Configuring Dynamic Service Activator Properties (SRC CLI)

Tasks to configure the Dynamic Service Activator are:

• Configuring General Properties for Dynamic Service Activator
• Configuring Subscriber Types for Dynamic Service Activator
• Configuring Session Handles for Dynamic Service Activator
• Configuring the NIC Proxies for Dynamic Service Activator
• Configuring Access to Methods and Scripts for Dynamic Service Activator
• Configuring Access to Methods for Dynamic Service Activator
• Configuring Access to Scripts for Dynamic Service Activator
• Restricting Access to Service Sessions for Dynamic Service Activator
• Configuring Access to Attributes for Dynamic Service Activator
• Configuring the SAE to Send Tracking Events to Dynamic Service Activator
• Configuring Dynamic Service Activator to Publish Events to SOAP Applications
• Configuring the Logging Destinations for Dynamic Service Activator

Configuring General Properties for Dynamic Service Activator

The general properties for Dynamic Service Activator determine the behavior of the application rather than the relationship between a gateway client and the application.

To configure general properties for Dynamic Service Activator:

1. From configuration mode, access the statement that configures the general properties. In this sample procedure, the properties are configured in the trial group.

   [edit]

   user@host# edit shared dsa group trial configuration

2. (Optional) Specify the type of access that gateway clients have to methods and scripts.

   [edit shared dsa group trial configuration]

   user@host# set disable-access-control-mechanism

   Set this value only if you want gateway clients to have unrestricted access to all methods and scripts. The client still must provide a valid client name and password, and the client name must be configured to access at least one method (for Dynamic Service Activator or PCMM) to access methods of that type. By default, gateway clients have access only to methods and scripts that you specify in the configuration. Access control should be disabled only for troubleshooting purposes.

Configuring Subscriber Types for Dynamic Service Activator

You configure which types of information identify subscribers to the SAE. The subscriber types that you can configure are the same subscriber types that you can use in applications created with the SAE CORBA remote API.

To configure subscriber types:

1. From configuration mode, access the statement that configures the subscriber types. The specified name is used to construct the subscriber’s URI. In this sample procedure, the properties are configured in the trial group.

   [edit]

   user@host# edit shared dsa group trial configuration subscriber-types name

2. Specify the type of information used to identify a subscriber.

   [edit shared dsa group trial configuration subscriber-types name]

   user@host# set subscriber-id-type (address | dn | login-name | interface-name | interface-index | address-interface-name | primary-user-name | session-handle)

   where:

   • address—Subscriber’s IP address
   • dn—Distinguished name of subscriber profile
   • login-name—Subscriber’s login name
   • interface-name—Name of the interface and name of the virtual router to which the subscriber connects
   • interface-index—SNMP index of the interface and name of the virtual router to which the subscriber connects
   • address-interface-name—Subscriber’s IP address, name of the managed interface, and name of the virtual router to which the subscriber connects
   • primary-user-name—Primary username
   • session-handle—Subscriber’s session handle used to reference an existing subscriber session
3. Specify the namespace that defines the properties for the NIC proxy operations for the specified subscriber ID type. Each subscriber type must use a different NIC proxy.

   [edit shared dsa group trial configuration subscriber-types name]

   user@host# set nic-proxy nic-proxy

   For example:

   [edit shared dsa group trial configuration subscriber-types name]

   user@host# set nic-proxy ip

Configuring Session Handles for Dynamic Service Activator

You configure the encoding key and encoding algorithm for the session handles to determine how the session handle URI is constructed. Session handles are encoded when returned by SOAP calls for the service provider’s privacy and to prevent service provider partners who operate SOAP clients from managing subscribers with whom they do not have a relationship.

To configure encoding for session handles:

1. From configuration mode, access the statement that configures the session handles.

   [edit]

   user@host# edit shared dsa group trial configuration session-handle

2. Specify the private key to use for encoding a session handle.

   [edit shared dsa group trial configuration session-handle]

   user@host# set encoding-key encoding-key

3. (Optional) Specify that the DES algorithm with MD5 hash digested key be used to encode the session handle. If you do not set this value, an exclusive OR algorithm is used.

   [edit shared dsa group trial configuration session-handle]

   user@host# set strong-encoding

Configuring the NIC Proxies for Dynamic Service Activator

You create a NIC proxy for each subscriber type to be configured. The name of the NIC proxy must match the name configured for the NIC proxy namespace.

