Important: This section only concerns programs generated with Java server parts.
Access
To start the java Middleware daemon, execute the command java com.hardis.middleware.MwServer 3500 MT, where 3500 is the recommended port and MT stands for "Multi-Thread".
We recommend using a port higher than 1024.
Notes:
- On the same machine, it is possible to have several instances of the Java server, possibly with different operating modes (MT, MP).
In this case, you must indicate a different port when running the daemons so that, at client configuration level, the processes use the daemon according to the port specified during definition on the physical server.
- On the same machine, it is possible to have several instances of the Java server, possibly with different operating modes (MT, MP).
- The DaemonDBG.bat command file lets you start up a Java MT daemon configured to allow program debugging. Click here for more information on configuring the daemon to be used with the Visual Adelia debugger.
Java server programs can be run once the Java Middleware daemon has been started.
Other parameters of the java com.hardis.middleware.MwServer command
Command line syntax:
java com.hardis.middleware.MwServer <port> MT [-o<timeout (in seconds)>]
<port>: [<Hostname or @IP>:] <Port number>
TCP/IP port on which the Middleware daemon listens.
If a host name or IP address is specified, the daemon only listens at the set address. (Example: if <port> = 194.127.4.3:3500, the daemon only listens on port 3500 at the address 194.127.4.3).
If no address is specified, or if it is set to 0.0.0.0, the daemon listens to all available addresses on the machine.
-o<timeout (in seconds)>] : Specifies the timeout beyond which any orphan server processes (i.e. processes whose client parts are no longer responding) are terminated.
If < timeout> is equal to 0, the timeout is deactivated. It is also deactivated if the parameter -o is not specified.
Default: timeout set to 0 second. Minimum value is 60 seconds.
NB:
In LDAP authentication mode, to prevent LDAP injection attacks, the daemon rejects usernames containing special characters that can be used in an LDAP query (characters (, ), *, &, |, !, =, >, < and ~).
If this creates a problem, you can explicitly authorize all or some of these characters using the -Dadelia.relaxedLdapCharacters JVM parameter. To authorize all the excluded characters, add the "-adelia.relaxedLdapCharacters=()*&|!=><~" option to the command line.
Single Sign-On (SSO) configuration
You can specify the principal to use for login via the "com.hardis.adelia.security.kerberos.principal" property.
-Dcom.hardis.adelia.security.kerberos.principal=principal: specify the Kerberos principal. By default, the daemon uses the MWDAEMON/host.domain.com principal, where host.domain.com is the server's qualified DNS name.
In Windows, the Java default configuration for authentication in the domain of the user starting the daemon. You simply need the encryption key associated with the service principal in the "krb5.keytab" file present in the private directory of the user starting the daemon.
In another system, or in the case of more complex configuration, you need to provide the Kerberos (krb5.conf) and authentication module (jaas.conf) configuration files. For further details, see Oracle documentation.
Running the daemon in TLS mode (encrypted connections):
The daemon can be started up so that connections are encrypted.
The parameters relating to secure connections are specified via Java system properties (Dadelia.middleware.xxx parameters of the JVM).
The command parameters are as follows:
-Dadelia.middleware.tls=true : Starting up the daemon in TLS mode. In this mode, communications among client and server programs are encrypted.
-Dadelia.middleware.cert=<certificate_file_name>: name of file containing the certificate string for TLS encryption. The file must be in PEM format.
-Dadelia.middleware.key=<key_file_name>: name of the file containing the private key corresponding to the server certificate. The file must be in PEM (PRIVATE KEY) format.
If the certificate parameters are not provided, the daemon can also use the keystore provided by the standard Java parameters (Djava.net.ssl.keyStore, Djava.net.ssl.keyStorePassword, Djava.net.ssl.keyStoreType).
-Dadelia.middleware.allow-insecure-clients=true: authorizes the connection of clients in version 13.x and 14.0.0 which do not support the TLS protocol.
These clients are not authorized by default and receive a version error.
Important: if this option is specified, the connection is authorized but is not encrypted for clients of a lower version.
Important: if the daemon is started up with a server certificate that is self-signed or signed by a private certification authority, the server or authority certificate must be saved in the client workstation trusted certificate store.
See Middleware operating in TLS mode page for more information.
On a Windows workstation, the Java Middleware daemon is launched as a Windows service.
Java Middleware daemon Windows service parameters:
Installing the service
DaemonJavaService –install [port [-auto | -manual [<user> <password> [<Daemon parameter> [<JVM parameter>]]]]]
Port: Middleware daemon TCP/IP listening port (3500 by default)
-auto: Service created in automatic startup mode (default mode)
-manual: Service created in manual startup mode
<user>: Service start profile ("localsystem" by default).
Enter *dft if you wish to use the default value and enter parameters after this parameter.
<password>: Password associated with the startup profile.
Enter *dft if you have specified the value *dft for <user>.
<Daemon parameter>: -o<timeout (in seconds)> (timeout is disabled by default)
Enter *dft if you wish to use the default value and enter parameters after this parameter.
<JVM parameter>: JVM parameters (no specific parameter by default).
If you have several parameters separated by spaces, put the string in quotes.
Examples :
DaemonJavaService –install
DaemonJavaService -install 3500 -auto *dft *dft *dft "-XX:PermSize=256m -XX:MaxPermSize=512m"
DaemonJavaService -install 3500 -auto MonDomaine\monprofil mordepasse "-o60" "-XX:PermSize=256m -XX:MaxPermSize=512m"
Uninstalling the service
DaemonJavaService –uninstall