Chapter 6 Web Server Gateways
If your database server runs on a different host than your Web server, or if you are developing Internet applications that must connect to a secure database server through a firewall, you need a gateway to act as a proxy, providing a path to the database server.
To connect to servers using the Secure Sockets Layer (SSL) protocol, jConnect provides a Java servlet that you can install on any Web server that supports the javax.servlet interfaces. This servlet enables jConnect to support encryption using the Web server as the gateway.
jConnect includes support for SSL on the client system.
For information on jConnect's client-side support of SSL,
see "Implementing custom socket
plug-ins".
jConnect uses TDS to communicate with database servers. HTTP-tunnelled TDS is useful for forwarding requests. Requests from a client to a back-end server that go through the gateway contain TDS in the body of the request. The request header indicates the length of the TDS included in the request packet.
TDS is a connection-oriented protocol, whereas HTTP is not. To support security features such as encryption for Internet applications, jConnect uses a TDS-tunnelling servlet to maintain a logical connection across HTTP requests. The servlet generates a session ID during the initial login request, and the session ID is included in the header of every subsequent request. Using session IDs lets you identify active sessions, and even resume a session as long as the servlet has an open connection using that specific session ID.
The logical connection provided by the TDS-tunnelling servlet enables jConnect to support encrypted communication between two systems--for example, a jConnect client with the CONNECT_PROTOCOL connection property set to "https" connecting to a Web server running the TDS-tunnelling servlet.
There are several options for setting up your Web servers and Adaptive Servers. Four common configurations are described below. These examples show where to install the jConnect driver and when to use a gateway with the TDS-tunnelling servlet.
In this two-tier configuration, the Web server and Adaptive Server are both installed on the same host.
With this configuration, you have a separate host for your main Web server. A second host is shared by a Web server specifically for Adaptive Server access and the Adaptive Server. Links from the main server direct requests requiring SQL access to the dedicated Web server.
In this three-tier configuration, the Adaptive Server is on a separate host from the Web server. jConnect requires a gateway to act as a proxy to the Adaptive Server.
To connect to a server protected by a firewall, you must use a Web server with the TDS-tunnelling servlet to support transmission of database request responses over the Internet.
| Copyright © 2001 Sybase, Inc. All rights reserved. |
| |