sslConfig setting in wc-rest-security.xml does not properly secure REST services

Technote (troubleshooting)


Problem(Abstract)

When using Feature Pack 4, after configuring a REST service to work in SSL only mode using the wc-rest-security.xml configuration file under the Rest.war/WEB-INF/config/com.ibm.commerce.rest-ext directory, you are still able to make non-SSL requests.

Resolving the problem

There are three different approaches to resolve this issue (choose one):

1. Apply Interim Fix JR45150 (contact support to obtain the Interim Fix).

2. Upgrade to WebSphere Commerce Feature Pack 5.

3. Apply the following workaround available for Feature Pack 4:

Change the following directory name from Rest.war/WebContent/WEB-INF/config/com.ibm.commerce.rest-ext to Rest.war/WebContent/WEB-INF/config/com.ibm.commerce.rest.ext

Note, this workaround will not work after upgrading to Feature Pack 5 -- you will need to change the ".ext" directory back to "-ext" after applying either Interim Fix JR45150 or Feature Pack 5.

For more information about securing REST services using SSL read this Information Center article: Securing REST services using Secure Sockets Layer (SSL).


Rate this page:

(0 users)Average rating

Document information


More support for:

WebSphere Commerce Enterprise
Component Services / Web Services

Software version:

7.0

Operating system(s):

Windows

Software edition:

All Editions

Reference #:

1607025

Modified date:

2013-01-08

Translate my page

Machine Translation

Content navigation