Subscriber types that have different subscriber ID types can use the same NIC proxy. For example, a subscriber type configured as SubscriberType1 that has a subscriber ID type of interface-name, and a subscriber type configured as subscriberType2 that has a subscriber ID type of interface-index can both use the same NIC proxy. Likewise, a subscriber type configured as SubscriberType1 and a subscriber type configured as subscriberType2 that both have a subscriber ID type of address can use the same NIC proxy.

To configure NIC proxies:

1. From configuration mode, access the statement that configures the NIC proxy. In this sample procedure, the NIC proxy called ip is configured in the trial group.

   [edit]

   user@host# edit shared dsa group trial configuration nic-proxy-configuration ip

2. Specify the properties for the NIC proxy.

   [edit shared dsa group trial configuration nic-proxy-configuration ip]

   user@host# set ?

   For information about configuring NIC proxies, see Configuration Statements for NIC Proxies.

Configuring Access to Methods and Scripts for Dynamic Service Activator

Configuring access to methods and scripts involves adding methods, scripts, and clients to the configuration and configuring access properties between each client and each method or script.

Note: Client profiles are cached by Dynamic Service Activator for 30 minutes. If you change the password or role of a client that has been used within the last 30 minutes, it can take up to 30 minutes before these changes take effect. When permissions are configured, roles are assigned to application server user objects automatically. The first time you add a method or script for a client, the DSA role is added to the corresponding application server user, and when the last method or script is deleted, the DSA role is removed from the corresponding user. Only role and password changes take up to 30 minutes to take effect. If you do not want to wait 30 minutes for the changes to take effect, restart the Web application server.

Dynamic Service Activator interacts with the Web application server to determine whether a gateway client has access to a method or script. The name and credentials, such as a password, that are used to authenticate the gateway client are configured on the Web application server as user accounts.

Access constraints are regular expressions that the arguments for the method or script in the SOAP request must match. If the arguments for the method or script in a particular SOAP request do not match these regular expressions, then Dynamic Service Activator rejects the request.

Configuring Access to Methods for Dynamic Service Activator

Use the following configuration statements to configure methods and access properties between each client and each method:

Configuring Methods

To configure methods for Dynamic Service Activator:

1. From configuration mode, access the statement that configures the method to activate on the SAE. Use the text string that exactly matches the name of the method.

   [edit]

   user@host# edit shared dsa group name configuration method (commit-resources | invoke-gateway-extension | invoke-script | query-available-services | query-contexts | release-resources | subscriber-activate-service | subscriber-deactivate-service | subscriber-login | subscriber-logout |subscriber-modify-service | subscriber-read-subscription | subscribers-read | subscribers-read-subscriber)

   where:

   • commit-resources—Specifies the resources that are being requested in the CommitResource message.
   • invoke-gateway-extension—Invokes a servlet that has been created and deployed in the Web Services Gateway Web application server. The servlet can be a standalone application, or it can be part of a WAR or EAR file. When deployed, servlets invoked with this method should be accessible only from the local host.
   • invoke-script—Manages all operations involved with invoking scripts: retrieves requests to invoke scripts from the gateway client, authenticates the gateway client, verifies the arguments supplied by the gateway client, communicates with other SRC components, and returns values to the gateway client.
   • query-available-services—Searches for the services that are available to the calling application.
   • query-contexts—Searches for the context ID and context status for a subscriber.
   • release-resources—Specifies the resources that are being requested to be released in the ReleaseResources message.
   • subscriber-activate-service—Activates subscribers’ subscriptions to services.
   • subscriber-deactivate-service—Deactivates subscribers’ subscriptions to services.
   • subscriber-login—Logs in subscribers. This method supports only subscribers who are identified by their IP addresses. This method does not support subscribers who are identified by the names they use to log in or by their DNs.
   • subscriber-logout—Logs out subscribers. This method supports only subscribers who are identified by their IP addresses or the names they use to log in. This method does not support subscribers who are identified by their DNs.
   • subscriber-modify-service—Modifies subscriptions.
   • subscriber-read-subscription—Determines whether a subscriber accesses services through the SRC owner’s network and obtains all of that subscriber’s subscriptions.
   • subscribers-read—Reads attributes for the services, subscriber sessions, and service sessions for specific subscribers. This method supports all subscriber sessions for a given subscriber URI.
   • subscribers-read-subscriber—Reads attributes for the subscriber session. This method supports all subscriber sessions for a given subscriber URI.

