Difference between revisions of "Using secured connections"

From i2Rest
Jump to: navigation, search
 
(14 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{DISPLAYTITLE:SSL conections secure}}
+
{{DISPLAYTITLE:Using secured connections}}
 
i2Rest Server uses standard [https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_71/apis/unix9a.htm IBM i GSK API] to protect connections.  
 
i2Rest Server uses standard [https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_71/apis/unix9a.htm IBM i GSK API] to protect connections.  
 
;Step 1
 
;Step 1
:Create text file named I2RESTECHO.PCML anywhere on IFS, for example "/tmp/PCML/i2restecho.pcml". Copy and paste following code. It represents a description for the sample program I2RESTECHO, that is included into i2Rest Server installation for demonstration purposes:
+
:''This step is the same as in the basic example. You can skip this step if you've done the basic scenario.''<br/>Create text file named I2RESTECHO.PCML anywhere on IFS, for example "/tmp/PCML/i2restecho.pcml". Copy and paste following code. It represents a description for the sample program I2RESTECHO, that is included into i2Rest Server installation for demonstration purposes:
 
<pre>
 
<pre>
 
<pcml version="1.0">
 
<pcml version="1.0">
Line 13: Line 13:
 
</pre>
 
</pre>
 
;Step 2
 
;Step 2
:Following instractions create [[Create_Server_Application|Server Application]], it will be used to supply secured connections to i2Rest gates.
+
:Follow instructions to create [[Create_Server_Application|DCM Server Application]], it will be used to supply parameters for secure connections to i2Rest gates.
 
;Step 3
 
;Step 3
:Following instractions create [[Create_Client_Application|Client Application]], it will be used to submit sessions, that use secured connections with session gate.  
+
:Follow instructions to create [[Create_Client_Application|DCM Client Application]], it will be used to submit sessions, that will use secured connections with session gate.  
 
;Step 4
 
;Step 4
:Contact your system administrator for your IBM i server host name (or IP) and ''two'' available ports for "main" and "management" gates of your first i2Rest Server instance. Create file config.json (you can name it with any name and put it into any available IFS folder). Enter following text, replace host_name, ports and pcml_file, dcm_server_id, -dcm_client_id with appropriate values.
+
:Contact your system administrator for your IBM i server host name (or IP) and ''three'' available ports for "main", "management" and "session" gates of your i2Rest Server instance. Create file config.json (you can name it with any name and put it into any available IFS folder). Сopy and paste the snippet bellow. Replace with appropriate values highlighted with <b>bold</b> parts: host_name, ports, pcml_file, dcm_server_id, dcm_client_id.<br/>For clarity, differences with [[I2Rest_quick_config|Basic configuration]] are highlighted in <span style="background:#D3D3D3;">gray</span>:
[[I2Rest_quick_config|Basic configuration]] SSL secured variant (differences are highlighted in <span style="background:#00FFFF;">blue</span>):
 
 
  {
 
  {
 
     "gates":
 
     "gates":
 
     {
 
     {
       "main"      : {"url":"<span style="background:#00FFFF;">https</span>://<span style="color:red;"><host_name>[:port](for example api.i2rest.com:1234)</span>", <span style="background:#00FFFF;">"dcm_server_id":"<span style="color:red;"><dcm server id>(for example MYSERVER)</span>"</span>},
+
       "main"      : {"url":"<span style="background:#D3D3D3;">https://'''<host_name>[:port](for example api.i2rest.com:1234)'''", "dcm_server_id":"'''<dcm server id>(for example MYSERVER)'''"},</span>
       "management" : {"url":"<span style="background:#00FFFF;">https</span>://<span style="color:red;"><host_name>[:port](for example api.i2rest.com:4321)</span>", <span
+
       "management" : {"url":"<span style="background:#D3D3D3;">https://'''<host_name>[:port](for example api.i2rest.com:4321)'''", "dcm_server_id":"'''<dcm server id>(for example MYSERVER)'''"},</span>
style="background:#00FFFF;">"dcm_server_id":"<span style="color:red;"><dcm server id>(for example MYSERVER)</span>"</span>},
+
       <span style="background:#D3D3D3;">"session"    : {"url":"https://'''<host_name>[:port](for example api.i2rest.com:5678)'''", "dcm_server_id":"'''<dcm server id>(for example MYSERVER)'''"}</span>
       <span style="background:#CCCCCC;">"session"    : {"url":"https://<span style="color:#0033CC;"><host_name>[:port](for example api.i2rest.com:5678)</span>", "dcm_server_id":"<span style="color:red;"><dcm server id>(for example MYSERVER)</span>"}</span>
 
 
     },
 
     },
 
     "session_systems":
 
