RadixWare Administrator Guide/RadixWare Web Presentation Server

From RadixWiki
Jump to: navigation, search

Revision History

Date RadixWare Version Description of Changes
18.09.2018 2.1.19.x In the user authentication dialog box, supported the facility to automatically fill in the Station parameter from the connections.xml file if only one connection is described in this file and it is selected as the default one.

Updated section Connection Description File

25.07.2018 2.1.18.x Changed the mechanism of selecting a language when the web interface is started using the additional startup parameters in the browser address bar.

Updated section Transferring Additional Parameters in Browser Address Bar

13.06.2018

2.1.17.x

To the Web Server Configuration Settings page of the administration panel, made the following changes:
  • Added the Reread command.
  • Renamed the Save command to Write.

Updated section "Web Server Configuration Settings" Page

To the web interface administration panel (Connection Options page), added the Automatically discover server addresses flag.

Updated section "Connections Settings" Page

Supported the disableSPNEGOAuth startup parameter of the RadixWare Web Presentation Server. If this parameter is used when starting up the web server, the SPNEGO authentication will be disabled when authenticating with Kerberos. Depending on other web server settings, the authentication is performed using the certificate or applying another method specified in the remoteKrbAuth parameter. The disableSPNEGOAuth parameter is ignored if the following parameters values are defined in the web server settings: remoteKrbAuth=disabled and krbAuthPolicy=required.

This parameter corresponds to Disable SPNEGO authentication available on the Configure Web Server Params page of the administration panel.

Updated sections:

26.03.2018 2.1.16.x Supported the facility to automatically authenticate a user and go to a certain item in the Explorer based on the data specified in the address bar of the browser.

Added section Transferring Additional Parameters in Browser Address Bar

Updated section Connection Description File

13.12.2017

2.1.14.x

Implemented the administrator panel enabling to:
  • View the general information on the RadixWare Web Presentation Server
  • View and edit the RadixWare Server connection settings
  • View the configuration parameters of the Web server and edit some of the parameters.

Added sections:

Updated sections:

For the RadixWare Explorer and Web Presentation Server, supported the –detailed3rdPartyLogging startup parameter.

Modified section Configuration File Parameters

21.09.2017

2.1.13.x

Added the startVersion parameter used for RadixWare Web Presentation Server startup. The parameter specifies the number of revision in SVN repository whose files will be used for RadixWare Web Presentation Server startup.
Added the page used to test the speed of data transfer between the web server and browser. The page is available at https: //<address of web interface>/speedTest.html. The test batches are sent from the browser to the web server, the time of receiving the response and the transfer speed are registered. The speedTest.html page contains the test settings (interval of sending test data and maximum size of batch) and area where the test results are displayed. The maximum size (Mb) of batch is defined in the JVM parameter of web server startup - rdx.web.speed.test.max.packet.size. If the parameter is not defined, the maximum batch size is 10Mb by default. If the parameter value is less than or equal to 0, the access to the speedTest.html page is denied (the page with 404 error code is displayed to the customer).

Added section Getting Information on Data Transfer Speed in Web Client

Conventions and Abbreviations

Conventions

Convention Example Applies to
Italic Path to web-app.war file. Names of the files, directories, subdirectories, websites; values of the parameters
Bold RadixWare Web Presentation Server executable components are updated by the user command from the browser. Terms introduced for the first time; names of the software products; names of the user interface elements, application units, parameters, fields, operations, tags.
Text after Note.jpg Note.jpgWhen installing Apache Tomcat, do not enter the password. Notes
Text after Example.jpg Example.jpgIf the context description file given in the previous example is located at <CATALINA_BASE>/conf/Catalina/localhost/radix.xml, the web interface will be available at https://localhost/radix/. Examples


Abbreviations

DBMS - Database management system

EAS - Explorer Access Service

JVM - Java Virtual Machine

OS – Operating system

SVN - Subversion

Introduction

This document describes the RadixWare Web Presentation Server application and its startup procedure.


Related Documents

# Document name Description
1 RadixWare Explorer. User Guide The document describes the RadixWare Desktop Explorer and RadixWare Web Explorer application facilities and methods of executing various operations.
2 RadixWare Server. Administrator Guide The document describes the RadixWare Server application and its startup procedure.
3 RadixWare Starter. Administrator Guide The document describes the RadixWare Starter application and its startup procedure.
4 RadixWare. Software Products Installation and Upgrade Technology The document describes the RadixWare Manager application and procedures of installing and updating the software products by means of RadixWare Manager.
5 RadixWare. Key Store Administrator Utility. Administrator Guide The document describes the Key Store Administrator utility.


Overview

The RadixWare Web Presentation Server application is used to provide the web browser as the client application of the RadixWare technological platform. RadixWare Web Presentation Server is started up under control of the Apache Tomcat web applications server v.7.x.x/v.8.x.x. RadixWare Web Presentation Server performs the following functions:

  • Interaction with the client (the web browser is used as the client application). The interaction is provided by the HTTPS or HTTP protocol.
  • Interaction with RadixWare Server (it functions as a client for RadixWare Server). The interaction is provided by the EAS protocol. At that, it is possible to use the user name and password authentication as well as authentication by certificate and Kerberos protocol.

