General Settings
The General Settings allow you to manage several basic server configuration settings.
These configuration settings are stored in the Virtual File System (VFS). The settings affect all server instances that share the VFS.
File System Settings
Lock File System - This option allows the VFS to be locked, preventing anyone from making changes to the contents of the Virtual File System. Once your Web services are 'in production', you may wish to prevent developers from changing any Service Definition Files, for example. Note that the server itself will still be able to write to the "/system/logs" subfolders.
Allow Administrator Group Access - This option allows users that are members of the "Administrators" group to make changes to the file system (add, update, delete and rename files) even when the file system is locked. This may be useful to allow Administrators to delete unwanted log files, for example. This option is only relevant when the "Lock File System" option is checked.
Note that user "Administrator" always has access to the file system, even when it is locked.
Authentication Settings
SOAPam Server supports two types of HTTP authentication: Basic and Digest. Authentication is used to verify the identity of a client application user when access to a protected resource is requested. If Basic Authentication is disabled, client applications are forced to use the more secure Digest Authentication. If the client application does not support Digest Authentication, it won't be able to access restricted resources through the Server. You cannot disable both authentication mechanisms.
Disable HTTP Basic Authentication - This option allows Basic authentication forcing client applications to use the more secure Digest Authentication. Basic Authentication is simpler and supported by virtually all client software, but is not very secure -- the user name and password are encoded using a mechanism that is easily reversible. Basic authentication should be disabled unless all communication to the server uses HTTPS. Basic authentication is disabled by default.
Basic Authentication is simpler and supported by virtually all client software, but is not very secure -- the user name and password are encoded using a mechanism that is easily reversible. An eavesdropper on the client session can easily learn the user name and password, which it can reuse to gain access to the server. This option is disabled by default. You should not enable Basic authentication unless all communication uses SSL/TLS.
Disable HTTP Digest Authentication - This option disables Digest authentication. Although not recommended, this might be required to support older client applications that do not support Digest authentication.
Log Settings
Enable HTTP Logging - This option enables or disables the HTTP Logging feature. By default, this feature is turned off.
Enable diagnostic logging - This option enables or disables the diagnostic logging feature. By default, this feature is turned on. If diagnostic logging is disabled, no logs will be produced regardless of any logging setting specified for individual services.