JKL Toy Company adds password protection for HTTP Server

Scenario

The JKL Toy Company (a fictitious company) wants to protect a set of Web pages on its Web site so that they can only be viewed by visitors that have a password. In order to add password protection, JKL needs to decide what type of authentication method to use:

• Internet user - requires an entry in a validation list.
• User profile - requires an IBM i server user profile.
• LDAP - requires an LDAP server.

JKL Toy Company chooses to use Internet users for the following reasons:

• User profiles are not desirable since JKL does not want to create a user profile for each authenticated visitor to the Web site.
• Since JKL only wants to implement authentication on one IBM i server, validation lists will be used. LDAP is a better solution for multiple systems.

The Web page content to be protected is in the preexisting directory /www/jkltest/profiles/. The visitor's user name and passwords will be stored in a new validation list called users in library PROFILES. The first user name that we will enter is sjones with a password of dragon102.

Prerequisites

• It is assumed you have read Scenarios: HTTP Server.
• It is assumed you have read and completed JKL Toy Company creates an HTTP Server or you have an existing HTTP Server configuration.
• It is assumed you have read and completed JKL Toy Company adds a new directory to HTTP Server.
• It is assumed you have access to or the correct authority to create an IBM i library.

Create a library for validation lists on your IBM i server

Skip the following steps if you will be using an existing library on your IBM i server for your validation list.

1. Start a 5250 session on your system.
2. Enter CRTLIB on the command line.
3. Type the F4 key to prompt for additional parameters.
4. Enter a name for your library in the Library field.

   Example: PROFILES

5. Optional: Edit the remaining fields as necessary or accept the default values.
6. Type the Enter key (or equivalent) to create your library.

Make sure the proper authorities and restrictions you want on the library are active before continuing.

Start the IBM Web Administration for i interface

Access the IBM Web Administration for i from your browser. For information about how to access the Web Administration for i interface, see Starting Web Administration for i.

Set up password protection for a directory on HTTP Server

1. Click the Manage tab.
2. Click the HTTP Servers subtab.
3. Select your HTTP Server from the Server list.

   Example: JKLTEST

4. Select Directory /www/[server_name]/[new_directory]/ from the Server area list.

   Example: /www/jkltest/profiles/

   Note: The new directory was created with the JKL Toy Company adds a new directory to HTTP Server scenario.
5. Expand Server Properties.
6. Click Security.
7. Click the Authentication tab in the form.
8. Select Select Internet users in validation lists.
9. Enter a descriptive name in the Authentication name or realm field.

   Example: JKL Employee Profiles

   Note: When users attempt to access a password protected resource, they are challenged for a username and password. The Authentication name or realm value is displayed in the login window, and should provide information regarding the resource the user is attempting to access.
10. Click Add under Validation lists table.
11. Enter [library]/[validation_list_name].

    Example: profiles/users

    Note: In the above example, profiles is the name of the IBM i library and users is the name of the validation list.
12. Click Continue.
13. Select Default server profile from the IBM i user profile to process requests list under Related information. When selected, the value %%SERVER%% will be placed in the field.
14. Click Apply.
15. Click the Control Access tab in the form.
16. Select All authenticated users (valid user name and password) under Control access based on who is making the requests.
17. Click OK.

Create a validation list for HTTP Server

1. Click the Advanced tab.
2. Click the Internet Users and Groups subtab.
3. Expand Internet Users and Groups.
4. Click Add Internet User.
5. Enter [username] into the User name field.

   Example: sjones

6. Enter [password] into the Password field.

   Example: dragon102

7. Enter the same password in the Confirm password field.
8. Optional: Enter comments for this Internet user.
9. Enter [library]/[validation_list_name] in the Validation list field.

   Example: profiles/users

   Note: In the above example, profiles is the name of the library and users is the name of the validation list.
10. Click Apply.

Restart your HTTP Server

Select one of the following methods below:

Manage one server

1. Click the Manage tab.
2. Click the HTTP Servers subtab.
3. Select your HTTP Server from the Server list.
4. Click the Stop icon if the server is running.
5. Click the Start icon.

Manage all servers

1. Click the Manage tab.
2. Click the HTTP Servers subtab.
3. Select All Servers from the Server list.
4. Click the All HTTP Servers tab.
5. Select your HTTP Server name in the table.

   Example: JKLTEST

6. Click Stop if the server is running.
7. Click Start.

Test your HTTP Server

1. Open a new Web browser.
2. Enter http://[i_hostname]:[port]/[new_directory_alias]/ in the location or URL field.

   Example: http://jkl_server:1975/profiles/

3. Enter the username and password you created.

You will be asked to provide a valid username and password. Enter the username and password you entered in the validation list. It is suggested you limit *PUBLIC authority, but allow authority to the Web administrator user authority and QTMHHTTP.

View your HTTP Server configuration

Your configuration will look similar if you used the given example in this and previous examples.

1. Click the Manage tab.
2. Click the HTTP Servers subtab.
3. Select your HTTP Server from the Server list.

   Example: JKLTEST

4. Expand Tools.
5. Click Display Configuration File.