Global proxy configuration
The portal also provides a global proxy configuration. By default, it applies to all applications that use the AJAX proxy.
Alternatively, applications can also provide their own proxy configuration. For details refer to the following topic about application specific proxy configurations.
The global proxy configuration of the portal is located in a separate enterprise application that is deployed during the portal installation. The corresponding enterprise application archive is named AJAX Proxy Configuration.ear. The file proxy-config.xml that represents the global configuration is located in the WAR file wp.config.proxy.war. That file is part of the EAR file and located in the WEB-INF directory. Example of full directory location: C:/IBM/WebSphere/wp_profile/config/cells/MY_NODE_NAME/applications/AJAX Proxy Configuration.ear/deployments/AJAX Proxy Configuration/wp.proxy.config.war/WEB-INF
Customizing the global proxy configuration by using the AJAX proxy configuration.ear
ConfigEngine.[bat|sh] checkin-wp-proxy-config
-DProxyConfigFileName=dir_path/your_updated_proxy_file.name
-DWasUserId=admin_user_id -DWasPassword=admin_password
Replace
the parameter values as follows:- dir_path/your_updated_proxy_file.name is the complete path of your modified wp.proxy.config.xml file.
- admin_password is the IBM® WebSphere® Application Server user ID.
- admin_password is the password for the WebSphere Application Server user ID.
This imports the global proxy configuration into a property in the WP ConfigService Resource Environment Provider (REP) with the name proxy.config.file . To make the changes effective after running the task you do not need to restart the entire portal server, but only the AJAX Proxy Configuration enterprise application.
- For equal element settings: If there is a property proxy.config.file in
the REP and if the settings of that property are under the same mapping
element, that is under the same context path and URL if present, then
these settings overrule the element settings from the default proxy-config.xml file. For individual policy or IP address element settings in the configuration:
- A policy in the REP overrules a policy of the same URL pattern from the default file.
- An IP address configuration in an ipfilter element in the REP also overrules settings for the same IP address from the default file.
- For different policy elements: Policy elements under the same mapping with a different URL pattern from the REP and the default file complement one another so that both are valid.
proxy-config.xml file
<proxy:proxy-rules
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:proxy="http://www.ibm.com/xmlns/prod/sw/ajax/proxy-config/1.1">
<proxy:mapping contextpath="/proxy/*" />
<proxy:policy url="*" acf="none">
<proxy:actions>
<proxy:method>GET</proxy:method>
</proxy:actions>
</proxy:policy>
</proxy:proxy-rules>
- RES ENV PROV (REP)
<proxy:proxy-rules
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:proxy="http://www.ibm.com/xmlns/prod/sw/ajax/proxy-config/1.1">
<proxy:mapping contextpath="/proxy/*" />
<proxy:policy url="*" acf="none">
<proxy:actions>
<proxy:method>PUT</proxy:method>
</proxy:actions>
</proxy:policy>
</proxy:proxy-rules>
- resulting config (REP overrules config file)
<proxy:proxy-rules
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:proxy="http://www.ibm.com/xmlns/prod/sw/ajax/proxy-config/1.1">
<proxy:mapping contextpath="/proxy/*" />
<proxy:policy url="*" acf="none">
<proxy:actions>
<proxy:method>PUT</proxy:method>
</proxy:actions>
</proxy:policy>
</proxy:proxy-rules>
Example of additive policies:proxy-config.xml file
<?xml version="1.0" encoding="UTF-8"?>
<proxy:proxy-rules
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:proxy="http://www.ibm.com/xmlns/prod/sw/ajax/proxy-config/1.0">
<proxy:mapping contextpath="/knowledge"
url="http://mycompany.com:8081/knowledgebase" /> PUT
<proxy:policy url="http://mycompany.com:8081/knowledgebase/abstracts/*" acf="none">
<proxy:actions>
<proxy:method>GET</proxy:method>
</proxy:actions>
</proxy:policy>
</proxy:proxy-rules>
- RES ENV PROV (REP)
<?xml version="1.0" encoding="UTF-8"?>
<proxy:proxy-rules
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:proxy="http://www.ibm.com/xmlns/prod/sw/ajax/proxy-config/1.0">
<proxy:mapping contextpath="/knowledge" url="http://mycompany.com:8081/knowledgebase" />
<proxy:policy url="http://mycompany.com:8081/knowledgebase/products/*" acf="none">
<proxy:actions>
<proxy:method>PUT</proxy:method>
</proxy:actions>
</proxy:policy>
</proxy:proxy-rules>
- resulting config (REP overrules config file)
<?xml version="1.0" encoding="UTF-8"?>
<proxy:proxy-rules
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:proxy="http://www.ibm.com/xmlns/prod/sw/ajax/proxy-config/1.0">
<proxy:mapping contextpath="/knowledge" url="http://mycompany.com:8081/knowledgebase" />
<proxy:policy url="http://mycompany.com:8081/knowledgebase/abstracts/*" acf="none">
<proxy:actions>
<proxy:method>GET</proxy:method>
</proxy:actions>
</proxy:policy>
<proxy:policy url="http://mycompany.com:8081/knowledgebase/products/*" acf="none">
<proxy:actions>
<proxy:method>PUT</proxy:method>
</proxy:actions>
</proxy:policy>
</proxy:proxy-rules>
Customizing the global proxy configuration by using dynamic policy entries
Additional to updating the AJAX proxy configuration enterprise application, you can also customize the effective global AJAX proxy configuration by using the portal WP ConfigService Resource Environment Provider (REP). You do this by matching the values in the WP ConfigService REP with so called dynamic policy entries in the global proxy configuration file. For details about how to do this refer to the topics about the Portal configuration properties and Setting service configuration properties.
A dynamic policy entry differs from a non-dynamic policy entry in that it uses replacement variables instead of URL patterns in the policy element url attribute. A policy element url attribute is considered to be a replacement variable definition if the attribute value starts with the string {$ and ends with the string }. For example, a policy entry url attribute value of {$my.custom.url.target} defines a dynamic policy replacement variable named my.custom.url.target.
wp.proxy.config.urlreplacement.variable_name.suffix
- wp.proxy.config.urlreplacement
- This prefix identifies the property to define a dynamic policy replacement value.
- variable_name
- This variable identifies the target dynamic policy element in the global proxy configuration file.
- suffix
- This suffix represents a string of your choice that makes the key unique within all replacement keys that refer to the same dynamic policy replacement variable, if there is more than one.
<proxy:policy url="{$default_policy}" acf="none">
<proxy:actions>
<proxy:method>GET</proxy:method>
<proxy:method>HEAD</proxy:method>
</proxy:actions>
</proxy:policy>
To attach this policy to outbound requests
to URLs that match one of the URL patterns http://www.some.server.com/* or http://some.other.server.com/*,
you can add the following two custom properties to the WP ConfigService
resource environment provider:wp.proxy.config.urlreplacement.default_policy.1=http://www.some.server.com/*
wp.proxy.config.urlreplacement.default_policy.2=http://some.other.server.com/*
Default global proxy configuration
- http://www-03.ibm.com/*
- http://www.redbooks.ibm.com/*
- default_policy
- This policy allows plain HTTP GET and HEAD requests.
- default_ltpa_policy
- This policy allows authenticated HTTP GET and HEAD requests within the WebSphere LTPA token based single sign-on domain.