To make HTTPS Redirect work on WLP, following points should be taken care of:-
- Add users, roles, and passwords in
server.xml
of WLP. - Bind the application to the security role.
- Add appSecurity-2.0 feature in
server.xml
of WLP. - Add following tags in
web.xml
<login-config>
<security-constraint>
<security-constraint><web-resource-name></security-constraint>
<security-constraint><auth-constraint></security-constraint>
<security-constraint><user-data-constraint></security-constraint>
Below are the steps in detail:-
1. Add users, roles, and passwords in server.xml
of WLP.
<basicRegistry id="MyRegistry">
<user password="{xor}Mjo6MT4z" name="anuroop" />
<group name="MyGroup">
<member name="anuroop" />
</group>
</basicRegistry>
2. Bind the application to the security role.
<application id="Hello.app" location="Hello.app.eba" name="Hello.app" type="eba">
<application-bnd>
<security-role name="Manager">
<group name="MyGroup" />
</security-role>
</application-bnd>
</application>
3. Add appSecurity-2.0 feature in server.xml
of WLP.
<featureManager>
<feature>appSecurity-2.0</feature>
</featureManager>
4.1, 4.2, 4.3, 4.4, 4.5
<login-config>
<auth-method>FORM</auth-method>
<realm-name>BasicRegistry</realm-name>
<form-login-config>
<form-login-page>/Login.jsp</form-login-page>
<form-error-page>/LoginError.jsp</form-error-page>
</form-login-config>
</login-config>
<security-constraint>
<display-name>HTTPS Redirect Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Sample Web Service service</web-resource-name>
<url-pattern>/Hello</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Manager</role-name>
</auth-constraint>
<user-data-constraint>
<description>Ensure to allow only confidential communication</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>