IBM Enterprise Records, Version 5.1.2   

Optionally adding support for SSL (CMA with SSL redirect)

If IBM® Enterprise Records web application is automatically configured with the Container Manager Authentication (CMA) option, use Secure Socket Layer (SSL) with the redirect option.

About this task

Perform the following procedures, depending on your application server, to enable SSL for your IBM Enterprise Records web application by updating its web.xml file. These steps are not required for full SSL environments.

Procedure

To enable SSL:

  1. WebSphere: Modify the web.xml file in the ier_install_path/RecordsManager/WEB-INF directory:
    1. Make a backup copy of the web.xml file. The default file location is:
      ier_install_path/RecordsManager/WEB-INF/web.xml
    2. Copy the <security_constraint> section, as shown in the next step, and paste the new copied section directly after the original.
    3. Change the newly inserted <security_constraint> section as follows (changes in bold): Change from:
      <security-constraint>
        	<web-resource-collection>
            <web-resource-name>action</web-resource-name>
            <description>Define the container secured resource</description>
            <url-pattern>/</url-pattern>
            <url-pattern>/*</url-pattern>
      		</web-resource-collection>
        	<auth-constraint>
            <role-name>All Authenticated</role-name>
        	</auth-constraint>
        	<user-data-constraint>
            <description>User data constraints</description>
            <transport-guarantee>NONE</transport-guarantee>
        	</user-data-constraint>
      </security-constraint>
      to:
      <security-constraint>
        <web-resource-collection>
          <web-resource-name>action</web-resource-name>
            <description>Define the container secured resource</description>
            <url-pattern>ContainerLogin.jsp</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>All Authenticated</role-name>
        </auth-constraint>
        <user-data-constraint>
            <description>User data constraints</description>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
      </security-constraint>
      The change also removes the second occurrence of this line:
      <url-pattern>/*</url-pattern>
    4. Save your changes to the web.xml file.
  2. WebLogic and JBoss: Modify the web.xml file in the <ier_install_path>/RecordsManager/WEB-INF directory:
    1. Make a backup copy of the web.xml file. The default file location is:
      ier_install_path/RecordsManager/WEB-INF/web.xml
    2. In the <security_constraint> section, change the parameter, as follows, from
      <user-data-constraint>
          <description>User data constraints</description>
          <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      to:
      <user-data-constraint>
          <description>User data constraints</description>
          <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
    3. Save your changes to the web.xml file.


Feedback

Last updated: November 2013
frmin002.htm

© Copyright IBM Corporation 2013