General scheme of the system components interaction:

Radix-web.jpg

Executable components of RadixWare Web Presentation Server are loaded from the SVN repository specified in the configuration file. When updating the RadixWare Server executable components, the browser displays a message saying that RadixWare Web Presentation Server version is outdated. Executable components of RadixWare Web Presentation Server are updated by user command from the browser.

RadixWare Web Presentation Server Startup

To start up RadixWare Web Presentation Server, perform the following actions:

1.Install the RadixWare platform or the software product based on this platform. For the installation description, refer to RadixWare. Software Products Installation and Upgrade Technology.

2.Get the web-app.war file from the SVN repository using RadixWare Manager (for details, refer to RadixWare. Software Products Installation and Upgrade Technology). If the file version does not match the version of RadixWare Web Presentation Server, the respective message displays in RadixWare Web Explorer when addressing server. To avoid the mismatch, get the up-to-date file web-app.war from the SVN repository.

3.Install Apache Tomcat.

Note.jpgWhen installing Apache Tomcat, do not enter the password.
Note.jpgWhen using Linux OS, make sure that the following parameter is present in the catalina.sh file.

JAVA_OPTS="-Djava.awt.headless=true"

4.Configure Apache Tomcat to work by the HTTPS protocol. For this purpose, make sure that the <CATALINA_BASE>/conf/server.xml file contains the following tag:

Example.jpg<Connector port="PORT"  SSLEnabled="true"
              clientAuth="true" 
              keystoreFile=KEYSTORE
              keystorePass=KEYSTORE_PASSWORD
              keystoreType="JKS" 
              truststoreFile=TRUSTSTORE
              truststorePass=TRUSTSTORE_PASSWORD
              truststoreType="JKS"
              maxThreads="150"               
              protocol="HTTP/1.1" 
              scheme="https" 
              secure="true" 
              sslProtocol="TLS"/>

where

  • PORT - the port where the web interface must be available. For example, 443.
  • KEYSTORE - the path to the key storage file (of the JCEKS format).
  • KEYSTORE_PASSWORD - the password to the key storage file.
  • TRUSTSTORE - the path to the file of the trusted certificates storage (of the JCEKS format).
  • TRUSTSTORE_PASSWORD - the password to the file of the trusted certificates storage.

One and the same file can be used as the key storage and the the trusted certificates storage. For details on setting up the key and certificate storage, refer to How to Set up Interaction via HTTPS Protocol. For details on the server.xml file parameters, refer to Apache Tomcat documentation.

5.Create a file with description of the context for the RadixWare Web Presentation Server startup. The location of the context description file is defined by the address where the web interface must be available. To make the web interface available at https://<hostname>/<application>, the context description file must be located at <CATALINA_BASE>/conf/Catalina/<hostname>/<application>.xml.

Example.jpgIf the context description file given in the previous example is located at <CATALINA_BASE>/conf/Catalina/localhost/radix.xml, the web interface will be available at https://localhost/radix/.

For the description of context files location and format, refer to Apache Tomcat documentation. In this file, specify the following:

  • Path to the web-app.war file in the docBase parameter of the <Context> tag.
  • RadixWare Starter and RadixWare Web Presentation Server startup parameters (see below) using the <Environment> tag.
Example.jpgExample of the context description file:
<?xml version="1.0" encoding="UTF-8"?>
 <Context antiJARLocking="true" docBase="C:\radix\web-app.war" path="/">
 <Environment name="configFile" type="java.lang.String" override="true" value="C:\radix\web.conf"/>
</Context>

6.Restart Apache Tomcat.

7.Start RadixWare Server up (for details, refer to RadixWare Server. Administrator Guide).

Startup Parameters

To start RadixWare Web Presentation Server up, the context description file must contain the <Environment> tag defining the configFile startup parameter. The parameter defines the location of the configuration file containing the RadixWare Starter and RadixWare Web Presentation Server startup parameters. For the description of configuration file format, refer to RadixWare Starter. Administrator Guide.

RadixWare Web Presentation Server startup parameters must be stored in the [WebPresentationServer] section of the configuration file. For the parameters description, refer to Configuration File Parameters.

To start up the RadixWare Web Presentation Server, the connectionsFile parameter must be defined in the configuration file. The parameter defines the location of the file describing connection to RadixWare Server. For the description of the file format, refer to Connection Description File.

Changes in the configuration file will be applied only at the Apache Tomcat restart.

Connection Description File

The connection description file is an XML file that uses the http://schemas.radixware.org/connections.xsd namespace.

<Connections> tag must be a root tag containing the following embedded tags:

  • <Connection>. Describes the connection to RadixWare Server.

