When using Feature Pack 4, after configuring a REST service to work in SSL only mode using the wc-rest-security.xml configuration file under the Rest.war/WEB-INF/config/com.ibm.commerce.rest-ext directory, you are still able to make non-SSL requests.
Resolving the problem
There are three different approaches to resolve this issue (choose one):
1. Apply Interim Fix JR45150 (contact support to obtain the Interim Fix).
2. Upgrade to WebSphere Commerce Feature Pack 5.
3. Apply the following workaround available for Feature Pack 4:
Change the following directory name from Rest.war/WebContent/WEB-INF/config/com.ibm.commerce.rest-ext to Rest.war/WebContent/WEB-INF/config/com.ibm.commerce.rest.ext
Note, this workaround will not work after upgrading to Feature Pack 5 -- you will need to change the ".ext" directory back to "-ext" after applying either Interim Fix JR45150 or Feature Pack 5.
For more information about securing REST services using SSL read this Information Center article: Securing REST services using Secure Sockets Layer (SSL).
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.