[ |../../index.htm#lansa/insem_085.htm]
You are here:

Step 2. Update IBM i Web Server Configuration

Start the *ADMIN instance to use the IBM Web Administration for IBM i to configure your server.
You will then need to create a Web Server alias for this library. By default, LANSA Web assigns the alias as AUTHLIB. Once the AUTHLIB alias is set up, you will then configure your LANSA Communications library, DCXCOMLIB, to require user authentication. This means that the CGI-BIN library does not require user authentication, but when processes require authentication, the request is always redirected to the AUTHLIB URL path for identification.
Create the Web Server alias for authentication.
Using the Web Administration for IBM i, expand the Server Properties menu tree.
1.  Click on the URL Mapping menu item.
2.  From the Alias Tab, click Add.
3.  Select the Script Alias Match.
4.  Set the URL path of the LANSAWEB CGI program to ^/authlib/lansaweb(.*)
5.  Set the Host directory or file to /QSYS.LIB/DCXCOMLIB.LIB/lansaWEB.PGM$1
6.  Repeat steps 1 – 5 for to set the Script Alias Match directive the URL path ^/authlib/lansaxml(.*)for the host file /QSYS.LIB/DCXCOMLIB.LIB/lansaXML.PGM$1
7.  Press the Apply button.
     Your configuration now contains the added lines:
ScriptAliasMatch ^/authlib/lansaweb(.*) /QSYS.LIB/DCXCOMLIB.LIB/lansaWEB.PGM$1 
ScriptAliasMatch ^/authlib/lansaxml(.*) /QSYS.LIB/DCXCOMLIB.LIB/lansaXML.PGM$1
 
Define the location path for authentication.
1.   From Container Management, check you are in the Server area: Global configuration.
2.  Select the Locations tab.
3.  Add a Location type to the /authlib URL path.
4.  Press the Apply button.
Define the scope of protection and set the security.
1.  From Security, ensure Server area is set to Location: /authlib
2.  From the Security menu item, select the Authentication tab.
3.  Choose the Internet users in validation lists.
4.  Type in your authentication name/realm of your choice.
5.  Click Add to specifiy the location of your validation list on the IBM i.
6.  Press the Apply button.
   Your configuration now contains the added lines:
<Location /authlib> 
  PasswdFile QGPL/USERLIST 
  AuthType Basic 
  AuthName "My Auth Realm" 
  Require valid-user 
</Location>
 
Sample IBM HTTP Server (powered by Apache)Configuration:
Following is a sample IBM HTTP Server Instance configured for standard authentication running under V5R3 or later.
This Instance will run on Port 80.
The CGI library is DCXCOMLIB
The Authenticated library is DCXCOMLIB
The Validation List it uses is USERLIST in QGPL.
Once a LANSA Web Process is configured for Process Authentication using the Web Administrator, the following IBM HTTP Server Configuration will prompt the User for User ID and Password. This is validated against the USERLIST Validation List in QGPL.
# LANSA Web Apache HTTP Configuration File 
Alias /images /lansaIMG/ 
ScriptAliasMatch ^/cgi-bin/jsmdirect(.*) /QSYS.LIB/JSMLIB.LIB/JSMDIRECT.PGM$1 
ScriptAliasMatch ^/cgi-bin/lansaweb(.*) /QSYS.LIB/DCXCOMLIB.LIB/lansaWEB.PGM$1 
ScriptAliasMatch ^/cgi-bin/lansaxml(.*) /QSYS.LIB/DCXCOMLIB.LIB/lansaXML.PGM$1 
ScriptAliasMatch ^/authlib/lansaweb(.*) /QSYS.LIB/DCXCOMLIB.LIB/lansaWEB.PGM$1 
ScriptAliasMatch ^/authlib/lansaxml(.*) /QSYS.LIB/DCXCOMLIB.LIB/lansaXML.PGM$1 
Listen *:80 
DocumentRoot /www/dcxpgmlib/htdocs 

  1. DirectoryIndex /index.html  
    ServerRoot /www/dcxpgmlib 
    Options -ExecCGI -FollowSymLinks -SymLinksIfOwnerMatch -Includes -IncludesNoExec -Indexes -MultiViews 
    DefaultFsCCSID 37 
    DefaultNetCCSID 819 
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined 
    LogFormat "%{Cookie}n \"%r\" %t" cookie 
    LogFormat "%{User-agent}i" agent 
    LogFormat "%{Referer}i -> %U" referer 
    LogFormat "%h %l %u %t \"%r\" %>s %b" common 
    CustomLog logs/access_log combined 
    SetEnvIf "User-Agent" "Mozilla/2" nokeepalive 
    SetEnvIf "User-Agent" "JDK/1\.0" force-response-1.0 
    SetEnvIf "User-Agent" "Java/1\.0" force-response-1.0 
    SetEnvIf "User-Agent" "RealPlayer 4\.0" force-response-1.0 
    SetEnvIf "User-Agent" "MSIE 4\.0b2;" nokeepalive 
    SetEnvIf "User-Agent" "MSIE 4\.0b2;" force-response-1.0 
    SetEnvIf "User-Agent" ".MSIE." nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 
    ServerUserID DCXPGMLIB 
    <Directory /> 
       Order Deny,Allow 
       Deny From all 
    </Directory> 
    <Directory /QSYS.LIB/JSMLIB.LIB> 
       Order Allow,Deny 
       Allow From all 
    </Directory> 
    <Directory /QSYS.LIB/DCXCOMLIB.LIB> 
       Order Allow,Deny 
       Allow From all 
    </Directory> 
    <Directory /lansaIMG> 
       Order Allow,Deny 
       Allow From all 
    </Directory> 
    <Directory /www/dcxpgmlib/htdocs> 
       Order Allow,Deny 
       Allow From all 
    </Directory> 
    <Location /authlib> 
      PasswdFile QGPL/USERLIST 
      AuthType Basic 
      AuthName "My Auth Realm" 
      Require valid-user 
    </Location>
     
    You must enable the GET and POST methods.
    Please be sure to review, on the LANSA Web site, www.LANSA.com/support, the Important Notes for IBM HTTP Server Configuration in the Example IBM HTTP Server Configuration in Configuration of IBM HTTP Server using CGI.
    Go to Step 3. Execute Administrator to Define Process Authentication.
    [ |../../index.htm#lansa/insem_085.htm]