     "session_systems":
Line 36: Line 34:
 
                                     '-url' '${surl}'    \
 
                                     '-url' '${surl}'    \
 
                                     '-uid' '${uid}'    \
 
                                     '-uid' '${uid}'    \
                                     <span style="background:#00FFFF;>'-dcm_client_id' '<span style="color:red;">dcm_client_id(for example MYCLIENT)</span>'</span> \
+
                                     <span style="background:#D3D3D3;>'-dcm_client_id' <nowiki>'</nowiki>'''dcm_client_id(for example MYCLIENT)'''<nowiki>'</nowiki></span> \
 
                                     '-user' '${user}')) \
 
                                     '-user' '${user}')) \
 
                             INLLIBL(I2REST)"
 
                             INLLIBL(I2REST)"
Line 45: Line 43:
 
       {
 
       {
 
           "pcml_mount"        : "echo",
 
           "pcml_mount"        : "echo",
           "pcml_file"          : "<span style="color:red;"><complete name of i2restecho.pcml on IFS (for example /tmp/PCML/i2restecho.pcml)></span>",  
+
           "pcml_file"          : "'''<complete name of i2restecho.pcml on IFS (for example /tmp/PCML/i2restecho.pcml)>'''",  
 
           "valid_in_anonymous" : true
 
           "valid_in_anonymous" : true
 
       }
 
       }
 
     ]
 
     ]
 
  }
 
  }
Pay attention to the [[Gates_object|"Gates" object]]. In the basic configuration [[Gate_object|"session" gate]] was defined by default - if gate URL is not specified, this gate of i2Rest server will open unix stream socket based on temporary file at /tmp directory. PLease [[I2Rest_Gate_URL_definition_using_Unix_socket|learn more]] about unix stream socket gate difinition.
+
 
 +
Secured i2Rest Server is ready to [[I2Rest_Start|start]].<br/>

Latest revision as of 14:08, 9 July 2020

i2Rest Server uses standard IBM i GSK API to protect connections.

Step 1
This step is the same as in the basic example. You can skip this step if you've done the basic scenario.
Create text file named I2RESTECHO.PCML anywhere on IFS, for example "/tmp/PCML/i2restecho.pcml". Copy and paste following code. It represents a description for the sample program I2RESTECHO, that is included into i2Rest Server installation for demonstration purposes:
<pcml version="1.0">

   <program name="echo" path="/QSYS.LIB/%LIBL%.LIB/I2RESTECHO.PGM">
      <data name="echo" usage="inputoutput" type="char" length="10" trim="both"/>
   </program>

</pcml>
Step 2
Follow instructions to create DCM Server Application, it will be used to supply parameters for secure connections to i2Rest gates.
Step 3
Follow instructions to create DCM Client Application, it will be used to submit sessions, that will use secured connections with session gate.
Step 4
Contact your system administrator for your IBM i server host name (or IP) and three available ports for "main", "management" and "session" gates of your i2Rest Server instance. Create file config.json (you can name it with any name and put it into any available IFS folder). Сopy and paste the snippet bellow. Replace with appropriate values highlighted with bold parts: host_name, ports, pcml_file, dcm_server_id, dcm_client_id.
For clarity, differences with Basic configuration are highlighted in gray:
{
   "gates":
   {
      "main"       : {"url":"https://<host_name>[:port](for example api.i2rest.com:1234)", "dcm_server_id":"<dcm server id>(for example MYSERVER)"},
      "management" : {"url":"https://<host_name>[:port](for example api.i2rest.com:4321)", "dcm_server_id":"<dcm server id>(for example MYSERVER)"},
      "session"    : {"url":"https://<host_name>[:port](for example api.i2rest.com:5678)", "dcm_server_id":"<dcm server id>(for example MYSERVER)"}
   },
   "session_systems":
   [
      {  "name"   : "*ANONYMOUS", 
         "submit" : "SBMJOB JOB(I2RESTA)                \
                            USER(${user})               \
                            CMD(CALL I2REST             \
                               PARM('-session'          \
                                    '-url' '${surl}'    \
                                    '-uid' '${uid}'     \
                                    '-dcm_client_id' 'dcm_client_id(for example MYCLIENT)' \
                                    '-user' '${user}')) \
                            INLLIBL(I2REST)"
      }
   ],
   "pcmls":
   [
      {
         "pcml_mount"         : "echo",
         "pcml_file"          : "<complete name of i2restecho.pcml on IFS (for example /tmp/PCML/i2restecho.pcml)>", 
         "valid_in_anonymous" : true
      }
   ]
}

Secured i2Rest Server is ready to start.

Retrieved from "https://www.i2rest.com/index.php?title=Using_secured_connections&oldid=1669"