The mandatory Name parameter defines the connection name. The tag must contain the following embedded tags:

  • <InitialAddress>. The address of the EAS service access point for RadixWare Web Presentation Server must function.
  • <StationName>. The station name that RadixWare Web Presentation Server must use. If only one connection is described in this file and it is selected as the default one, the station name specified in this connection is automatically filled in the Station parameter in the user authentication dialog box of RadixWare Web Explorer.
  • <ExplorerRootId>. The identifier of the explorer tree root element. If the tag is absent, the user will be offered to select the root element after the connection is established.
  • <Language>. The interface language (two-letter code).
  • <Country>. The system user country. The two-letter code in upper register. The default value depends on the value specified in the <Language> tag.
  • <TraceLevel>. The severity level of events that must be written to the trace. Possible values:
  • 0. Debugging.
  • 1. Event.
  • 2. Warning.
  • 3. Error.
  • 4. Alarm.
  • <Comment>. The connection description.
    • <KerberosOptions>. The parameters of connection via the Kerberos protocol. The tag must contain the Spn mandatory parameter where the EAS service account name must be specified.
    • <SSLOptions>. The parameters of connection via the TLS protocol. For details, refer to How to Set up RadixWare Server Connection via TLS Protocol.
    • <AddressTranslationFilePath>. The path to the text file with the table of translations of EAS service access point addresses received in the system manifest. The translation table contains the following fields: <scpname>,<original_address>,<new_address>.
After the manifest is received, the existing addresses (<original_address>) are replaced with the respective new addresses (<new_address>) with regard to the service’s client profile name (<scpname>).
If the <new_address> field is not defined in the table, the respective <original_address> from the manifest will be blocked.
  • <Users2Connection>. Describes the correspondence between user names and connections.

The mandatory DefaultConnection parameter defines the name of the connection used for logon by the users for whom connection is not explicitly specified. The connection with the specified name must be described by one of the <Connection> tags. The tag can contain a random number of embedded <Link> tags that have the following mandatory elements:

  • ConnectionName parameter. The connection name to be used for the current user (list of users). The connection must be described in the one of the <Connection> tags.
  • <Users> section. The section can contain any number of <User> nested tags each of them containing the user name.

Example.jpgExample of connection description file:

<?xml version="1.0" encoding="UTF-8"?>
<Connections xmlns="http://schemas.radixware.org/connections.xsd"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <Users2Connection DefaultConnection="RADIX">
                <Link ConnectionName="RADIX_ADMINS">
                <Users>
                  <User>ADMINISTRATOR 1</User>
                  <User>ADMINISTRATOR 2</User>
                  <User>ADMINISTRATOR 3</User>
                </Users>
              </Link>
      </Users2Connection>
      <Connection Name="RADIX">
              <Comment xsi:nil="true"/>
              <StationName>ServerConsole</StationName>
              <InitialAddress>localhost:10001</InitialAddress>
              <TraceLevel>0</TraceLevel>
      </Connection>
</Connections>

Some parameters of RadixWare Server connection can be specified in the browser address line when starting up the client application. For details, refer to Transferring Additional Parameters in Browser Address Bar.

How to Set up RadixWare Server Connection via TLS Protocol

To set up a secure connection to RadixWare Server via the TLS protocol, add the <SSLOptions> tag to the connection description file. The tag can contain the following attributes:

  • UseSslAuth. The TLS protocol usage variant. Available values:
    • true - using authentication by the user certificate
    • false - using TLS protocol only for the connection encryption

The default value is false.

  • TrustStoreFilePath. The path to the certificate storage that is used to check the certificate provided by RadixWare Server.
  • TrustStorePathIsRelative. Available values:
    • true - path to the certificate storage is specified regarding the directory where configuration file with RadixWare Web Presentation Server settings is located.
    • false - path to the certificate storage is absolute.

The default value is false.

  • TrustStorePassword. The password to the certificate storage.

If the TrustStoreFilePath, TrustStorePathIsRelatice and TrustStorePassword attributes are absent, the path to the trusted certificates storage specified in the keyStoreFile parameter of configuration file is used.

Example.jpgExample of RadixWare Server connection description with the TLS protocol-based connection settings:

      <Connection Name="RADIX">
              ...
              <SSLOptions
                        TrustStoreFilePath="myTrustStore.jceks"
                        TrustStorePathIsRelative="true"
                        TrustStorePassword="myTrustStorePassword"/>
      </Connection>

Configuration File Parameters

The following parameters can be specified in the configuration file starting up RadixWare Web Presentation Server:

Parameter

Description

Main Connection Settings

connectionsFile

Full path to the file describing RadixWare Server connection settings.

sshRequired

If the parameter is specified in the configuration file, the trusted connection is required to work with the web interface.

Trace Parameters

traceProfile

Severity level of events to be written to trace.

In addition to the default severity level, it is possible to specify the severity level for the certain event sources using the separator ";".

example.jpgExample of parameter value:

Error;Arte.DefManager=Debug

The default value is none.

traceMinSeverity

The severity level of the events to notify visually the user about (the trace icon located in the bottom right corner of the application will flash).

traceDir

Full path to the directory where the trace files will be created.

