39.4 Securing Web Service Connections

Web Services in Vibe allow third-party applications to integrate with your Vibe system. To increase the security of your Vibe site, you can configure Vibe to allow only secure applications to integrate with Vibe. This section does not attempt to describe how to write a third-party application that supports HTTPS. Instead, this section describes how to configure your Vibe system to prevent non-secure third-party applications from connecting with Vibe.

To prevent non-secure third-party applications from connecting with your Vibe system:

  1. Log in to the Vibe server with sufficient rights to edit the web.xml files (root on Linux, Administrator on Windows).

  2. Modify the web.xml file under the ssr directory:

    1. Change to the directory where the web.xml file is located.

      Linux:

      /opt/novell/teaming/apache-tomcat/
                                             webapps/ssr/WEB-INF
      

      Windows:

      c:\Program Files\Novell\Teaming\apache-tomcat\
                                             webapps\ssr\WEB-INF
      
    2. Make a backup copy of the web.xml file, then open the web.xml file in a text editor.

    3. Add the following security constraint at the bottom of the file, immediately above the </web-app> tag.

      <security-constraint>
        <web-resource-collection>
          <web-resource-name>Entire Application</web-resource-name>
          <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
          <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
      </security-constraint>
      
    4. Save the modified web.xml file, then exit the text editor.