sslConfig setting in wc-rest-security.xml does not properly secure REST services
When using Feature Pack 4, after configuring a REST service to work in SSL only mode using the wc-rest-security.xml configuration file under the Rest.war/WEB-INF/config/com.ibm.commerce.rest-ext directory, you are still able to make non-SSL requests.
Resolving the problem
There are three different approaches to resolve this issue (choose one):
1. Apply Interim Fix JR45150 (contact support to obtain the Interim Fix).
2. Upgrade to WebSphere Commerce Feature Pack 5.
3. Apply the following workaround available for Feature Pack 4:
Change the following directory name from Rest.war/WebContent/WEB-INF/config/com.ibm.commerce.rest-ext to Rest.war/WebContent/WEB-INF/config/com.ibm.commerce.rest.ext
Note, this workaround will not work after upgrading to Feature Pack 5 -- you will need to change the ".ext" directory back to "-ext" after applying either Interim Fix JR45150 or Feature Pack 5.
For more information about securing REST services using SSL read this Information Center article: Securing REST services using Secure Sockets Layer (SSL).
More support for:
WebSphere Commerce Enterprise
Component Services / Web Services
Software version: 7.0
Operating system(s): Windows
Software edition: All Editions
Reference #: 1607025
Modified date: 08 January 2013