Parameters for Authentication by Kerberos Protocol

krbAuthPolicy

Policy of using the Kerberos authentication. Available values:

  • none (default value). Kerberos authentication is not used.
  • enabled. Kerberos authentication is used if possible. If not possible, other authentication methods are applied.
  • required. Only Kerberos authentication can be used.

wpsSpn

Name under which the web server is registered on the Kerberos authentication server.

The default value is HTTP/<hostname>.

keyTabFile

Path to the Kerberos key file that stores the key(-s) for the current web server account.

It is possible to use the path specified in the default_keytab_name parameter of the Kerberos configuration file (krb5.conf). If the file or parameter does not exist, the system will attempt to use the krb5.keytab file that is located in the user home directory.

useDelegatedCredentials

If the parameter is specified in the configuration file, the Kerberos authentication is executed with the delegation of user rights to web server.

fallbackToCertificateAuth

If the parameter is specified in the configuration file and the Negotiate authentication is unsuccessful, the user certificate will be used (if it is provided).

remoteKrbAuth

The method of identification data (name and password) transferring from web client to web server. Available values:

  • disabled (default value). The transferring of identification data of user account on Kerberos authentication server is prohibited.
  • radix. The identification data are transferred using the AJAX request (when establishing connection in web interface, the RadixWare Web Explorer standard dialog is used)
  • basic. The data are transferred using the BASIC authentication scheme: web server generates the response with error 401 and "WWW-Authenticate: Basic" header. Having receive it, web browser shows the own identification dialog and sends the user-entered identification data in the response with the Authorization header.

downgradeNtlm

When web server generates the response with error 401 and "WWW-Authenticate: Negotiate" header, web client makes an attempt to use the NTLM authentication that is not supported in RadixWare Web Presentation Server. If the parameter is specified in the configuration file, on attempt to use the NTLM authentication, web server will request to transfer the authentication data according to the value specified in the remoteKrbAuth parameter.

disableSPNEGOAuth

If this parameter is used when starting up the web server, the SPNEGO authentication will be disabled when authenticating with Kerberos. Depending on other web server settings, the authentication is performed using the certificate or applying another method specified in the remoteKrbAuth parameter. The disableSPNEGOAuth parameter is ignored if the following parameters values are defined in the web server settings: remoteKrbAuth=disabled and krbAuthPolicy=required.

Parameters for Authentication by Certificate

keyStoreFile

Full path to the certificate storage that stores the RadixWare Web Presentation Server certificate used to authenticate on the application server. This storage can also contain the trusted certificate of application server.

keyStorePwd

Password to the keyStoreFile certificate storage. After the RadixWare Web Presentation Server first startup, the parameter value will be encrypted.

certificateAlias

Alias of the certificate in the keyStoreFile storage that is used by RadixWare Web Presentation Server to authenticate on the applications server. If the certificate with the specified alias is absent in the storage, the first certificate from the storage is used.

If the parameter is not specified, the first certificate from the storage is used.

certAttrForAccName

The user certificate attribute that stores the account name.

The default value is CN.

Parameters for Uploading Files

uploadFileSizeSoftLimitMb

Limit of file size (Mb). If the file being uploaded exceeds the specified value, the dialog box used to confirm its loading is displayed in RadixWare Web Explorer. If the parameter is absent in the configuration file, the file size is restricted to 10 Mb by default.

uploadFileSizeHardLimitMb

Maximum size (Mb) of the uploaded file. If the file being uploaded exceeds the specified value, it will be declined. If the parameter value is less than 0, the file size is not checked. If the parameter is absent in the configuration file, the file size is restricted to 100 Mb by default.

Parameters for Displaying User Content

bannerDir

Path to the directory containing the HTML file with description of user content and resources used in this HTML file (images, files with CSS styles, etc.).

bannerFile

Path to the HTML file containing the user content (relatively to the directory specified in the bannerDir parameter). If the bannerDir parameter is not defined, this parameter is ignored.

bannerFrameStyle

Value of the style attribute used in the iframe tag (the frame used to display the user content on web client pages). It is specified in quotation marks according to the CSS syntax. The default value is "border: none; width: 100%;".

bannerFrameHeight

Frame height. The default value is 100px. If the bannerFrameStyle parameter is defined, this parameter is ignored.

Other Parameters

sessionMaxInactiveInterval

Maximum lifetime of inactive Http session (in seconds).

By default, the system uses the value specified in the Apache Tomcat (tomcat_home/conf/web.xml) configuration file (section <session-config>|parameter <session-timeout>).

restoreTreePosition

If the parameter is defined in the configuration file, once the connection is established, the current element will be restored in the explorer tree.

