Novell Documentation: GroupWise 6.5 - Configuring the WebAccess Application

Configuring the WebAccess Application

During installation, the WebAccess Application is set up with a default configuration. However, you can use the information in the following sections to optimize the WebAccess Application configuration:

Modifying the WebAccess Application Environment Settings

Using ConsoleOne^®, you can modify the WebAccess Application's environment settings. The environment settings determine such things as the location where ConsoleOne stores the WebAccess Application's configuration file and how long the WebAccess Application will maintain an open session with an inactive user.

To modify the environment settings:

In ConsoleOne, right-click the WebAccess Application object (GroupWiseWebAccess), then click Properties.

NOTE: The WebAccess Application object is not available in the GroupWise View. To locate the WebAccess Application object, you must use the Console View.
If necessary, click Applications > Environment to display the Environment page.
Modify any of the following fields:
Configuration File: The WebAccess Application does not have access to Novell^® eDirectory^TM or the GroupWise^® domain database. Therefore, ConsoleOne writes the application's configuration information to the file specified in this field. By default, this is the webacc.cfg file located in the WebAccess Application's home directory (novell\webaccess on the Web server or /opt/novell/groupwise/webaccess on Linux).

In general, you should avoid changing the location of the file. If you do, you need to make sure to modify the webacc.cfg path in the Java* servlet engine's property file or (web.xml for Tomcat or servlets.properties for the Novell Servlet Gateway). If you do not, the WebAccess Application will continue to look for its configuration information in the old location.
File Upload Path: When a user attaches a file to an item, the file is uploaded to the directory displayed in this field. By uploading the file before the item is sent, less time is required to send the item when the user clicks the Send button. After the user sends the item (or cancels it), the WebAccess Application deletes the file from the directory.

Specify the upload directory you want to use. The default path is to the temp directory, located in the WebAccess Application's home directory (by default, novell\webaccess\temp on the Web server or /opt/novell/groupwise/webaccess/temp on Linux).
Logout URL: By default, users who log out of GroupWise WebAccess are returned to the login page. If desired, you can enter the URL for a different page.

The logout URL can be defined in this location and two additional locations. These locations are listed below, in the order that the WebAccess Application will check them.
- Trusted server logout URL (configured on the Security page)
- Template-specific logout URL (configured on the Templates page)
- General logout URL (configured on the Environment page)
For example, you define a general logout URL (WebAccess Application object > Environment page) and a Standard HTML template logout URL (WebAccess Application object > Templates page). You are not using trusted servers, so you do not set any trusted server logout URLs.When a Standard HTML template user logs out of WebAccess, the Standard HTML template logout URL is used. However, when a Basic HTML template user logs out, the general logout URL is used.

If none of these locations include a logout URL, the WebAccess Application defaults to the standard login page.
Click OK to save the changes.

Controlling WebAccess Application Logging

The WebAccess Application logs information to log files on disk. You can control the following logging features:

The type of information to log
How long to retain log files
The maximum amount of disk space to use for log files
Where to store log files

The WebAccess Application creates a new log file each day and each time it is restarted (as part of the Web server startup). The log file is named mmddwas.nnn, where mm is the month, dd is the year, and nnn is a sequenced log file number (001 for the first log file of the day, 002 for the second, and so forth).

To modify the log settings:

In ConsoleOne, right-click the WebAccess Application object, then click Properties.
Click Application > Log Settings to display the Log Settings page.
Modify any of the following properties:
Log File Path: Specify the path to the directory where you want to store the log files.