   For example:

   user@host# edit shared dsa group trial configuration method subscriber-read-subscription

2. Specify the access constraints applied to the method for all clients.

   [edit shared dsa group trial configuration method subscriber-read-subscription]

   user@host# set constraints argument-index value

   where:

   • argument-index—Zero-based index of the argument used to locate the SAE on which to activate the method
   • value—Regular expression

     For information about the regular expression syntax, see http://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html.

   For example:

   user@host# set constraints 1 Audio-[a-zA-Z]*

Configuring Access to Methods

To configure access to methods for Dynamic Service Activator:

1. From configuration mode, access the statement that configures the gateway client’s access to a method. You must use the same name for the gateway client that is configured on the Web application server.

   If you disable the access control mechanism and you configure the Web application server to authenticate clients with any username and password, Dynamic Service Activator sends the text string “anonymous client” as the first argument to the SAE’s Java scripts interface module.

   [edit]

   user@host# edit shared dsa group name configuration client name permissions method name

   For example:

   user@host# edit shared dsa group trial configuration client name permissions method subscriber-read-subscription

2. Specify the regular expressions that the method arguments must match for the gateway client.

   [edit shared dsa group trial configuration client name permissions method subscriber-read-subscription]

   user@host# set constraints argument-index value

   For example:

   [edit shared dsa group trial configuration client name permissions method subscriber-read-subscription]

   user@host# set constraints 1 Audio-[a-zA-Z]*

Configuring Access to Scripts for Dynamic Service Activator

Use the following configuration statements to configure scripts and access properties between each client and each script:

Configuring Scripts

To configure scripts for Dynamic Service Activator:

1. From configuration mode, access the statement that configures the script to activate on the SAE. Use the text string that exactly matches the name of the script.

   [edit]

   user@host# edit shared dsa group name configuration script name

2. Specify the zero-based index of the script argument used to locate the SAE on which to invoke the script.

   [edit shared dsa group name configuration script name]

   user@host# set sae-locator-index sae-locator-index

3. Specify the access constraints applied to the script for all clients.

   [edit shared dsa group name configuration script name]

   user@host# set constraints argument-index value

   where:

   • argument-index—Zero-based index of the argument used to locate the SAE on which to activate the method
   • value—Regular expression

     For information about the regular expression syntax, see http://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html.

   For example:

   user@host# set constraints 1 Audio-[a-zA-Z]*

Configuring Access to Scripts

To configure access to scripts:

1. From configuration mode, access the statement that configures the gateway client’s access to a script. You must use the same name for the gateway client that is configured on the Web application server.

   If you disable the access control mechanism and you configure the Web application server to authenticate clients with any username and password, Dynamic Service Activator sends the text string “anonymous client” as the first argument to the SAE’s Java scripts interface module.

   [edit]

   user@host# edit shared dsa group name configuration client name permissions script name

2. Specify the regular expressions that the script arguments must match for the gateway client.

   [edit shared dsa group trial configuration client name permissions script name]

   user@host# set constraints argument-index value

   For example:

   [edit shared dsa group trial configuration client name permissions script name]

   user@host# set constraints 1 Audio-[a-zA-Z]*

Restricting Access to Service Sessions for Dynamic Service Activator

You can restrict the service sessions to which a gateway client has access. If you do not restrict access, the client has access to all service sessions.

To control the service sessions to which a gateway client has access:

1. From configuration mode, access the statement that configures the gateway client. You must use the same name for the gateway client that is configured on the Web application server.

   [edit]

   user@host# edit shared dsa group name configuration client name

2. (Optional) Specify that access is restricted to the client’s own service session.

   [edit shared dsa group trial configuration client name]

   user@host# set restricted

Configuring Access to Attributes for Dynamic Service Activator

You can control the configured attributes to which a gateway client has access. If you do not configure the client’s access to attributes, all configured attributes are allowed.

To control the attributes to which a gateway client has access:

1. From configuration mode, access the statement that configures the gateway client’s access to attributes. You must use the same name for the gateway client that is configured on the Web application server.

   If you disable the access control mechanism, then the client has no restrictions on access to the configured attributes.

   [edit]

   user@host# edit shared dsa group name configuration client name permissions attributes

2. (Optional) Specify the service attributes to which the gateway client has access.