SettingsDatabasePath

Full path to the customized local DB. If the path is specified incorrectly or a user has no access to the specified directory, the RadixWare Web Explorer will be started with the default settings and the custom settings saved during the current session will be lost.

startVersion

Number of revision in SVN repository whose files will be used for RadixWare Web Presentation Server startup. After the startup the startVersion parameter is deleted from the configuration file, and the latest version available in the SVN repository will be used at the next startup of RadixWare Web Presentation Server.

writeObjectNamesToHtml

If the parameter is defined in the configuration file, the objname attribute of the HTML element will contain the name of respective graphic java object (if such object exists and is named). The objects are named in such a way that two adjacent objects must have different names. The names are not changed when RadixWare Web Presentation Server is restarted. The following graphic objects are currently named:

  • explorer tree branches;
  • editor, selector, form;
  • embedded editor/selector;
  • tree elements in the dialog box used to select a class of object being created;
  • selector columns, rows and cells;
  • buttons of the editor and selector toolbar;
  • command buttons;
  • switch of editor pages;
  • parameters groups;
  • fields used to edit parameters;
  • parameters names;
  • buttons used to close modal dialog box.

The parameter is used for automatic testing of the user-defined interface of web application.

detailed3rdPartyLogging

If the parameter is defined in the configuration file, the tracing of Event and Debug messages in which the event sources are third-party components / libraries is enabled.

Parameters for Setting up Administrator Panel

adminUsers

List of users of client certificates (certificates used in the web browser for interaction via HTTPS protocol) who will be allowed to access the administrator panel. For details on generation of client certificates, refer to How to Set up Interaction via HTTPS Protocol.

Example.jpgExample of parameter value: adminUsers = admin1, admin2

adminPanelUrlParam

Address of the page where the administrator panel will be available.

Example.jpgIf the adminpanel value is specified in the parameter, and web interface is available at address https://localhost/radix/, the address bar of the page with the administrator panel will be https://localhost/radix/?adminpanel

example.jpgExample of configuration file:

[Starter] 
workDir = C:\radix\test 
svnHomeUrl = svn://svn.server.local/radix/ 
topLayerUri = org.radixware 
appClass = org.radixware.wps.WebServer  
[WebPresentationServer] 
connectionsFile=C:\radix\config\connections.xml 
traceDir=C:\radix\trace 
traceProfile=Debug
settingsDatabasePath=C:\Users\Username\myLocalDB\

Transferring Additional Parameters in Browser Address Bar

When starting the client application, it is possible to specify the parameters in the browser address bar that are used:

  • for connection with RadixWare Server;
  • for automatic user authentication;
  • to automatically move to the required item in the navigation tree after authentication.

The parameters that can be used in the browser address bar are described below:

Parameter Description
user User name
station Station name that RadixWare Web Presentation Server must use. The parameter corresponds to the <StationName> tag of connection description file.
pwdHash256 SHA-256 hash of the string <user name in uppercase>-<password>. It can be used only for users whose password is hashed according to SHA-256 algorithm (if the password was last changed in RadixWare 2.1.8 and higher).
pwdHash1 The first 16 bytes of SHA-1 hash of <user name in uppercase>-<password>. It can be used only for users whose password is hashed according to SHA-1 algorithm (if the password was last changed in RadixWare 2.1.7 and lower).
password Password in clear format.

Note.jpgDue to security reasons, it is highly not recommended to transfer the password in clear format in the address bar.

language Interface language (two-letter code). The parameter corresponds to the <Language> tag of connection description file.
trace Minimum severity level to write the events to trace. Available values:
  • Debug. Show all events including the debug messages.
  • Event. Show events with the "event" or higher severity level.
  • Warning. Show events with the "warning" and higher severity level.
  • Error. Show error messages, including critical errors.
  • Alarm. Show only critical error messages.

The parameter corresponds to the <TraceLevel> tag of connection description file.

explorerRoot Identifier of the explorer tree root element. If the parameter is not specified, the user will be offered to select the root element after the connection is established. The parameter corresponds to the <ExplorerRootId> tag of connection description file.
entryPoint Name of entry point

The parameters of the address bar are separated by "&" character, and are separated from the address of web interface by "?" character.

Example.jpgExample of address line with connection parameters:

https://localhost/radix/?user=U0001&station=OperatorStation&pwdHash256= D46DCFD699CE24708CCDAF89BA2C150C0C4551C63F4362CE8EA4A9164FBD9689

Moving to Item in Navigation Tree
The mechanism of entry points is used to move to the required item in the navigation tree. Each entry point implements one of the predefined algorithms and should have:

  • Name used to address the entry point from the address bar. It is specified when creating an entry point in the entryPoint parameter of the browser address bar.
  • Additional parameters used to define the item to move to. The names of additional parameters start with "_" character in order to distinguish the additional parameters from the main ones in the address bar.

The RadixWare platform provides the required tools for developing the entry points. The mechanism of entry points is currently used on application level. For description of purposes of specific entry points and their additional parameters, refer to the documentation on respective software product.

