IBM Support

sslConfig setting in wc-rest-security.xml does not properly secure REST services

Technote (troubleshooting)


When using Feature Pack 4, after configuring a REST service to work in SSL only mode using the wc-rest-security.xml configuration file under the Rest.war/WEB-INF/config/ directory, you are still able to make non-SSL requests.

Resolving the problem

There are three different approaches to resolve this issue (choose one):

1. Apply Interim Fix JR45150 (contact support to obtain the Interim Fix).

2. Upgrade to WebSphere Commerce Feature Pack 5.

3. Apply the following workaround available for Feature Pack 4:

Change the following directory name from Rest.war/WebContent/WEB-INF/config/ to Rest.war/WebContent/WEB-INF/config/

Note, this workaround will not work after upgrading to Feature Pack 5 -- you will need to change the ".ext" directory back to "-ext" after applying either Interim Fix JR45150 or Feature Pack 5.

For more information about securing REST services using SSL read this Information Center article: Securing REST services using Secure Sockets Layer (SSL).

Document information

More support for: WebSphere Commerce Enterprise
Component Services / Web Services

Software version: 7.0

Operating system(s): Windows

Software edition: All Editions

Reference #: 1607025

Modified date: 08 January 2013

Translate this page: