|
|
| (98 intermediate revisions by 2 users not shown) |
| Line 1: |
Line 1: |
| − | {{DISPLAYTITLE:i2Rest Advanced Setup}}
| + | This section describes configuration options of i2Rest Server. [[I2Rest_quick_config|Basic configuration]] allows only demo server functionality, and must be extended to supply full functional server instancence. Combining examples bellow you can achieve server functionality that suits your requirements. <br> |
| − | Расширенную настройку предлагаю описывать следующими разделами:
| |
| − | __TOC__
| |
| − | = i2Rest Gates=
| |
| − | Даем ссылку на описание что такое gate, ссылку на страничку с настройками<br/>
| |
| − | == i2Rest Gates protocols ==
| |
| − | === http ===
| |
| − | Незащищенный протокол
| |
| − | === https ===
| |
| − | Защищенный протокол, используется стандартное GSK API. Все параметры SSL настраиваются в DCM
| |
| − | === file ===
| |
| − | Протокол, использующий unix sockets. Удобен при работе клиента и сервера на одной и той же машине.
| |
| − | = i2Rest Sessions =
| |
| − | Ссылка или дублирование "что такое session system".<br/>
| |
| − | Ссылка на reference настройки<br/>
| |
| − | Упомянуть о сессиях на другой IBM i и на другой платформе<br/>
| |
| − | Привести примеры настройки сессий<br/>
| |
| − | * Обычные сессии (*LOCAL)
| |
| − | * Анонимные сессии (*ANONYMOUS)
| |
| − | * Варианты обычных сессий (system_XXX) - для задания особых параметров запуска, например логирования, запуск в выделенной подсистеме и прочее
| |
| − | * Запуск сессии на удаленной машине (SBMRMTJOB)
| |
| − | = Настройка API =
| |
| − | * Используем PCML, дать ссылку на что такое PCML, какие особенности PCML в i2Rest
| |
| − | * Примеры PCML
| |
| − | * Примеры расширенных PCML, включая тег openapi30
| |
| − | = Настройка параметров доступа OAuth2 =
| |
| − | == Модели настройки доступа ==
| |
| − | Стандартная и custom модель, стандартная - бесплатная. Custom - позволяет настраивать собственные правила или справочники для пользователей, клиентов и токенов.
| |
| − | == Стандартная модель ==
| |
| − | === users ===
| |
| − | === clients ===
| |
| − | === scopes ===
| |
| − | === tokens ===
| |
| − | == Custom access model ==
| |
| − | User exits для реализации custom модели
| |
| − | == Standard UI pages ==
| |
| | | | |
| − | ----
| + | * [[Using secured connections]] |
| − | Take a look on how the minimal i2Rest configuration might look like.
| + | * [[i2Rest Gate URL definition using Unix socket|Serving incoming connections using Unix sockets]] |
| − | <pre>
| + | * [[I2Rest_with_syslog|Using syslog with i2Rest Server]] |
| − | {
| + | * [[Configuring OAuth2 authorization]] |
| − | "gates":
| + | * [[Run_command_Api_config|How to allow calls to run_command API]] |
| − | {
| + | * [[Management_API_config|How to allow calls to management API]] |
| − | "main" : {"url":"http://i2rest.com:22088"},
| + | * [[Remote_API_call_config|How to call API located on remote IBM i server]] |
| − | "management" : {"url":"http://192.168.0.233:8080"},
| + | * [[I2Rest_Basic_PowerApps_Connector|How to create Microsoft Power Apps custom adapter to i2Rest Server]] |
| − | "session" : {"url":"http://192.168.0.233:8888"}
| + | i2Rest server should be [[I2Rest_Start|restarted]] to aplly your new configuration *.json. |
| − | },
| |