Selecting Web Interface Language
When the web interface is started using the additional startup parameters in the browser address bar, the language is selected as follows:
1. If one language is supported on the top software layer, it is selected automatically at connection.
2. If several languages are supported on the top software layer, the first suitable variant is used:

  • language specified in the additional language parameter of the address bar;
  • language specified in the connection settings (<Language> tag in the connection description file);
  • language specified in the browser_locale parameter of HTTP request.

3. If the variants mentioned above are not suitable (the respective parameters are not defined, or the specified language is not supported on the top software layer), the English language is selected at connection, if it is supported on the top software layer.
4. Otherwise, the first language specified in the list of languages of the top software layer is selected.

How to Set up Interaction via HTTPS Protocol

For Apache Tomcat to interact via HTTPS protocol, there must be the storage of keys / trusted certificates used to sign the client keys on the server.

This section describes how to create and set up the storage of keys / certificates, and sign the client certificates, using Key Store Administrator as an example.

To set up the keystore on the server acting as Certification Authority, perform the following actions:
1. Create a keystore on server (Create File Keystore command) that will be used as Certification Authority for signing client certificates. At that, specify the path to the keystore file and its password.

Keystore 1.jpg

2. Generate a pair of RSA keys (Generate Key Pair command). In the User name parameter of the dialog box used to execute the command, specify the URL of the web server host. For example, if the web interface is available at https://<hostname>/<application>, specify <hostname> in the User name parameter. Other command parameters do not have any specific peculiarities.


Keystore 2.jpg

The command execution results in generation of the key pair, the public key is placed to the self-signed certificate:


Keystore 3.jpg

To set up and sign client keys, perform the following actions:
1. Create a client keystore (Create File Keystore command). In the created keystore:

  • Generate a pair of RSA keys (Generate Key Pair command). In the User name parameter of the dialog box used to execute the command, specify the name of user that will use the generated certificate. Other command parameters do not have any specific peculiarities.
  • Generate a request for getting a certificate from the Certification Authority (Prepare Certificate Request command), specify the following parameters:
  • alias of key pair for which it is required to get a certificate;
  • name and location of the file where the generated request will be saved.

Keystore 4.jpg

2. Sign the generated request (see description above) in the Certification Authority. For this, execute the Sign Client's Certificate command in the server keystore and specify the following parameters:

  • alias of the key used to sign the certificate;
  • name and location of the file where the generated request will be saved;
  • name and location of the file where the signed certificate will be saved.

Keystore 5.jpg

3. Add the received certificate to the client keystore (Receive Certificate command) and specify as follows:

  • alias of key for which the certificate is used;
  • name and location of the file where the received certificate is saved.

When loading data, it is verified using the trusted certificate and certificate signed by Certification Authority. The result of the check is the chain of certificates in which the first certificate is the root certificate, the second certificate is the certificate issued by Certification Authority:

Keystore 6.jpg

4. Export the key signed by Certification Authority. For this, execute the Export Key Pair to PKCS#12 Keystore command in the client keystore and specify as follows:

  • location of the file containing keystore PKCS#12 (*.p12);
  • password for keystore PKCS#12;
  • name of key being exported.

Keystore 7.jpg

5. The exported file (see description above) should be imported to the browser used to access the web interface.

Administrator Panel

The administrator panel in the web interface is intended for RadixWare Web Presentation Server administrator and enables to:

Setting up Administrator Panel To set up the administrator panel, perform the following actions:

  • Make sure that the settings for Apache Tomcat interaction via HTTPS protocol are defined.
  • Add the following parameters to the configuration file used for RadixWare Web Presentation Server startup:

Once the settings are defined, the administrator panel will be available:

  • at the https://localhost/radix/?adminpanel address, where: https://localhost/radix/ - address of web interface; adminpanel - value specified in the adminPanelUrlParam parameter;
  • (for users if their browsers have the certificate issued for the name specified in the adminUsers parameter.

"Server Information" Page

The page contains the following general information on web server and application server:

  • Version Information
  • Starter Information
  • System Information (Java version, OS)
  • Tomcat Information

WebAdmin 1 .jpg

"Connection Settings" Page

The page is used to view and edit the RadixWare Server connection settings. By default, the values defined in the connection description file are displayed on the page.
The following commands are available on this page:

  • Apply. When the command is executed, the changes of the connection setting parameters are applied "on the fly" (the changes are applied when a new session is started) and are saved to the connection description file.
  • Revert. The command is used to revert the changes that have not been applied yet. When the command is executed, the parameters on the page are set to the values specified in the connection description file.

