The Trust Association Interceptor (TAI)
is installed from the WebSphere® IMS™ Connector CD
onto the server where WebSphere Application Server is
installed. After installation, it exists in the IMS trusted domain
to intercept HTTP and SIP traffic.
Before you begin
Before
installing the
TAI,
do the following:
- Unpack DHAImsConnectorInstallPackage_6.2.0.tar on
the server where WebSphere Application Server is
installed. (For details, refer to the topic Preparing the installation
files.)
- Verify that DHAIMSConnectorTai.jar, which
contains TAI code
for both HTTP (HttpInterceptor) and SIP (SipInterceptor), is installed
in the directory was_root/lib/ext.
Note: was_root is
the installation root directory for
WebSphere Application Server
Network Deployment.
By default, this directory is:
/usr/IBM/WebSphere/AppServer
/opt/IBM/WebSphere/AppServer
/opt/IBM/WebSphere/AppServer
About this task
Perform the following steps to install the interceptor:
- Log in to the Integrated Solutions Console:
- Open a browser and navigate to the following
URL: https://host_name:port/ibm/console.
Where:
- host_name is the fully qualified host name
of the server where the application or the network deployment manager
is deployed.
- port is the secured port used to access the
console. The default port is 9043.
Note: The default unsecured port is 9060.
If you use 9060, you must have "http" instead of "https" in the URL.
- Enter an administrator user ID and password. (Omit the password if security is
not enabled.)
- Click Log in.
- Click to display the Global
security window, and enable both administrative security
and application security.
Note: If you are using WebSphere Application Server version 6.1.0.x, reach
this window by clicking .
For
detailed instructions about enabling security, refer to the topic Securing
applications and their environment in the WebSphere Application Server Information
Center.
- Configure general security settings:
- In the Global security window,
under Authentication, click .
Note: If you are using WebSphere Application Server version 6.1.0.x, reach
this window by clicking .
- Select Authenticate only when the URI is
protected and Use available authentication
data when an unprotected URI is accessed.
- Click OK, then
click Save to save changes to the master configuration.
- Configure the interceptor:
- In the Global security window,
under Authentication, click .
Note: If you are using WebSphere Application Server version 6.1.0.x, reach
this window by clicking .
- Click Enable trust association.
- Under Additional Properties, click Interceptors.
- Delete the default interceptors by selecting
their check boxes and clicking Delete. If you need any of the default interceptors, you can add them
back after you have added the WebSphere TAI.
This ensures that the WebSphere TAI will
be invoked first.
- Click New and type the class
name com.ibm.imsconnector.tai.HttpInterceptor
- Click Apply.
- Click OK, then
click Save to save changes to the master configuration.
- Configure custom properties for the HTTP interceptor:
- In the Global security window,
click Custom properties.
- Click New to
add a new custom property.
- Define the allowedSenderList
property:
- Name: allowedSenderList
- Value: A comma-delimited list of one or
more hosts that the interceptor considers trusted. You can specify
host names or IP addresses, and you can use the wildcard character *.
For example: localhost, *@us.example.com, 192.0.2.21
- Description (optional): TAI trusted hosts
- Click Apply.
- Return to the Custom properties window.
- Add additional custom properties
as needed. For a list of custom properties and their descriptions,
refer to the HTTP properties table in the topic Configuring
the Trust Association Interceptor.
- Click OK, then
click Save to save changes to the master configuration.
- Configure a new SIP interceptor:
- In the Global security window,
under Authentication, click .
Note: If you are using WebSphere Application Server version 6.1.0.x, reach
this window by clicking .
- Under Additional Properties,
click Interceptors.
- Click New and type the class
name com.ibm.imsconnector.tai.SipInterceptor
- Click OK, then
click Save to save changes to the master configuration.
- Configure custom properties for the SIP interceptor:
- In the Global security window,
click Custom properties.
- Click New to
add a new custom property.
- Define the allowedSenderList
property:
- Name: allowedSenderList
- Value: A comma-delimited list of one or
more hosts that the interceptor considers trusted. You can specify
host names or IP addresses, and you can use the wildcard character *.
For example: localhost, *@us.example.com, 192.0.2.21
- Description (optional): TAI trusted hosts
- Click Apply.
- Return to the Custom properties window.
- Add additional custom properties as needed. For
a list of custom properties and their descriptions, refer to the SIP
properties table in the topic Configuring the Trust Association
Interceptor.
- Click OK, then
click Save to save changes to the master configuration.
- Optional: If you require any of the default
interceptors that you deleted in step 4, add them.
- Restart the server.