Home

 

Configure the AJAX proxy for a specific feature

The AJAX proxy configuration for all of the IBM Lotus Connections features is defined in the proxy-config.tpl file. If you want to specify different AJAX proxy settings for a specific feature only, create a new, feature-specific version of the proxy-config.tpl template file.


This task is not required. Only perform it if you want to allow an external service to do more than retrieve information from one of the Lotus Connections features. You can define a custom proxy configuration for the Activities, Communities, Home page and Profiles features, but not the other Lotus Connections features.

The Search feature does not use the common Lotus Connections configuration template file; it provides its own Ajax proxy configuration file.


By default, the Lotus Connections AJAX proxy is configured to allow cookies, headers or mime.types, and all HTTP actions to be exchanged among the Lotus Connections features. However, from any non-Lotus Connections service, it only allows HTTP GET requests and it prevents all cookies or headers from being directed to the features. To make changes to the traffic that is allowed from other services, explicitly configure it.

To configure the AJAX proxy for a specific feature...

  1. Go to the on the WebSphere Application Server in which the configuration files are stored. For example: C:\IBM\WebSphere\AppServer\profiles\AppSrv01\config\cells\cell_name\LotusConnections-config. Find the proxy-config.tpl file, and then make a copy of the file, naming it using the following syntax:

      proxy-feature_name-config.tpl
      

    where feature_name is the name of the feature for which you want to create a custom proxy configuration. Save the copy in the same as the proxy-config.tpl file.

  2. Access the common AJAX proxy configuration template file:

    1. Open a command-line window, start the wsadmin tool, and then use the following commands to check out the proxy configuration file:

    2. Network deployments:

        execfile("WAS_HOME/profiles/Dmgr01/config/bin_lc_admin/
         connectionsConfig.py")
        

    3. Check out the configuration file...

        LCConfigService.checkOutProxyConfig("<temp_directory>",
         "cell_name")
        

      where <temp_directory> is a temporary of your choice, and cell_name is the name of the cell where the Lotus Connections feature that uses the global proxy template file is located.

  3. Open the custom template file that you created earlier in a text editor.

  4. Make your edits. For example, you can do the following things:

    • To explicitly refuse all traffic from a specific site, add a policy as follows:

        <proxy:policy url="malicious.site.com" acf="none">
            <proxy:actions/>
            <proxy:headers/>
            <proxy:cookies/>
            </proxy:policy>
        

  5. To allow a particular service on your network to display a custom widget, you can add the following policy entry to the file:

      <proxy:policy url="http://my.network.com/widget/*" acf="none">
          <proxy:actions>
              <proxy:method>GET</proxy:method>
          </proxy:actions>
          <proxy:headers>
            <proxy:header>User-Agent</proxy:header>
            <proxy:header>Accept.*</proxy:header>
            <proxy:header>Content.*</proxy:header>
            <proxy:header>Authorization.*</proxy:header>
            <proxy:header>If-.*</proxy:header>
            <proxy:header>Pragma</proxy:header>
            <proxy:header>Cache-Control</proxy:header>
          </proxy:headers>
          <proxy:cookies>
              <proxy:cookie>JSESSIONID</proxy:cookie>
          </proxy:cookies>
      </proxy:policy>
      

  6. If a service requires authentication, you can configure it to also allow basic authentication requests by adding a basic-auth-support="true" attribute to the <proxy:policy> element. For example:

      <proxy:policy 
       url="http://my.network.com/service/*" 
       acf="none" 
       basic-auth-support="true">
         ...
      </proxy:policy>
      

    If this attribute is not added, when an unauthenticated request is sent to a service that requires authentication, the service does not display the basic authentication dialog, but returns an HTTP 403 status code instead.

  7. To allow a particular service to run on your network and to pass cookies for LTPA tokens to the features:

      <proxy:policy url="http://my.network.com/service/*" acf="none">
          <proxy:actions>
              <proxy:method>GET</proxy:method>
          </proxy:actions>
          <proxy:headers>
            <proxy:header>User-Agent</proxy:header>
            <proxy:header>Accept.*</proxy:header>
            <proxy:header>Content.*</proxy:header>
            <proxy:header>Authorization.*</proxy:header>
            <proxy:header>If-.*</proxy:header>
            <proxy:header>Pragma</proxy:header>
            <proxy:header>Cache-Control</proxy:header>
          </proxy:headers>
          <proxy:cookies>
            <proxy:cookie>JSESSIONID</proxy:cookie>
            <proxy:cookie>LtpaToken</proxy:cookie>
            <proxy:cookie>LtpaToken2</proxy:cookie>
          </proxy:cookies>
      </proxy:policy>
      

    Specify the headers using regular expressions.