| − | "session_systems":
| |
| − | [
| |
| − | {"name": "*LOCAL", "submit":"SBMJOB JOB(I2RESTS) USER(${user}) CMD(CALL JPCML/I2REST PARM('-session' '-url' '${surl}' '-uid' '${uid}'
| |
| − | '-user' '${user}' '-init' 'ADDLIBLE JPCML' '-dcm_client_id' 'MYCLIENT')) INLLIBL(KAPBASELIB QGPL)"},
| |
| − | {"name": "*ANONYMOUS", "submit":"SBMJOB JOB(I2RESTA) USER(${user}) CMD(CALL JPCML/I2REST PARM('-session' '-url' '${surl}' '-uid' '${uid}'
| |
| − | '-user' '${user}' '-init' 'ADDLIBLE JPCML' '-dcm_client_id' 'MYCLIENT')) INLLIBL(KAPBASELIB QGPL)"},
| |
| − | ],
| |
| − | }
| |
| − | </pre>
| |
| − | According to [[I2Rest_Config|I2Rest Configuration Object description]] just two i2Rest Configuration Object fields are mandotary: [[gates object]] and [[i2Rest_Gates|main, manager and session gates object]]. With only this two configured fields we already can run a server instance, but still can't get much use of it. Most valuable i2Rest Server applications - the [[I2Rest_API#run_program_API|run_program API]] and the [[I2Rest_API#run_command_API|run_command API]] requires some more stuff:
| |
| − | | |
| − | ::run_command API requires [[OAuth2_object|Oauth2 object]];
| |
| − | ::run_program API generally requires [[Pcml_object|PCML object]] to be set up, but Oauth2 object also is mandotary for programs which has "valid_in_anonymous":false flag in PCML.
| |
| − | So the setting that allows to call IBM i program as a web service might look like as follows:
| |
| − | <pre>
| |
| − | "pcmls":
| |
| − | [
| |
| − | {"pcml_mount":"echo", "pcml_file":"pcml/echo.pcml", "valid_in_anonymous":true},
| |
| − | ],
| |
| − | </pre>
| |
| − | Not too dificult, isn't it? Much more complex Oauth2 object example below:
| |
| − | <pre>
| |
| − | | |
| − | "OAuth2":
| |
| − | {
| |
| − | "scopes": {"run_program" : {"description":"Run *PGM and *SRVPGM"},
| |
| − | "run_command" : {"description":"Run CL command"},
| |
| − | "system_BTC7" : {"description":"Execute API on BTC7"},
| |
| − | "management_functions" : {"description":"Invoke i2Rest manager APIs"}},
| |
| − | "clients":
| |
| − | {
| |
| − | "OAUTH21":{"redirect_uri":"http://api.i2rest.com:22088/oauth2/redirect",
| |
| − | "description":"Test client",
| |
| − | "valid_scopes":["run_program", "run_command", "management_functions", "system_BTC7"],
| |
| − | "valid_grant_types":["authorization_code", "urn:ietf:params:oauth:grant-type:device_code", "refresh_token", "client_credentials"]}
| |
| − | },
| |
| − | "users":
| |
| − | {
| |
| − | "BTAB":{"description":"Alexei Baranov", "valid_clients":{"OAUTH21":{"scopes":["run_program", "run_command", "management_functions", "system_BTC7"]}}},
| |
| − | "BTPL":{"description":"Pavel Lobko", "valid_clients":{"OAUTH21":{"scopes":["run_program", "run_command", "management_functions", "system_BTC7"]}}}
| |
| − | },
| |
| − | "tokens": {"type":"token"},"refresh_tokens":{"type":"refresh_token"},"codes":{"type":"code"},"device_codes":{"type":"user_code"},
| |
| − | | |
| − | "login_page" : "/pages/Login/index.html",
| |
| − | "decision_page" : "/pages/user_decide.html",
| |
| − | "bad_auth_page" : "/pages/bad_auth.html",
| |
| − | "enter_code_page" : "/pages/enter_code.html",
| |
| − | "device_connected_page" : "/pages/device_connected.html"
| |
| − | }
| |
| − | | |
| − | | |
| − | </pre>
| |