   [edit shared dsa group trial configuration client name permissions attributes]

   user@host# set service [service...]

   Set this value only if you want gateway clients to have restricted access to configured attributes. By default, all configured attributes are allowed. If you do not want to allow access to any of these attributes, set this value to none.

3. (Optional) Specify the subscription attributes to which the gateway client has access.

   [edit shared dsa group trial configuration client name permissions attributes]

   user@host# set subscription [subscription...]

   Set this value only if you want gateway clients to have restricted access to configured attributes. By default, all configured attributes are allowed. If you do not want to allow access to any of these attributes, set this value to none.

4. (Optional) Specify the subscriber attributes to which the gateway client has access.

   [edit shared dsa group trial configuration client name permissions attributes]

   user@host# set subscriber [subscriber...]

   Set this value only if you want gateway clients to have restricted access to configured attributes. By default, all configured attributes are allowed. If you do not want to allow access to any of these attributes, set this value to none.

Configuring the SAE to Send Tracking Events to Dynamic Service Activator

The SAE communicates with Dynamic Service Activator through the Java Message Service (JMS) adapter plug-in. This SAE plug-in sends SAE tracking events to Dynamic Service Activator.

To configure the JMS adapter plug-in:

1. From configuration mode, access the JMS adapter plug-in configuration. In this sample procedure, the JMS adapter plug-in called soapapps is configured in the nw-area SAE group.

   [edit]

   user@host# edit shared sae group nw-area configuration plug-ins name soapapps jms-adaptor

2. Configure the grouped configuration used by all Dynamic Service Activator instances to which this plug-in forwards SAE events.

   [edit shared sae group nw-area configuration plug-ins name soapapps jms-adaptor]

   user@host# set shared-dsa-configuration shared-dsa-configuration

3. Specify the Dynamic Server Activator application servers to which the SAE events are published. The URLs reference the JNDI name servers on the application servers.

   [edit shared dsa group nw-area configuration plug-ins name soapapps jms-adaptor]

   user@host# set dsa-application-server-urls [dsa-application-server-urls...]

4. (Optional) Specify the SAE plug-in event attributes. The attribute values are the event’s subject ID, and they specify a subscriber or interface. The values can be set by the SAE’s subscriber classification script. If any of the event attributes contain a value that matches the subject ID in a Dynamic Service Activator event subscription, then the plug-in forwards the event to a Dynamic Service Activator instance.

   [edit shared sae group nw-area configuration plug-ins name soapapps jms-adaptor]

   user@host# set subject-id-attribute-name [subject-id-attribute-name...]

If you want to configure JMS adapter plug-in features not available at the basic editing level, set the editing level to advanced or expert and use the CLI Help to obtain information about statement options.

Configuring Dynamic Service Activator to Publish Events to SOAP Applications

When the SAE sends tracking events to Dynamic Service Activator, Dynamic Service Activator can publish events to external SOAP applications used by content service providers. Events are published according to the configured event subscription. Tasks to configure event subscriptions are:

• Configuring External SOAP Applications
• Configuring Event Subscriptions

Configuring External SOAP Applications

Dynamic Service Activator can publish subscriber, service session, and interface events to external SOAP applications.

To configure the external SOAP application to which Dynamic Service Activator can publish events:

1. From configuration mode, access the statement that configures the application to which events are published. You must use the same name for the gateway client that is configured on the Web application server.

   [edit]

   user@host# edit shared dsa group trial configuration client name application application-id

   where application-id identifies the external SOAP application.

2. (Optional) Specify that sending events to this external SOAP application is disabled.

   [edit shared dsa group trial configuration client name applicationapplication-id]

   user@host# set disabled

3. Specify the URL of the external SOAP application.

   [edit shared dsa group trial configuration client name application application-id]

   user@host# set listener-url listener-url

4. (Optional) If HTTP authentication is required, specify the username Dynamic Service Activator provides to the external SOAP application.

   [edit shared dsa group trial configuration client name application application-id]

   user@host# set http-id http-id

5. (Optional) If HTTP authentication is required, specify the password Dynamic Service Activator provides to the external SOAP application.

   [edit shared dsa group trial configuration client name application application-id]

   user@host# set http-password http-password

6. (Optional) Specify the size of the queue that holds received SAE events that have not been published yet.

