Configuring Dynamic Service Activator Properties (SRC CLI)

Tasks to configure the Dynamic Service Activator are:

Configuring General Properties for Dynamic Service Activator

The general properties for Dynamic Service Activator determine the behavior of the application rather than the relationship between a gateway client and the application.

To configure general properties for Dynamic Service Activator:

  1. From configuration mode, access the configuration statement that configures the general properties. In this sample procedure, the properties are configured in the trial group.
    [edit]
    user@host# edit shared dsa group trial configuration
  2. (Optional) Specify the type of access that gateway clients have to methods and scripts.
    [edit shared dsa group trial configuration]
    user@host# set disable-access-control-mechanism

    Set this value only if you want gateway clients to have unrestricted access to all methods and scripts. The client still must provide a valid client name and password, and the client name must be configured to access at least one method (for Dynamic Service Activator or PCMM) to access methods of that type. By default, gateway clients have access only to methods and scripts that you specify in the configuration. Access control should be disabled only for troubleshooting purposes.

Configuring Subscriber Types for Dynamic Service Activator

You configure which types of information identify subscribers to the SAE. The subscriber types that you can configure are the same subscriber types that you can use in applications created with the SAE CORBA remote API.

To configure subscriber types:

  1. From configuration mode, access the configuration statement that configures the subscriber types. The specified name is used to construct the subscriber’s URI. In this sample procedure, the properties are configured in the trial group.
    [edit]
    user@host# edit shared dsa group trial configuration subscriber-types name
  2. Specify the type of information used to identify a subscriber.
    [edit shared dsa group trial configuration subscriber-types name]
    user@host# set subscriber-id-type (address | dn | login-name | interface-name | interface-index | address-interface-name | primary-user-name)

    where:

    • address—Subscriber’s IP address
    • dn—Distinguished name of subscriber profile
    • login-name—Subscriber’s login name
    • interface-name—Name of the interface and name of the virtual router to which the subscriber connects
    • interface-index—SNMP index of the interface and name of the virtual router to which the subscriber connects
    • address-interface-name—Subscriber’s IP address, name of the managed interface, and name of the virtual router to which the subscriber connects
    • primary-user-name—Primary username
  3. Specify the namespace that defines the properties for the NIC proxy operations for the specified subscriber ID type. Each subscriber type must use a different NIC proxy.
    [edit shared dsa group trial configuration subscriber-types name]
    user@host# set nic-proxy nic-proxy

    For example:

    [edit shared dsa group trial configuration subscriber-types name]
    user@host# set nic-proxy ip

Configuring the NIC Proxies for Dynamic Service Activator

You create a NIC proxy for each subscriber type to be configured. The name of the NIC proxy must match the name configured for the NIC proxy namespace.

Subscriber types that have different subscriber ID types can use the same NIC proxy. For example, a subscriber type configured as SubscriberType1 that has a subscriber ID type of interface-name, and a subscriber type configured as subscriberType2 that has a subscriber ID type of interface-index can both use the same NIC proxy. Likewise, a subscriber type configured as SubscriberType1 and a subscriber type configured as subscriberType2 that both have a subscriber ID type of address can use the same NIC proxy.

To configure NIC proxies:

  1. From configuration mode, access the configuration statement that configures the NIC proxy. In this sample procedure, the NIC proxy called ip is configured in the trial group.
    [edit]
    user@host# edit shared dsa group trial configuration nic-proxy-configuration ip
  2. Specify the properties for the NIC proxy.
    [edit shared dsa group trial configuration nic-proxy-configuration ip]
    user@host# set ?

    For information about configuring NIC proxies, see Configuration Statements for NIC Proxies.

Configuring Access to Methods and Scripts for Dynamic Service Activator

Configuring access to methods and scripts involves adding methods, scripts, and clients to the configuration and configuring access properties between each client and each method or script.

Note: Client profiles are cached by Dynamic Service Activator for 30 minutes. If you change the password or role of a client that has been used within the last 30 minutes, it can take up to 30 minutes before these changes take effect.