On NetWare and Windows, the log files are stored in the novell\webaccess\logs directory on the Web server by default. On Linux, they are stored in /opt/novell/groupwise/webaccess/logs.
Maximum Log File Age: Specify the number of days you want to retain the log files. The WebAccess Application will retain the log file for the specified number of days unless the maximum disk space for the log files is exceeded. The default age is 7 days.
Maximum Log Disk Space: Specify the maximum amount of disk space you want to use for the log files. If the disk space limit is exceeded, the WebAccess Application will delete log files, beginning with the oldest file, until the limit is no longer exceeded. The default disk space is 1024 KB.
Logging Level: There are four logging levels: None, Normal, Verbose, and Diagnostic. None turns logging off; Normal displays warnings and errors; Verbose displays Normal logging plus information messages and user requests; and Diagnostic displays all possible information. The default is Normal logging. Use Diagnostic only if you are troubleshooting a problem with WebAccess.

The verbose and diagnostic logging levels do not degrade WebAccess Application performance, but log files saved to disk consume more disk space when verbose or diagnostic logging is in use.
Log Language: Select the language in which you want information written to the log files. The list contains many languages, some of which the WebAccess Application might not support. If you select an unsupported language, the information will be written in English.
Log Time Format: Choose from the following formats to use when the WebAccess Application records dates and times in the log files: HH:mm:ss:SS, MM/dd: H:mm:ss.SS, or dd/MM: H:mm:ss.SS. H and HH represent hours, mm represents minutes, ss and SS represent seconds, MM represents months, and dd represents days.
Click OK to save the log settings.

Adding or Removing Service Providers

The WebAccess Application receives requests from users and then passes the requests to the appropriate service provider. The service provider fills the requests and returns the required information to the WebAccess Application. The WebAccess Application merges the information into the appropriate template and displays it to the user.

To function properly, the WebAccess Application must know which service providers are available. On NetWare and Windows, WebAccess includes two service providers: a GroupWise service provider (GroupWiseProvider) and an LDAP service provider (LDAPProvider). On Linux, there is also a separate GroupWiseDocumentProvider for WebPublisher. The GroupWise provider communicates with the WebAccess Agent to fill GroupWise requests. The LDAP provider communicates with LDAP servers to fill LDAP requests, such as LDAP directory searches initiated through the GroupWise Address Book.

Both the GroupWise service provider and the LDAP service provider are installed and configured at the same time as the WebAccess Application. You can disable the GroupWise service or LDAP service by removing the GroupWise service provider or LDAP service provider. On Linux, the GroupWiseDocumentProvider is also created by default. If you've created new service providers to expose additional services through GroupWise WebAccess, you must define those service providers so that the WebAccess Application knows about them.

To define service providers:

In ConsoleOne, right-click the WebAccess Application object, then click Properties.
Click Application > Services to display the Services page.

The Provider List displays all service providers that the WebAccess Application is configured to use.
Choose from the following options:
Add: To add a service provider to the list, click Add, browse for and select the service provider's object, then click OK.
Edit: To edit a service provider's information, select the provider in the list, then click Edit. For information about the modifications you can make, see Configuring the GroupWise Service Provider and Configuring the LDAP Service Provider.
Delete: To remove a service provider from the list, select the provider, then click Delete.
Click OK to save the changes.

Modifying WebAccess Application Template Settings

When the WebAccess Application receives information from a service provider, it merges the information into the appropriate WebAccess template before displaying the information to the user. Using ConsoleOne, you can modify the WebAccess Application's template settings. The template settings determine such things as the location of the templates, the maximum amount of server memory to use for caching the templates, and the default template language.

In ConsoleOne, right-click the WebAccess Application object, then click Properties.
Click Application > Templates to display the Templates page.
Modify any of the following fields:
Template Path: Select the location of the template base directory. The template base directory contains the subdirectories (simple, frames, hdml, and wml) for each of the templates provided with GroupWise WebAccess. If you create your own templates, you need to place the templates in a new subdirectory in the template base directory.

On a NetWare^® server with the Novell Servlet Gateway, the default installation directory is java\servlets\com\novell\webaccess\templates.

On a Windows server with the Novell Servlet Gateway, the default installation directory is novell\java\servlets\com\novell\webaccess\templates.

On a NetWare or Windows server with Tomcat, the default installation directory is tomcat_dir\webapps\ROOT\web-inf\classes\com\novell\webaccess\templates.