WebAdmin 2 .jpg

The list below contains the list of elements displayed on this page and the list of corresponding tags from the connection description file:

Connection Settings area
This area contains the list of connections to application server (RadixWare Server). Each description of connection corresponds to the <connection> tag in the connection description file. To manage the connection description, use the commands of creating / deleting a connection, creating a copy of connection and editing parameters of the selected connection:

  • Name (corresponds to the Name parameter of <connection> tag). The connection name. The parameter is mandatory.
  • Servers (corresponds to the <InitialAddress> embedded tag). The address(es) of the EAS service access point used by RadixWare Web Presentation Server. The list of addresses is defined in the standard value array editor. The array elements are defined in the text input field. The parameter is mandatory.
  • Automatically discover server addresses. If the flag is set, the settings of the service’s client profiles and their links to the EAS access points (these settings are stored in the system manifest file) will be used to set a connection. If the flag is not set, one of the available addresses specified in the connection settings will be always used. The flag is set, by default.
  • Station (corresponds to the <StationName> embedded tag). The station name to be used by RadixWare Web Presentation Server.
  • Default. If the flag is set, the current connection will be used as default for users for whom the connection is not specified explicitly (record in the User and Connection Correspondence area is absent for user).
  • Explorer root (corresponds to the <ExplorerRootId> embedded tag). The root element of the explorer tree is selected from the drop-down list requested from the server. If the root element is not defined in the connection settings, the user will be offered to select the root element after the connection is established.
  • Trace level (corresponds to the <TraceLevel> embedded tag). The minimum severity level to write the events to trace. Available values:
  • None
  • Debug
  • Event
  • Warning
  • Error
  • Alarm
  • Path to address translation file (corresponds to the <AddressTranslationFilePath> embedded tag). The path to the text file with the table of translations of EAS service access point addresses received in the system manifest. To edit the table of address translations, execute the Edit File command (Edit button.jpg button):

WebAdmin 3.jpg

The dialog box contains the list of access points whose addresses should be translated. When the manifest is received, all original addresses (Original address parameter) are replaced by new respective addresses (New address parameter) with regard to the service client profile (SCP parameter). It is possible to create, edit and delete records in the table.

If the New address parameter is not defined in the record, the respective original address from the manifest will be blocked.

  • Use TLS encryption. If the flag is set, the tag describing the current connection has the <SSLOptions> embedded tag containing the settings of connection via TLS protocol. At that, the following TLS connection parameters become available in the administrator panel (SSL Options area):
  • Path to truststore file (corresponds to the TrustStoreFilePath attribute).
  • Truststore path is relative (corresponds to the TrustStorePathIsRelative attribute).
  • Truststore password (corresponds to the TrustStorePassword attribute).

For details, refer to How to Set up RadixWare Server Connection via TLS Protocol.

  • Kerberos Settings area (corresponds to the <KerberosOptions> embedded tag) contains the EAS principal name parameter (corresponds to the Spn parameter of the <KerberosOptions> tag) that specifies the EAS service name on the authentication server.

User and Connection Correspondence area
This area contains the list of records describing the correspondence between user name and connection used for logon of this user (corresponds to the <Users2Connection> embedded tag). To manage the connections, use the commands of creating / deleting a record, and editing the selected record. The connection record editor contains the following parameters:

  • User. The name of user for whom the connection is created. The parameter can be edited at a record creation only.
  • Connection. The connection to be used for the specified user. The value is selected from the list of defined connections.

"Web Server Configuration Settings" Page

The page is used to view the web server configuration parameters and edit some of them. By default, the parameters on this page are set to values defined in the configuration file parameters used to start RadixWare Web Presentation Server.

The following commands are available on this page:

  • Write. The changes of configuration parameters on the administration panel are saved in the configuration file used to start RadixWare Web Presentation Server. In this case, the changes are applied after the server is restarted.
  • Apply. The changes of configuration parameters on the administration panel are applied "on the fly". In this case, the changes are applied when a new session is started but are not saved to the configuration file.
  • Read. The unsaved changes of configuration parameters on the administration panel are replaced with the current settings specified in the configuration file used to start RadixWare Web Presentation Server.
  • Load. The changes of configuration parameters on the administration panel are replaced with values defined in the configuration file (the settings that have been applied and are currently used).

WebAdmin 4 .jpg

The list below contains the list of parameters displayed on this page and the list of corresponding parameters of configuration file:

Web Server Settings area:

  • Connection file (corresponds to the connectionsFile parameter). The parameter is not editable.
  • Database settings directory (corresponds to the SettingsDatabasePath parameter).
  • Session inactive interval (corresponds to the sessionMaxInactiveInterval parameter).
  • SSH required (corresponds to the sshRequired parameter).
  • Development mode. If the flag is set, RadixWare Web Presentation Server is started in the development mode to use the additional functions and perform additional checks. The parameter is not editable.
  • Restore tree position (corresponds to the restoreTreePosition parameter). The parameter is not editable.

Trace Settings area:

  • Trace directory (corresponds to the traceDir parameter).
  • Trace profile (corresponds to the traceProfile parameter). Available values:
  • None
  • Debug
  • Event
  • Warning
  • Error
  • Alarm
  • Trace min severity (corresponds to the traceMinSeverity parameter). Available values:
  • None
  • Debug
  • Event
  • Warning
  • Error
  • Alarm
  • Write object names to HTML (corresponds to the writeObjectNamesToHtml parameter).

Kerberos Settings area:

  • Kerberos authentication required (corresponds to the krbAuthPolicy parameter).

