SIRA_PRISE Web Client User Guide

Using the web client

If you have installed the web client correctly in your web application server (and the webapp server is running of course), then you can start using the web client by opening a browser and pointing it to the contextpath of the SIRA_PRISE web application, e.g. http://localhostname:2780/SIRA_PRISE. The administration client's main menu will then show :

The main menu shows links to the functions you can use to manage the database. The detailed explanation for each function has been integrated in the administration client's help system.

Setting up the web client for secured use

Defining user IDs

If you want to set up the web client to allow users to identify and authenticate themselves, some setup will have to be done. This is described in this section.

Defining users such that they are known to the web client (or rather actually, the presentation layer package underlying the web client), must be done by using the "Define User" function of the presentation layer package. To access this function, apply following steps :

  1. Open a new browser window and point it to the UsersOverview.aspladm URL of your application :
  2. Log on with a user that has been granted the aspladmin role. If this is the first time you log on to the aspladmin functions, log on with User ID AsplAdministrator and password equal to user ID.
  3. Change the password if needed (this will be required at first-time login with the provided AsplAdministrator user ID)
When logged in, you will get to see the ASPL Users overview window :

The functions to add, manage and delete ASPL Users are behind the links that are reachable from this window. More info about these individual functions is provided in the function's Help.

Apart from defining the userID to the presentation layer package, the user must also be defined to the SIRA_PRISE server he will be using/administering. This can be done using this web client's "Create User" function, or using any other way to update the involved server's USER relvar (please see the appropriate section in the "User and Installation Guide" for more info).

Defining the client

Apart from defining the users to both the web client and the server, the web client itself must also be made known to the server, and be configured such that it is able to authenticate itself to the server.

The first step is to define the web client to the server. This can be done using the web client's "Create Client" function, or any other means that may be available for registering tuples in the server's CLIENT relvar. Note that this step must be done using an anonymous transaction, since this is likely to be the first client to be registered to the server.

The next step is to generate a key pair and make that available to the web client package. This can be done using the keytool program that comes standard with any java installation :

keytool -genkey -keystore siraprisewebclient.keystore -storepass password -alias SIRAPRISEWEBCLIENTMD5WITHRSA -keyalg RSA -keysize 1024 -sigalg MD5WITHRSA -keypass password -dname cn=SIRAPRISEWEBCLIENT -validity 7300

In this command, the keystore name, the keystore password and key password must be typed exactly as is. The -alias value must be equal to the concatenation of the client name ('SIRAPRISEWEBCLIENT') and the chosen signature algorithm name ('MD5WITHRSA' in the example). Other signature algorithms can be chosen if they are supported by both the JVM in which the web client will be running, and the JVM in which the server will be running.

The private part of the key pair is now stored in a file named 'siraprisewebclient.keystore', but it must still be made available to the web client. To that effect, it must be packaged in a jar file, and that jar file must be placed in the web application server's class path. Packaging the keystore in a jar file can be done using java's jar tool :

jar cvf spwc.jar siraprisewebclient.keystore

This jar file must then be copied to the same directory where you also installed the sp.webclient.jar file.

The next step is to extract (a certificate holding) the public key from the key pair, and register this public key in the server. Extracting a certificate can be done using, once again, java's keytool program :

keytool -export -keystore siraprisewebclient.keystore -storepass password -alias SIRAPRISEWEBCLIENTMD5WITHRSA -keypass password -file spwc.crt

The spwc.crt file now contains the certificate to be registered in the server. To achieve this, copy the file to the server's directory and use either the provided BAT file or issue the java command contained therein :

SP.REGISTERCLIENTX509CERTIFICATE.BAT spwc.crt
java -cp sp.server.jar;license.jar be.SIRAPRISE.server.RegisterClientX509Certificate spwc.crt

The final step is to configure the web client such that it will actually use the signing mechanisms to authenticate itself to the server. When first installed, the web client is not configured to do this.