Service) service to implement the SAF security context login. As such, the provided configuration file (opwebsvc.conf) lets you specify the login modules that you need. This configuration file should require no modification, as long as the Java class com.ibm.security.auth.module.OS390LoginModule is available with the installed version of the IBM JDK that you are using.
Note: For more information about this file, see the installation readme that is provided in the installation package.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|