Server Configuration

Describes how to enable and expose the TRC REST APIs through the Lite Web Portal by updating application.xml and server.xml, creating rest_api.xml with JAX-RS, OpenID Connect/OAuth, and JWT configuration, and setting the portal hostname/port and client secret. After applying these changes and restarting the server, the APIs are accessible via the Lite Web Portal host, and Swagger UI can be used to view and test them.

About this task

Swagger UI is available to get the documentation and to test the new REST APIs.

Server configuration

REST APIs must be enabled into the Remote Control Server and will be reachable from the Internet through the Lite Web Portal, which means that they need to be called with the Lite Web Portal hostame and port.

To enable the REST APIs please follow these steps:

Procedure

  1. Add the following snippet into the [server_installation]\BigFix\TRC\server\wlp\usr\servers\trcserver\application.xml file: 
    <server> 
 <application 	context-root="/trc" type="ear" id="trcserver" location="TRCAPP.ear" 
 	name="trcserver"  autoStart="true" > 
	<application-bnd>  
         <security-role name="any-authenticated">  
         <special-subject type="ALL_AUTHENTICATED_USERS"/>  
         </security-role>  
 	</application-bnd>
</application> 
 <application 	context-root="/" type="ear" id="trcredir" location="REDIR.ear" 
 	name="trcredir"  autoStart="true" /> 
<applicationMonitor updateTrigger="disabled" dropinsEnabled="false" /> 
<config updateTrigger="disabled" /> 
</server>
  2. Add the following line into the file [server_installation]\BigFix\TRC\server\wlp\usr\servers\trcserver\server.xml: 
    <server description="Bigfix Remote Control">
<!-- THIS FILE IS AUTO GENERATED -->
<!-- Use this file userpre.xml to include custom configuration -->
<!-- or userpost.xml -->
<include optional="true" location="userpre.xml" />
<include optional="true" location="../../../../tools/env/env.xml" />

    <!-- Enable features -->
    <featureManager>
        <feature>jsp-2.3</feature>
        <feature>jdbc-4.2</feature>
        <feature>servlet-4.0</feature>
        <feature>transportSecurity-1.0</feature>
        <feature>jsf-2.3</feature>
    	<feature>javaMail-1.6</feature>
	<feature>jsonp-1.1</feature>
        <feature>jaxb-2.2</feature>
	<feature>jndi-1.0</feature>
    </featureManager>
    
<include optional="true" location="sso.xml" />
    
<include location="application.xml" />

<include location="memory.xml" />

<include location="host.xml" />

<include optional="true" location="cookie.xml" />

<include location="database.xml" />

<include location="ssl.xml" />

<include optional="true" location="userpost.xml" />

<include optional="true" location="rest_api.xml" />

</server>
  3. Create a new file [server_installation]\BigFix\TRC\server\wlp\usr\servers\trcserver\rest_api.xml. Add the following content into the new rest_api.xml file: 
    <server>
	<featureManager>
		<feature>jaxrs-2.1</feature>
        <feature>jsonb-1.0</feature>
        <feature>appSecurity-3.0</feature>
        <feature>jwt-1.0</feature>
        <feature>mpJwt-1.0</feature>
        <feature>openidConnectServer-1.0</feature>
        <feature>openidConnectClient-1.0</feature>
        <feature>localConnector-1.0</feature>
        <feature>mpOpenAPI-1.1</feature>
	</featureManager>
	<openidConnectProvider id="OIDCProvider" oauthProviderRef="authProvider" signatureAlgorithm="RS256" keyStoreRef="defaultKeyStore" keyAliasName="1"/>
	<oauthProvider id="authProvider" httpsRequired="true" jwtAccessToken="true" accessTokenLifetime="120">
		<localStore>
			<client name="client_ID" secret="[secret]" enabled="true" grantTypes="client_credentials" scope="openid api webcontroller" preAuthorizedScope="openid api webcontroller" resourceIds="client_ID"/>
		</localStore>
	</oauthProvider>
	<openidConnectClient id="ResourceServer" clientId="client_ID" clientSecret="[secret]" inboundPropagation="required" audiences="client_ID" signatureAlgorithm="RS256" issuerIdentifier="[hostname:port]/oidc/endpoint/OIDCProvider" jwkEndpointUrl="[hostname:port]/oidc/endpoint/OIDCProvider/jwk" headerName="Authorization" authFilterRef="authFilter" scope="openid api webcontroller" groupIdentifier="scope" trustStoreRef="defaultKeyStore"/>
	<authFilter id="authFilter">
		<requestUrl id="apiProtection" urlPattern="ondemand/api" matchType="contains"/>
	</authFilter>
</server>
    [hostname:port]
    Defines the host name and SSL port of your Remote Control Server. For example, https://example.com:443/.
    [secret]
    Defines the secret that will be used by the client to generate a new JWT (JSON Web Token).
  4. Restart the Remote Control Server service.