On a Linux server with Tomcat, the default installation directory is /var/opt/novell/tomcat/webapps/gw/WEB-INF/classes/com/novell/webaccess/templates.
Java Package: Specify the Java package that contains the template resources used by the WebAccess Application. The default package is com.novell.webaccess.templates.
Images URL: Specify the URL for the GroupWise WebAccess image files. These images are merged into the templates along with the GroupWise information. This URL must be relative to the Web server's document root directory. On NetWare and Windows, the default relative URL is /com/novell/webaccess/images. On Linux, the default relative URL is /gw/com/novell/webaccess/images.
Applets URL: In some instances (Address Book and Month Calendar, for example), applets can be used instead of the standard templates. Specify the URL for the GroupWise WebAccess applets (Address Book, Month Calendar, and so forth). This URL must be relative to the Web server's document root directory. On NetWare and Windows, the default relative URL is /com/novell/webaccess/applets. On Linux, the default relative URL is /gw/com/novell/webaccess/applets.
Help URL: Specify the URL for the GroupWise WebAccess Help files. This URL must be relative to the Web server's document root directory. On NetWare and Windows, the default relative URL is /com/novell/webaccess/help. On Linux, the default relative URL is /gw/com/novell/webaccess/help.
Enable Template Caching: To speed up access to the template files, the WebAccess Application can cache the files to the server's memory. Select this option to turn on template caching.
Cache Size: Select the maximum amount of memory, in kilobytes, you want to use when caching the templates. The default cache size, 2500 KB, is sufficient to cache all templates shipped with GroupWise WebAccess. If you modify or add templates, you can turn on Verbose logging (WebAccess Application object > Application tab > Log Settings page) to view the size of the template files. Using this information, you can then change the cache size appropriately.
Default Language: If you have more than one language installed, select the language to use when displaying the initial GroupWise WebAccess page. If users want the GroupWise WebAccess interface (templates) displayed in a different language, they can change it on the initial page.
Define User Interfaces: GroupWise WebAccess supports Web browsers on many different devices (for example, computers and wireless telephones). Each device supports specific content types such as HTML, HDML, and WML. When returning information to a device's Web browser, the WebAccess Application must merge the information into a set of templates to create an interface that supports the content type required by the Web browser.

GroupWise WebAccess ships with five predefined user interfaces (Standard HTML, Basic HTML, Handheld Device Markup Language, Wireless Markup Language, and Web Clipping). These interfaces support Web browsers that require HTML, HDML, and WML content types. Click the User Interface button to view, add, modify, or delete user interfaces. For more information, see Defining User Interfaces below.
Click OK to save the changes.

Defining User Interfaces

From the WebAccess Application object's Templates page, click Define User Interfaces to display the Define User Interfaces dialog box.

The dialog box includes three tabs:
- User Interfaces: The User Interfaces tab lets you add, modify, and remove user interfaces, as well as determine whether or not GroupWise data added to an interface should be cached on proxy servers. Each interface consists of template files that support a specific content type. For example, the predefined Standard HTML interface uses frame-based HTML templates, located in the frames directory, that support the text/html content type.
- Browser User Agents: The Browser User Agents tab lets you associate a user interface with a Web browser. The association is based on the browser's User Agent information (signature, platform, version, and so forth). For example, if a browser's User Agent information includes "Windows CE" (one of the predefined entries), the WebAccess Application will use the Basic HTML interface (no-frames interface).
- Browser Accept Types: The Browser Accept Types tab lets you associate a user interface with a Web browser. The association is based on the content type the browser will accept. For example, if a browser accepts text/html (one of the predefined entries), the WebAccess Application will use the Standard HTML interface (frames-based interface).
To add, remove, or modify user interfaces, click the User Interfaces tab.