When permissions are configured, roles are assigned to application server user objects automatically. The first time you add a method or script for a client, the DSA role is added to the corresponding application server user, and when the last method or script is deleted, the DSA role is removed from the corresponding user. Only role and password changes take up to 30 minutes to take effect.

If you do not want to wait 30 minutes for the changes to take effect, restart the Web application server.

Dynamic Service Activator interacts with the Web application server to determine whether a gateway client has access to a method or script. The name and credentials, such as a password, that are used to authenticate the gateway client are configured on the Web application server as user accounts.

Access constraints are regular expressions that the arguments for the method or script in the SOAP request must match. If the arguments for the method or script in a particular SOAP request do not match these regular expressions, then Dynamic Service Activator rejects the request.

Configuring Access to Methods for Dynamic Service Activator

Use the following configuration statements to configure methods and access properties between each client and each method:

shared dsa group name configuration client name
shared dsa group name configuration client name permissions method name
shared dsa group name configuration client name permissions method name constraints argument-index
shared dsa group name configuration method (subscriber-read-subscription | subscriber-activate-service | subscriber-deactivate-service | subscriber-modify-service | subscriber-login | subscriber-logout | invoke-script | invoke-gateway-extension | commit-resources | release-resources | query-contexts | query-available-services) constraints argument-index

Configuring Methods

To configure methods for Dynamic Service Activator:

  1. From configuration mode, access the configuration statement that configures the method to activate on the SAE. Use the text string that exactly matches the name of the method.
    [edit]
    user@host# edit shared dsa group name configuration method (subscriber-read-subscription | subscriber-activate-service | subscriber-deactivate-service | subscriber-modify-service | subscriber-login | subscriber-logout | invoke-script | invoke-gateway-extension | commit-resources | release-resources | query-contexts | query-available-services)

    where:

    • subscriber-read-subscription—Determines whether a subscriber accesses services through the SRC owner’s network and obtains all of that subscriber’s subscriptions.
    • subscriber-activate-service—Activates subscribers’ subscriptions to services.
    • subscriber-deactivate-service—Deactivates subscribers’ subscriptions to services.
    • subscriber-modify-service—Modifies subscriptions.
    • subscriber-login—Logs in subscribers. This method supports only subscribers who are identified by their IP addresses. This method does not support subscribers who are identified by the names they use to log in or by their DNs.
    • subscriber-logout—Logs out subscribers. This method supports only subscribers who are identified by their IP addresses or the names they use to log in. This method does not support subscribers who are identified by their DNs.
    • invoke-script—Manages all operations involved with invoking scripts: retrieves requests to invoke scripts from the gateway client, authenticates the gateway client, verifies the arguments supplied by the gateway client, communicates with other SRC components, and returns values to the gateway client.
    • invoke-gateway-extension—Invokes a servlet that has been created and deployed in the SRC SOAP Gateway Web application server. The servlet can be a standalone application, or it can be part of a WAR or EAR file. When deployed, servlets invoked with this method should be accessible only from the local host.
    • commit-resources—Specifies the resources that are being requested in the CommitResource message.
    • release-resources—Specifies the resources that are being requested to be released in the ReleaseResources message.
    • query-contexts—Searches for the context ID and context status for a subscriber.
    • query-available-services—Searches for the services that are available to the calling application.

    For example:

    user@host# edit shared dsa group trial configuration method subscriber-read-subscription
  2. Specify the access constraints applied to the method for all clients.
    [edit shared dsa group trial configuration method subscriber-read-subscription]
    user@host# set constraints argument-index value

    where:

    For example:

    user@host# set constraints 1 Audio-[a-zA-Z]*

Configuring Access to Methods

To configure access to methods for Dynamic Service Activator:

  1. From configuration mode, access the configuration statement that configures the gateway client’s access to a method. You must use the same name for the gateway client that is configured on the Web application server.

    If you disable the access control mechanism and you configure the Web application server to authenticate clients with any username and password, Dynamic Service Activator sends the text string “anonymous client” as the first argument to the SAE’s Java scripts interface module.