  8. Add any new policy blocks before the default policy setting in the template file. The default policy setting serves as a catch-all for all other requests and looks like this:

      <proxy:policy url="*" acf="none"> 
          <proxy:actions>
            <proxy:method>GET</proxy:method>
          </proxy:actions>
          <proxy:headers/>
          <proxy:cookies/>
      </proxy:policy>
      

    By default, it allows all services to send GET requests to the Lotus Connections features, and it prevents all cookies or headers from being directed to the features.

  9. Specify values for the following proxy configuration properties:

      circular_redirects

      Specifies that circular redirects are allowed. This property accepts a Boolean value of true or false specified in lower-case letters. If set to true, it supports using a proxy for a site that redirects to the same URL but with different parameters. Such a change is not recognized as a new URL. The default value of this property is true.

      connection-timeout

      Amount of time before an attempt to connect to a host times out. Specified in milliseconds, the default value of this property is 60,000, which is 1 minute.

      max_circular_redirects

      Maximum number of times a circular redirect is allowed before the proxy rejects it. Specified as an integer, the default value of this property is 100.

      maxconnectionsperhost

      Maximum number of simultaneous connections between the proxy and a given host. Specified as an integer, the default value of this property is 20.

      maxtotalconnections

      Maximum number of simultaneous connections between the proxy and all of the hosts together. Specified as an integer, the default value of this property is 50.

      socket-timeout

      Amount of time before an attempt to use a socket times out. Specified in milliseconds, the default value of this property is 60,000, which is 1 minute.

      unsigned_ssl_certificate_support

      Specifies that self-signed SSL certificates are supported. This property accepts a Boolean value of true or false specified in lower-case letters. The default value of this property is true. Change it to false when the system is ready for production.

  10. Save and close the file.

  11. Add the file you created to the appropriate configuration service...

    • Activities:

        ActivitiesConfigService.checkInProxyConfig("<temp_directory>",
         "cell_name")
        

  12. Blogs or Communities:

      CommunitiesConfigService.checkInProxyConfig("<temp_directory>",
       "cell_name")
      

  13. Home page:

      HomepageCellConfig.checkInProxyConfig("<temp_directory>",
       "cell_name")
      

  14. Profiles:

      ProfilesConfigService.checkInProxyConfig("<temp_directory>",
       "cell_name")
      

    where <temp_directory> is the temporary directory to which you checked out the configuration files, and cell_name is the name of the cell where the feature that uses the proxy template file is located.

  15. Restart the WebSphere Application Server hosting Lotus Connections.


To make subsequent changes to the feature-specific proxy template file, complete the following steps to check it out:

  1. Access the configuration service files for the feature to which you want to apply special proxy configuration rules. Use one of the following commands:

  2. Network deployment:

      execfile("WAS_HOME/profiles/Dmgr01/config/bin_lc_admin/
       <py_file_name>")
      

    If you are prompted to specify which server to connect to, type 1. This information is not used by wsadmin when you are making configuration changes.

    where <py_file_name> is one of the following depending on the feature to which you are applying the proxy configuration settings:

    • Activities: activitiesAdmin.py

    • Communities: communitiesAdmin.py

    • Home page: homepageAdmin.py

    • Profiles: profilesAdmin.py

  3. Check out the configuration service for the feature. Use one of the following commands:

    • Activities:

        ActivitiesConfigService.checkOutProxyConfig("<temp_directory>",
         "cell_name")
        

  4. Communities:

      CommunitiesConfigService.checkOutProxyConfig("<temp_directory>",
       "cell_name")
      

  5. Home page:

      HomepageCellConfig.checkOutProxyConfig("<temp_directory>",
       "cell_name")
      

  6. Profiles:

      ProfilesConfigService.checkOutProxyConfig("<temp_directory>",
       "cell_name")
      

    where <py_file_name> is one of the following depending on the feature to which you are applying the proxy configuration settings:

    • Activities: activitiesAdmin.py

    • Communities: communitiesAdmin.py

    • Home page: homepageAdmin.py

    • Profiles: profilesAdmin.py

  7. Open the template file in a text editor, and make the changes that you want to make.


Configure the AJAX proxy


+

Search Tips   |   Advanced Search