Troubleshooting
Problem
How to restrict access to API Tester in a production environment?
Symptom
In a production environment, if the API Tester JSP files are included in the EAR file, then access to the API Tester cannot be restricted. In a production environment, businesses will want only a very few select users to have access to the API Tester. This can be achieved by customizing web.xml and configuring user credentials at the application server level.
In MCFS 8.5, this customization is not needed as there is out of box functionality to prompt for user credentials, which can be turned off in not required.
Resolving The Problem
1. Copy web.xml.sample present in <INSTALL_DIR>/repository/eardata/yantra/extn folder and rename it to web.xml.
2. Make changes in web.xml present in <INSTALL_DIR>/repository/eardata/yantra/extn folder.
<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>SecurePages</web-resource-name>
<description>Security
constraint</description>
<url-pattern>/interop/InteropHttpServlet</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>Only let
Restricted User login</description>
<role-name>Operator</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>defaultWIMFileBasedRealm</realm-name>
</login-config>
<security-role>
<description>The only secure role</description>
<role-name>Operator</role-name>
</security-role>
3. Configure credentials for user at the application server level.
4. Build EAR and deploy it.
After doing the above configuration, whenever a user tries
to access the API tester, a pop up will come up asking for user credentials.
User will be able to access the API Tester only if valid credentials are
provided.
Historical Number
NFX8451
Product Synonym
[<p><b>]Function Area[</b><p>];API Tester;[<p><b>]Severity[</b><p>];Normal;[<p><b>]Type[</b><p>];NormalFix
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21557084