    [edit]
    user@host# edit shared dsa group name configuration client name permissions method name

    For example:

    user@host# edit shared dsa group trial configuration client name permissions method subscriber-read-subscription
  2. Specify the regular expressions that the method arguments must match for the gateway client.
    [edit shared dsa group trial configuration client name permissions method subscriber-read-subscription]
    user@host# set constraints argument-index value

    For example:

    [edit shared dsa group trial configuration client name permissions method subscriber-read-subscription]
    user@host# set constraints 1 Audio-[a-zA-Z]*

Configuring Access to Scripts for Dynamic Service Activator

Use the following configuration statements to configure scripts and access properties between each client and each script:

shared dsa group name configuration client name
shared dsa group name configuration client name permissions script name
shared dsa group name configuration client name permissions script name constraints argument-index
shared dsa group name configuration script name
shared dsa group name configuration script name constraints argument-index

Configuring Scripts

To configure scripts for Dynamic Service Activator:

  1. From configuration mode, access the configuration statement that configures the script to activate on the SAE. Use the text string that exactly matches the name of the script.
    [edit]
    user@host# edit shared dsa group name configuration script name
  2. Specify the zero-based index of the script argument used to locate the SAE on which to invoke the script.
    [edit shared dsa group name configuration script name]
    user@host# set sae-locator-index sae-locator-index
  3. Specify the access constraints applied to the script for all clients.
    [edit shared dsa group name configuration script name]
    user@host# set constraints argument-index value

    where:

    For example:

    user@host# set constraints 1 Audio-[a-zA-Z]*

Configuring Access to Scripts

To configure access to scripts:

  1. From configuration mode, access the configuration statement that configures the gateway client’s access to a script. You must use the same name for the gateway client that is configured on the Web application server.

    If you disable the access control mechanism and you configure the Web application server to authenticate clients with any username and password, Dynamic Service Activator sends the text string “anonymous client” as the first argument to the SAE’s Java scripts interface module.

    [edit]
    user@host# edit shared dsa group name configuration client name permissions script name
  2. Specify the regular expressions that the script arguments must match for the gateway client.
    [edit shared dsa group trial configuration client name permissions script name]
    user@host# set constraints argument-index value

    For example:

    [edit shared dsa group trial configuration client name permissions script name]
    user@host# set constraints 1 Audio-[a-zA-Z]*

Configuring the Logging Destinations for Dynamic Service Activator

Use the following configuration statements to configure logging destinations for Dynamic Service Activator:

shared dsa group name configuration logger name
shared dsa group name configuration logger name file {
filter filter;
filename filename;
rollover-filename rollover-filename;
maximum-file-size maximum-file-size;
}
shared dsa group name configuration logger name syslog {
filter filter;
host host;
facility facility;
format format;
}

Configuring Logging Destinations to Store Messages in a File

To configure logging destinations to store log messages in a file:

  1. From configuration mode, access the configuration statement that configures the name and type of logging destination. In this sample procedure, the logging destination called file-1 is configured in the trial group.
    [edit]
    user@host# edit shared dsa group trial configuration logger file-1 file
  2. Specify the properties for the logging destination.
    [edit shared dsa group trial configuration logger file-1 file]
    user@host# set ?

    For more information about configuring properties for the logging destination, see Configuring a Component to Store Log Messages in a File (SRC CLI).

Configuring Logging Destinations to Send Messages to the System Logging Facility

To configure logging destinations to send log messages to the system logging facility:

  1. From configuration mode, access the configuration statement that configures the name and type of logging destination. In this sample procedure, the logging destination called syslog-1 is configured in the trial group.
    [edit]
    user@host# edit shared dsa group trial configuration logger syslog-1 syslog
  2. Specify the properties for the logging destination.
    [edit shared dsa group trial configuration logger syslog-1 syslog]
    user@host# set ?

    For more information about configuring properties for the logging destination, see Configuring System Logging (SRC CLI).