Secure connector https and ssl, Session replication in nsasj – HP Integrity NonStop H-Series User Manual
Page 59
The security constraint is specified in the web.xml file and any of the security mechanisms, namely
BASIC, FORM based, or Client CERT based in the login-config tag of the web.xml file. The
following example provides a sample configuration from web.xml:
The security domain for the application can be defined in the jboss-web.xml as follows:
Alternately, in the application using the annotation @SecurityDomain as
@SecurityDomain("MyDomain").
Other annotations such as @RolesAllowed, @RunAs , @DeclareRoles can also be used in the
application.
Secure Connector HTTPS and SSL
The second method is by using connectors (HTTPS) and configuring SSL. To enable SSL support
for a particular instance of connector, the secure attribute must be set to true. In the default
configuration of NSASJ, the HTTPS connector has the secure attribute set to true. Additionally,
the SSL authentication can be setup as follows:
1.
Create a certificate keystore $JAVA_HOME/bin/keytool -genkey -alias tomcat
-keyalg RSA -keystore /path/to/my/keystore
, and then specify a password.
2.
Add a SSL tag in the connector configuration. Following is a sample configuration:
Session replication in NSASJ
Session replication ensures that the client sessions of applications are not disrupted by failovers.
In NSASJ, this is achieved through Infinispan Cache servers.
Comparison of session replication in JBoss and NSASJ
Session replication in JBoss is achieved through the embedded Infinispan caches within the JBoss
servers. These caches must be in either replicated or distributed mode to achieve the seamless
replication even during failover. In case of NSASJ, cache stores are configured with remote backup
Web subsystem
59