SOAP server configuration and security
User access to a SOAP server can be secured in one of two ways: by enabling security and creating user accounts for the hub monitoring server, or by adding specific users to the SOAP server definition. If security is not enabled and no users are added to the server definition, the SOAP server honors all requests from any sender. If security is enabled on the hub monitoring server, the SOAP server honors requests only from users defined to the system authorization facility. However, if any users are added to the SOAP server definition, only those users have access to the server, regardless of whether security is enabled on the monitoring server.
SOAP server configuration creates a KSHXHUBS member in the rhilev.rte.RKANPARU library. The KSHXHUBS member contains the hub monitoring server list, an aliasing mechanism for identifying the hub monitoring servers with which the local SOAP server can communicate.
- Enable global access to all user IDs that pass logon validation.
- Specify a hub monitoring server list and, for each monitoring server on the list, the user IDs that are allowed to query (read) or update (write to) that monitoring server.
The hub monitoring server list in a runtime environment is maintained in the KDSTHUBS global table. KDSTHUBS is used by all SOAP servers that are enabled in the installation library. Any changes you make to the hub monitoring server entries in KDSTHUBS affect KSHXHUBS members used in the different RKANPARU libraries for the runtime environments, when you reconfigure those runtime environments.