The editing of the following parameters is prohibited if the Kerberos authentication required parameter is set to None value:

  • Disable SPNEGO authentication (corresponds to the disableSPNEGOAuth parameter).
  • Principal name (corresponds to the wpsSpn parameter).
  • Path to key file (corresponds to the keyTabFile parameter).
  • Identification data transfer (corresponds to the remoteKrbAuth parameter).
  • Credentials delegation allowed (corresponds to the useDelegatedCredentials parameter).
  • Use certificate (corresponds to the fallbackToCertificateAuth parameter).
  • Use kerberos instead of NTLM (corresponds to the downgradeNtlm parameter).

Certificate Settings area:

  • Certificate attribute with user name (corresponds to the certAttrForAccName parameter).
  • Path to server keystore (corresponds to the keyStoreFile parameter).
  • Certificate alias (corresponds to the certificateAlias parameter).

File Uploading Settings area:

  • Require confirmation if the size exceeds (corresponds to the uploadFileSizeSoftLimitMb parameter).
  • Prohibit if the size exceeded (corresponds to the uploadFileSizeHardLimitMb parameter).

Banner Settings area:

  • Path to banner directory (corresponds to the bannerDir parameter).
  • Banner file name (corresponds to the bannerFile parameter).
  • Banner frame height (corresponds to the bannerFrameHeight parameter).
  • Banner frame style (corresponds to the bannerFrameStyle parameter).

Administrator Panel Settings area:

  • Administrator panel URL (corresponds to the adminPanelUrlParam parameter). The parameter is not editable.
  • Administrators (corresponds to the adminUsers parameter). The parameter is not editable.

Setting up Display of User Content

The upper part of RadixWare Web Explorer application dialog box contains the frame that can be used to display the user content (company logo, user information, etc.). The user content is described in the HTML file that must be located in one directory with resources used in this HTML file (images, files with CSS styles, javascript files, etc.). The path to this directory, HTML file name and frame display settings must be defined in the configuration file parameters used to start RadixWare Web Presentation Server.

example.jpg It is required to add the logo.png image in the upper part of RadixWare Web Explorer application dialog box. Let us assume, that the image file is located in the /var/www/banner directory. To display this image, perform the following settings:

1. In the /var/www/banner directory, create the banner.html file containing as follows:

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
</head>
<body>
<img src="logo.png"></img>
</body>
</html>

2. To the [WebPresentationServer] section of the configuration file used to start RadixWare Web Presentation Server, add the following parameters:

bannerDir=/var/www/tx/banner
bannerFile=banner.html
bannerFrameHeight=90px

Note.jpg In the HTML file containing the user content, all references to resources must be specified relatively to the directory defined in the bannerDir parameter and must refer to the files located in this directory. The files with CSS style must have "css" extension, the javascript files must have "js" extension.


Getting Information on Data Transfer Speed in Web Client

To analyse the reasons for slow operation of RadixWare Web Explorer, it is required to get the information on the speed of data transfer between the web server and browser. To test the speed, go to https: //<address of web interface>/speedTest.html page. The test batches are sent from the browser to the web server, the time of receiving the response and the transfer speed are registered.

The following test settings are available on the speedTest.html page:

  • Send interval (ms). The interval (milliseconds) of sending test data.
  • Maximum packet size (bytes). The maximum size (bytes) of the batch.

To start testing, click the Start test button. The test results are displayed in the table containing the following information:

  • Try. The sequence number of the data batch being transferred.
  • Packet size, byte (s). The size of the test batch. It is increased in the course of testing.
  • Response time, msec. The period after which the response from the web server has been received.
  • Transfer speed, kilobyte/sec. The speed of transferring the batch.

Speed test.jpg

The maximum size (Mb) of batch is defined in the JVM parameter of web server startup - rdx.web.speed.test.max.packet.size. If the parameter is not defined, the maximum batch size is 10Mb by default. If the parameter value is less than or equal to 0, the access to the speedTest.html page is denied (the page with 404 error code is displayed to the user).

Actions on Versions Mismatch

If there are changes in the system core, during the update procedure, there can be mismatch of revision versions from SVN repository used by web server and application server. At that, the system displays the following message to the user of RadixWare Web Explorer and suggests the user to contact the system administrator:

Update kernel web.png

The administrator should perform one of the following actions:

  • If the web server version is earlier that the RadixWare Server version, the administrator should check that web-app.war file is up-to-date and restart RadixWare Web Presentation Server.
  • If the web server version is later than RadixWare Server version, the administrator should add the startVersion parameter (in the format startVersion=<revision number in SVN repository>) to the [starter] section of the configuration file used for RadixWare Web Presentation Server startup, and restart RadixWare Web Presentation Server. After the startup, the startVersion parameter will be deleted from the configuration file, and the latest version available in the SVN repository will be used at the next startup of RadixWare Web Presentation Server.

This situation can occur if RadixWare Web Presentation Server had been restarted before the application servers were updated.