Spring 2020 has brought along a new version of UXP Connector from Cybernetica’s Data Exchange Technologies team. Version 1.6 of Connector was launched on 30th April and it introduces both new functionality and smaller improvements.
The main focus of the latest UXP Connector release is security. Although it is expected that UXP Connector is installed within an organization’s local network and the connection between a Connector and the outside world is governed by security server security features, it is still vital to pay attention to guarding communication between the security server and the Connector. It is important to control the requests to valuable information in the databases attached to Connector from both the Internet and the internal network.
Figure 1. UXP Connector with two client systems: UXP Security Server and SoapUI
For this reason, the already existing TLS authentication support underwent updates to make setting up trusted communication between security server and Connector more effortless and transparent. The improvements extend simultaneously to other client systems used to connect to Connector, for example the testing tool SoapUI.
Previously, in order to set up a mutually authenticated TLS connection between a security server and a Connector, the security server internal certificate had to be uploaded to the Connector along with a security server client subsystem code. With the new update, the focus in communication partner certification has moved from approving subsystems to approving security servers. The security server certificate will now apply to all connections from that security server, not only for the previously specified subsystem. This means that a security server certificate has to be uploaded to Connector once and each security server connection to Connector has its own certificate.
Figure 2. Connection Security page allows to manage secure TLS connections
Connector administrators can now turn on and off the client system authentication. By default, the client authentication is turned on, but in case there is a need to turn the authentication off, Connector administrator can change the security mode in the configuration files. The security mode, in essence the fact whether Connector authenticates the incoming service requests, is displayed in the Connection Security page.
In case a security server must verify that it is connecting to a credible UXP Connector, the Connector certificate can now be downloaded directly from the Connection Security page and uploaded to the security server. As opposed to the previous solution where the certificate file was available only through the command line interface.
In case there is a need to make service requests to Connector from a testing or development tool, e.g., SoapUI, during UXP Connector trainings or service development process, DXT team has added functionality to generate and export a keystore for the tool directly in Connector. Connector will auto-save the accompanying trusted certificate and all a developer has to do is upload the password protected keystore to the tool they wish to use.
Figure 3. Keystore for testing tools can be generated in a few clicks
One more update related to protecting information stored in the databases adds means to monitor the test queries performed through Connector user interface. Test queries are now logged to the query log similarly to queries triggered by external service requests. Due to this update, the query log contains now queries from two different sources. Users can filter queries by request source to distinguish between the internal test queries and external queries.
Figure 4. Query Log can be used to monitor both external and internal test queries
Version 1.6 introduces a new feature regarding running internal test queries in Connector. Previously, all performed test queries were committed to the database, meaning that statements like INSERT, UPDATE, DELETE and so on possibly changed the contents of the database. The new solution causes Connector to by default perform rollbacks in the end of the test queries so the database is not modified. Users can choose before making the request to override the default behavior and keep the changes.
Figure 5. Test queries do not modify the database unless explicitly requested
What’s more, UXP Connector 1.6 takes over the user management logic from UXP Core, meaning that Connector users are now handled as UNIX users that belong to a special group. Managing Connector users requires root privileges in the server where the Connector is running.
The 1.6 release includes a collection of smaller changes:
- small usability improvements in user interface, like placeholders and changed default sorting;
- fixed bugs in the user interface;
- bugfix in service processing: no error is returned to a client now when an optional file is missing;
- bugfix in service processing: empty file is now accepted as mandatory input;
- better processing of nested elements;
- Connector uses now c3p0 library for connection pooling between Connector and database.