The User Interface list displays all available user interfaces. The list includes the following information:
- User Interface: This column displays the name assigned to the user interface (for example, Standard HTML or Wireless Markup Language).
- Template: This column displays the directory in which the template files are located. Only the directory name is shown. You can append this directory name to the template path shown on the Templates page to see the full template directory path.
- Content Type: This column displays the content type required by the templates (for example, text/html, text/x-hdml, or text/vnd.wap.wml).
- Logout URL: By default, when a user logs out, he or she is returned to the standard login page. When adding or editing the user interface, you can use the logout URL to define a different page. If you do so, this column displays the URL. This URL overrides the logout URL specified on the WebAccess Application object's Environment page (see Modifying the WebAccess Application Environment Settings). It is overridden by the logout URL specified for a trusted server on the WebAccess Application object's Security page (see Securing WebAccess Application Sessions).
Choose from the following options to manage the user interfaces:
- Add: Click Add to add a user interface to the list.
- Edit: Select a user interface in the list, then click Edit to edit the interface's name, template directory, content type, or proxy caching setting.
- Default: Select a user interface in the list, then click Default to make that interface the default interface. The WebAccess Application will use the default interface only if it can't determine the appropriate interface based on the browser's User Agent (Browser User Agent tab) or the browser's accepted content types (Browser Accept Types tab).
- Delete: Select a user interface in the list, then click Delete to remove the interface. This only removes the entry from the list. It does not delete the template files from the template directory.
To associate a user interface with a Web browser based on the browser's User Agent information, click the Browser User Agents tab.

The Browser User Agents tab lets you associate a user interface with a Web browser. The association is based on the browser's User Agent information (signature, platform, version, and so forth). For example, if a browser's User Agent information includes "Windows CE" (one of the predefined entries), the WebAccess Application will use the Basic HTML interface (no-frames interface).

If a browser's User Agent information matches more than one entry in the list, the application uses the first entry. If the browser's User Agent information does not match any entries in the list, the WebAccess Application tries to select an interface based on the content types the browser will accept (Browser Accept Types tab). If no match is made based on the Accept Types information, the WebAccess Application uses the default user interface listed on the User Interfaces tab.

Choose from the following options to manage the associations:
- Add: Click Add to add an entry to the list.
- Edit: Select an entry from the list, then click Edit to edit the entry's information.
- Up: Select an entry from the list, then click Up to move it up in the list. If two entries match the information in a browser's User Agent header, the WebAccess Application uses the interface associated with the first entry listed.
- Down: Select an entry from the list, then click Down to move it down in the list.
- Delete: Select an entry from the list, then click Delete to remove the entry.
To associate a user interface with a Web browser based on the content type that the browser will accept, click the Browser Accept Types tab.

The Browser Accept Types tab lets you associate a user interface with a Web browser. The association is based on the content type the browser will accept. For example, if a browser accepts text/html (one of the predefined entries), the WebAccess Application will use the Standard HTML interface (frames-based interface).

Many browsers accept more than one content type (for example, both text/html and text/plain). If the list contains more than one acceptable content type, the WebAccess Application uses the browser's preferred content type, which is the type that is listed first in the browser's Accept Type header.

If no interface can be determined based on the entries in the list, the WebAccess Application uses the default user interface listed on the User Interfaces tab.

Choose from the following options to manage the associations:
- Add: Click Add to add an entry to the list.
- Edit: Select an entry from the list, then click Edit to edit the entry's information.
- Delete: Select an entry from the list, then click Delete to remove the entry.
Click OK to save your changes and return to the WebAccess Application object's Templates page.

Securing WebAccess Application Sessions

The WebAccess Application includes several settings to help you ensure that users' information is secure. You can:

Specify a period of time after which inactive sessions will be closed. The default is 20 minutes.
Secure sessions through the use of client IP binding or browser session cookies.
Disable information caching by proxy servers and Web browsers.
Enable GroupWise authentication through a trusted server.

