Security may be turned on or off per web service instance. In order to activate the security, please follow this guide.
Please oben the web user interface of tia Webservice and click on the gear symbol in the actions column of the webservice instance you wish to activate security for. This will open the configuration of the instance.
tia Web Service UI with highlighted gear-symbol in the Action column. |
---|
Please switch to the tab Security and tick the checkbox of the option UseSecurity.
Three types of security are being supported.
Checking, if the application’s name is signed
Sending read-/write-operations using configured certificate
Permission regarding content server operations (serverinfo, info, create, delete and get)
Signing an application’s name
Three fields should be configured in order to verify that the application name is signed.
PublicKeystore Path (May be found here OSGi → Configuration → WebService MainConfiguration
PublicKeystore Password (May be found here *OSGi → Configuration → WebService MainConfiguration)
PublicStoreAlias (Main → tia Web Service → Instance name → Gear-symbol → Security-tab → PublicStoreAlias
You may configure a keystore which consists of one or many certificates (with public keys). When a seckey is received by an instance, seckey’s signature will be verified against the alias configured at the web service’s instance configuration.
After enabling the UseSecurity setting and configuring a keystore alias, the signing of the application’s name will be verified using the public key mapped against the alias in the specified keystore.
Please note: It’s necessary to restart the instance in order for the security settings to take effect.
Using a certificate
The option Certificate within the Security-tab ( Main → tia Web Service → Gear-symbol in the Actions column of the instance) allows you to use different types of certificates. Currently you may choose from the following types.
KGS
ID3
none
Please note: In case the remote content server does not contain any certificate, you may send a certificate from a specific web service instance, by clicking the key-symbol.
tia Web Service UI with highlighted “Send certificate”-action. |
---|
It’s also possible to send certificates to every web service instance with configured security, by clicking the Send Certificates-button at the bottom of the instance overview.
Configuring permission for Content Server operations
An web service instance may be configured to allow certain or all operations. The following operations are possible.
serverinfo: The web service instance allows to execute serverinfo-requests against the defined content server endpoint.
info: The web service instance allows to execute info-requests against the defined content server endpoint.
create: The web service instance allows to execute create-requests for documents against the content server endpoint.
delete: The web service instance allows to execute delete-requests for documents against the defined endpoint
get: The web service instance allows to exeute get-requests for documents against the defined endpoint
Please note: These options and permissions work separated from the UseSecurity-option. Therefore the parameter UseSecurity does not has to be enabled.
You may find these options by opening the web userinterface → Main → tia Web Service → Gear-symbol in Actions-column of the instance → Security-tab
Opened web userinterface with highlighted request permission options |
---|