IBM Support

How to restrict access to API Tester in a production environment?

Troubleshooting


Problem

How to restrict access to API Tester in a production environment?

Symptom

In a production environment, if the API Tester JSP files are included in the EAR file, then access to the API Tester cannot be restricted. In a production environment, businesses will want only a very few select users to have access to the API Tester. This can be achieved by customizing web.xml and configuring user credentials at the application server level.

In MCFS 8.5, this customization is not needed as there is out of box functionality to prompt for user credentials, which can be turned off in not required.

Resolving The Problem

1. Copy web.xml.sample present in <INSTALL_DIR>/repository/eardata/yantra/extn folder and rename it to web.xml.

2. Make changes in web.xml present in <INSTALL_DIR>/repository/eardata/yantra/extn folder.

<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>SecurePages</web-resource-name>
<description>Security constraint</description>
<url-pattern>/interop/InteropHttpServlet</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>Only let Restricted User login</description>
<role-name>Operator</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>defaultWIMFileBasedRealm</realm-name>
</login-config>
<security-role>
<description>The only secure role</description>
<role-name>Operator</role-name>
</security-role>

3. Configure credentials for user at the application server level.

4. Build EAR and deploy it.

After doing the above configuration, whenever a user tries to access the API tester, a pop up will come up asking for user credentials. User will be able to access the API Tester only if valid credentials are provided.

[{"Product":{"code":"SS6PEW","label":"IBM Sterling Order Management"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":"Not Applicable","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

Historical Number

NFX8451

Product Synonym

[<p><b>]Function Area[</b><p>];API Tester;[<p><b>]Severity[</b><p>];Normal;[<p><b>]Type[</b><p>];NormalFix

Document Information

Modified date:
16 June 2018

UID

swg21557084

Page Feedback