Content Platform Engine, Version 5.2.1       Application server:  JBOSS Application Server     

Strengthening Content Platform Engine server security under JBoss Application Server

In FileNet® P8 environments the Content Platform Engine server assumes that a user's short name passed to it by means of an IIOP request from Application Engine, Workplace XT, or an associated custom application has been properly authenticated and can be trusted.

About this task

WebSphere® Application Server and Oracle WebLogic Suite have mechanisms such as Lightweight Third-Party Authentication (LTPA) keys to secure IIOP communications, which establishes this sort of trust relationship between Java™ Virtual Machines (JVMs). However, because JBoss Application Server has no such feature to prevent unauthenticated access, a security risk is exposed between the Content Platform Engine JVM and the calling application's JVM.

To mitigate the risk of passing unauthenticated user short names to Content Platform Engine server under JBoss Application Server, place a firewall on the Content Platform Engine server to allow only trusted JVMs associated with Application Engine, Workplace XT, or custom applications to connect to the Content Platform Engine JVM IIOP port.



Last updated: March 2016
p8ppu000.htm

© Copyright IBM Corporation 2013, 2016.