Web conversation type

Restriction: This topic applies only when the Enterprise Server feature is enabled.

These options are checked for each request.

[options]
logging=logging-level
[trace]
trace=trace-option
[virtual paths]
<default>=default-directory
element=file-system-path
[allow]
element=list-of-filenames
[security]
restricted=restrict-option
authentication=authentication-types
class=resource-class-name
realm=HTTP-realm

The [options] section has a single setting, logging, which enables additional logging messages when set to "1" or a string beginning with "y". The trace setting in the [trace] section, added in Enterprise Server 5.0, has the same effect; it has been added for consistency with other conversation types.

The [virtual paths] section is used to translate between the top-level path elements specified in URLs and the actual file-system directories they correspond to. For example, for the URL http://host/path/to/file, the [virtual paths] section will be consulted for an entry for path. Entries in this section are case-sensitive.

The [allow] section is used to restrict what files the Web connector will serve out of a given directory.

Security for the Web conversation type

Beginning with Enterprise Server 5.0, the Web conversation type supports additional security mechanisms. These are configured in the [security] section. (Administrators should also consider enabling SSL/TLS, using the Enterprise Server firewall mechanism, and restricting Web listeners to the loopback interface. See Security Considerations for Service Deployment.)

The [security] section can contain the following settings:

restricted=restrict-option
If this is set to "1" or a value beginning with "y", deployment is restricted. This means:
  • The Enterprise Server instance must have External Security enabled.
  • Deployment requests must be authenticated. Currently username/password and client certificate authentication are supported.
  • Optionally, deployment requests can also require authorization. An authorization request will be made to the External Security Facility, using the resource class "Enterprise Server Web", the virtual directory from the deployment request, and the appropriate permission ("read" to retrieve deployment logs, "add" and "execute" to add a service). If this class is not defined to the External Security Manager(s), the deployment request is permitted; otherwise, authorization must be granted by ESF or the deployment request will be rejected.
authentication=authentication-types
This configures what types of authentication are permitted for this listener. authentication-types is a list of tokens, separated by spaces or commas. They are case-insensitive. Available values are:
  • MF is a proprietary mechanism for passing username and password. This is used in older versions of Enterprise Server and can be enabled for backward compatibility.
  • HTTP is HTTP Basic Authentication, a standard way to send a username and password.
  • Cert (or Certificate) enables authentication using registered client certificates.
  • Register, like Cert, enables client certificate authentication. It also enables automatic registration of client certificates using HTTP Basic Authentication.
class
Sets the class name to be used when authorizing a deployment request. The default is "Enterprise Server Web". Usually the only reason to set this value is to use different resource control rules for different Web listeners.
realm
Sets the HTTP Realm string for Basic Authentication. The default is "MF Communications Server for region server", where server is the name of the Enterprise Server instance.

For more information on configuring Web security, particularly authentication, see the topic Deployment Listeners.