IBM Enterprise Records, Version 5.1.+              

Optionally adding support for SSL (CMA with SSL redirect)

If IBM® Enterprise Records web application is automatically configured with the Container Manager Authentication (CMA) option, and you want to use Secure Socket Layer (SSL) with the redirect option, then perform the following procedures, depending on your application server, to enable SSL for your IBM Enterprise Records web application by updating its web.xml file. These steps are not required for full SSL environments.

  1. WebSphere: Modify the web.xml file in the ier_install_path/RecordsManager/WEB-INF directory:
    1. Make a backup copy of the web.xml file. The default file location is:
      ier_install_path/RecordsManager/WEB-INF/web.xml
    2. Copy the <security_constraint> section, as shown in the next step, and paste the new copied section directly after the original.
    3. Make changes to the newly inserted <security_constraint> section as follows (changes in bold): Change from:
      <security-constraint>
        	<web-resource-collection>
            <web-resource-name>action</web-resource-name>
            <description>Define the container secured resource</description>
            <url-pattern>/</url-pattern>
            <url-pattern>/*</url-pattern>
      		</web-resource-collection>
        	<auth-constraint>
            <role-name>All Authenticated</role-name>
        	</auth-constraint>
        	<user-data-constraint>
            <description>User data constraints</description>
            <transport-guarantee>NONE</transport-guarantee>
        	</user-data-constraint>
      </security-constraint>
      to:
      <security-constraint>
        <web-resource-collection>
          <web-resource-name>action</web-resource-name>
            <description>Define the container secured resource</description>
            <url-pattern>ContainerLogin.jsp</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>All Authenticated</role-name>
        </auth-constraint>
        <user-data-constraint>
            <description>User data constraints</description>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
      </security-constraint>
      The change also removes the second occurrence of this line:
      <url-pattern>/*</url-pattern>
    4. Save your changes to the web.xml file.
  2. WebLogic and JBoss: Modify the web.xml file in the <ier_install_path>/RecordsManager/WEB-INF directory:
    1. Make a backup copy of the web.xml file. The default file location is:
      ier_install_path/RecordsManager/WEB-INF/web.xml
    2. In the <security_constraint> section, change the parameter, as follows, from
      <user-data-constraint>
          <description>User data constraints</description>
          <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      to:
      <user-data-constraint>
          <description>User data constraints</description>
          <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
    3. Save your changes to the web.xml file.


Feedback

Last updated: August 2011


© Copyright IBM Corporation 2011.
This information center is powered by Eclipse technology. (http://www.eclipse.org)