To modify the security settings:

In ConsoleOne, right-click the WebAccess Application object, then click Properties.
Click Application > Security to display the Security page.
Modify any of the following fields:
Timeout for Inactive Sessions: When a user logs in, the WebAccess Application opens a session with the user. This option lets you specify a period of time after which the WebAccess Application will close a session that has become inactive. A session becomes inactive when the user does not perform any actions, such as opening a message, that generate calls to the WebAccess Application. Having a timeout period not only provides security for users' e-mail but also ensures that GroupWise WebAccess runs efficiently.

Select how long the WebAccess Application should wait before ending an inactive session. If the user attempts to perform an action after the session has timed out, he or she will be prompted to log in again.
Path for Inactive Sessions: Browse for and select the folder where you want the WebAccess Application to save information about inactive sessions. This allows the WebAccess Application to return the user to the exact state he or she was in when the session timed out. Inactive sessions are automatically deleted after a period of time.

The default path is to the users directory, located in the WebAccess Application's home directory (by default, novell\webaccess\users on the Web server, or /opt/novell/groupwise/webaccess/users on Linux).
Use Client IP in Securing Sessions: Select this option if you want the WebAccess Application to bind the client IP address to the session. For that session, the WebAccess Application will accept requests from the bound IP address only. If you are using a proxy server that masks the client IP address, you should use the Use Cookies option instead.
User Interface/Use Cookies/Disable Caching: You can increase security by using session cookies and disabling caching of WebAccess information. Session cookies and caching are configurable on a per-user interface (template basis). For example, you could use session cookies and disable caching for the Standard HTML interface and not use session cookies or disable caching for the Wireless Markup Language interface.
- Use Cookies: Select this option if you want the WebAccess Application to use a session cookie to secure the user's session. The session cookie, which is created when the user opens the session, ties the session to the browser and ensures that the WebAccess Application will accept session requests from that browser only. The session cookie is held in memory and exists only as long as the user is logged in.
  
  By default, session cookies are enabled for all interfaces, with the exception of the Web Clippings interface, which does not support session cookies.
- Disable Caching: This option affects both Web browser caching and proxy server caching. Because the WebAccess Application sends sensitive mailbox information (such as message text and passwords) to users, caching of files by Web browsers and proxy servers can pose an information security risk.
  
  If you select the Disable Caching option, the WebAccess Application includes a "disable caching" request in the header of each file that it sends. By default, Web browsers honor this request and will not cache files that include the request. Proxy servers, on the other hand, might or might not honor the request, depending on how they are configured. If the proxy server honors the request, the file will not be cached; if it does not honor the request, the file will be cached, regardless of this setting.
Single Sign-On: The WebAccess Application supports authentication to GroupWise using Base64 authentication header credentials generated by a trusted server (for example, a Novell^® iChain^® Authentication Server). The authentication header generated by the trusted server must contain the username and password required to log the user into GroupWise. For this to occur, one of the following conditions must be met:
- The regular GroupWise username and password must match the credentials passed from the trusted server.
  or
- The LDAP authentication credentials used by each POA (if LDAP has been enabled) must match the credentials passed from the trusted server (ConsoleOne > Post Office object > GroupWise tab > Security page).
If the credentials passed from the trusted server match the credentials being used by the GroupWise system, then the GroupWise WebAccess login page is bypassed and the user has immediate access to the requested mailbox.

To specify a trusted server whose authentication header credentials will be accepted by the WebAccess Application, click Add to display the Add Trusted Server Information dialog box, then enter the server's IP address or DNS hostname. For more information about the fields in the Add Trusted Server Information dialog box, click the dialog box's Help button.

Controlling Availability of WebAccess Features

By default, WebAccess users can:

Spell check messages
Search LDAP directories (must be manually enabled on Linux)
Change their GroupWise mailbox passwords
Use Document Management Services
Open attachments in native format (must be manually enabled on Linux)
Open documents in native format (must be manually enabled on Linux)
View attachments in HTML format
View documents in HTML format

All users who log in through a single Web server will have the same feature access. You cannot configure individual user settings. However, if you have multiple Web servers, you can establish different settings for the Web servers by completing the following steps for each server's WebAccess Application.