   [edit shared dsa group trial configuration client name application application-id]

   user@host# set jms-queue-size jms-queue-size

Configuring Event Subscriptions

You can configure the event subscriptions owned by external SOAP applications. The event subscription defines a set of events, and the attributes in those events, that are published to the external SOAP application.

To configure event subscriptions:

1. From configuration mode, access the statement that configures the event subscription owned by an application.

   [edit]

   user@host# edit shared dsa group trial configuration client name application application-id event-subscription event-subscription-name

   where event-subscription-name is the arbitrary identifier of the event subscription.

2. (Optional) Specify that this event subscription is disabled.

   [edit shared dsa group trial configuration client name application application-id event-subscription event-subscription-name]

   user@host# set disabled

3. Configure the persistent identifier that specifies the subscriber or interface for which events are published. Only those events associated with the specified subscriber or interface are forwarded to the external SOAP application.

   [edit shared dsa group trial configuration client name application application-id event-subscription event-subscription-name]

   user@host# set subject-id subject-id

4. (Optional) For interface events, configure the identifier for the interface that is published to the external SOAP application instead of the persistent identifier.

   [edit shared dsa group trial configuration client name application application-id event-subscription event-subscription-name]

   user@host# set public-interface-id public-interface-id

5. (Optional) Specify the types of events that Dynamic Service Activator forwards to the external SOAP application. If no event types are specified, all event types are allowed. Only subscriptions for subscriber and service session events can be created by calls to the Dynamic Service Activator’s SOAP interface.

   [edit shared dsa group trial configuration client name application application-id event-subscription event-subscription-name]

   user@host# set event-type-filter [(user-start | user-interim | user-stop | service-start | service-interim | service-stop | interface-start | interface-interim | interface-stop)...]

6. (Optional) Specify the names of services for which Dynamic Service Activator can send service session events to the external SOAP application. If no service names are specified, events for all services are allowed.

   [edit shared dsa group trial configuration client name application application-id event-subscription event-subscription-name]

   user@host# set service-name-filter [service-name-filter...]

7. (Optional) Specify the SAE plug-in events that Dynamic Service Activator can forward to the external SOAP application. This filter allows constraints to be placed on the event attributes. If event attributes do not satisfy the specified constraints, Dynamic Service Activator cannot forward the event to the external SOAP application. If no events are specified, no constraints are applied.

   [edit shared dsa group trial configuration client name application application-id event-subscription event-subscription-name]

   user@host# set event-filter event-filter

8. (Optional) Specify the names of SAE plug-in event attributes that Dynamic Service Activator can forward to the external SOAP application. If no attribute names are specified, all attributes are forwarded.

   [edit shared dsa group trial configuration client name application application-id event-subscription event-subscription-name]

   user@host# set attribute-names [attribute-names...]

Configuring the Logging Destinations for Dynamic Service Activator

Use the following configuration statements to configure logging destinations for Dynamic Service Activator:

Configuring Logging Destinations to Store Messages in a File

To configure logging destinations to store log messages in a file:

1. From configuration mode, access the statement that configures the name and type of logging destination. In this sample procedure, the logging destination called file-1 is configured in the trial group.

   [edit]

   user@host# edit shared dsa group trial configuration logger file-1 file

2. Specify the properties for the logging destination.

   [edit shared dsa group trial configuration logger file-1 file]

   user@host# set ?

   For more information about configuring properties for the logging destination, see Configuring a Component to Store Log Messages in a File (SRC CLI).

Configuring Logging Destinations to Send Messages to the System Logging Facility

To configure logging destinations to send log messages to the system logging facility:

1. From configuration mode, access the statement that configures the name and type of logging destination. In this sample procedure, the logging destination called syslog-1 is configured in the trial group.

   [edit]

   user@host# edit shared dsa group trial configuration logger syslog-1 syslog

2. Specify the properties for the logging destination.

   [edit shared dsa group trial configuration logger syslog-1 syslog]

   user@host# set ?

   For more information about configuring properties for the logging destination, see Configuring System Logging (SRC CLI).

Related Topics

• Overview of Dynamic Service Activator
• Configuring Local Properties for Dynamic Service Activator (SRC CLI)
• Configuring Dynamic Service Activator Properties (C-Web Interface)
• Viewing Information About NIC Proxies (SRC CLI)
• Monitoring NIC Proxies (SRC CLI)

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.