To configure the WebAccess Application's user settings:

In ConsoleOne, right-click the WebAccess Application object, then click Properties.
Click Application > Settings to display the Settings page.
Configure the following settings:
Spell Check Items: Enable this option if you want users to be able to use the Novell Speller to spell check an item's text before sending the item. Disable this option to remove all Spell Check features from the user interface.
Search LDAP Directories: Enable this option if you have an LDAP server and you want users to be able to search any LDAP address books you have defined. Disable this option to remove all LDAP features from the user interface.
Change Passwords: Enable this option if you want users to be able to change their Mailbox passwords. Disable this option to remove all Password features from the user interface.
Access Document Management: Enable this option if you want users to be able to use the Document Management features. Disable this option to remove all Document Management features from the user interface.
Open Attachments in Native Format: By default, the Save As option enables users to save message attachments to their local drives and then open them in their native applications. You can turn on this option to enable the Open option. The Open option enables users to open message attachments directly in their native applications without first saving the files to the local drive.

This option requires that 1) each user's Web browser knows the correct application or plug-in to associate with the attachment, according to its file extension or MIME type, and 2) the application or plug-in is available to the user. Otherwise, the user will be prompted to save the file to disk or specify the application to open it.

This option and the View Attachments in HTML Format option can both be enabled at the same time. Doing so gives users both the Open option and the View option, which means they have the choice of opening an attachment in its native application or viewing it as HTML.
Open Documents in Native Format: By default, the Save As option enables user to save library documents to their local drives and then open them in their native applications. You can turn on this option to enable the Open option. The Open option enables users to open documents directly in their native applications without first saving the files to the local drive.

This option requires that 1) each user's Web browser knows the correct application or plug-in to associate with the document, according to its file extension or MIME type, and 2) the application or plug-in is available to the user. Otherwise, the user will be prompted to save the file to disk or specify the application to open it.

This option and the View Documents in Native Format option can both be enabled at the same time. Doing so gives users both the Open option and the View option, which means they have the choice of opening a document in its native application or viewing it as HTML.
- Include Only Files With These Extensions: If you want only certain file types to be have the Open option, enter the file types in the Include Only Files With These Extensions field. Include only the extension and separate each extension with a comma (for example, doc, xls, ppt). The Open option will not be available for any file types not entered in this field. This setting applies when opening either library documents or attachments.
View Attachments in HTML Format: Enable this option if you want users to be able to view any type of attachments in HTML format. Disable this option to require users to save an attachment to a local drive and view it in its native application. WebAccess uses Stellent Outside In HTML Export to convert files to HTML format.

For a list of the supported file format conversions, download the following document from the Stellent Web site:

OutSide In Supported Platforms and File Formats

This option and the Open Attachments in Native Format option can both be enabled at the same time. Doing so gives users both the View option and the Open option, which means they have the choice of viewing an attachment as HTML or opening it in its native application.
View Documents in HTML Format: Enable this option if you want users to be able to view library documents in HTML format. Disable this option to require users to save a document to a local drive and view it in its native application. WebAccess uses Stellent Outside In HTML Export to convert files to HTML format.

For a list of the supported file format conversions, download the following document from the Stellent Web site:

OutSide In Supported Platforms and File Formats

This option and the Open Documents in Native Format option can both be enabled at the same time. Doing so gives users both the View option and the Open option, which means they have the choice of viewing a document as HTML or opening it in its native application.
- Exclude Files With These Extensions: If you want to exclude certain file types from having the View option, enter the file types in the Exclude Files With These Extensions field. Include only the extension and separate each extension with a comma (for example, doc, xls, ppt). The View option will be available for any file types not entered in this field. This setting applies when viewing either library documents or attachments.
- Maximum Document View Size: Specify the maximum size file that can be viewed in HTML format. If a file exceeds the maximum size, it must be opened in native format (if allowed) rather than viewed in HTML format. The default maximum size is 1024 KB. This setting applies when viewing either library documents or attachments.
Click OK.