Thursday, July 3, 2014

Secure ATG BCC



  1. Use ProtocolSwitchServlet in the Servlet Pipeline that intercepts the request
  2. If the page request is made from a non-SSL port (port 80 or 8180 or 8840), then the same page request is made from its SSL equivalent (port 443 or 9443 or 8843, respectively).
  3. The http port number, and their SSL equivalent https port number are properties so that they are configurable through a Configuration.properties file.
  4. Open the command console on whatever operating system you are using and navigate to the directory where keytool.exe is located
    • Run the following command (where validity is the number of days before the certificate will expire):
    keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
    • Fill in the prompts for your organization information. When it asks for your first and last name, enter the domain name of the server that users will be entering to connect to your application (e.g. www.google.com)
  5.  This new certificate needs to copy to the $JBOSS_HOME//server/pub/conf location
  6. The server.xml under $JBOSS_HOME/server/pub/deploy/jbossweb.sar will need to be modified to enable ssl.Please make sure that the following changes  are correct in server.xml
    1. <Connector protocol="HTTP/1.1" port="8180" address="${jboss.bind.address}"                connectionTimeout="20000" redirectPort="8543" /><Connector protocol="AJP/1.3" port="8109" address="${jboss.bind.address}"         redirectPort="8543" /><Connector protocol="HTTP/1.1" SSLEnabled="true"            port="8543" address="${jboss.bind.address}"           scheme="https" secure="true" clientAuth="false"            keystoreFile="${jboss.server.home.dir}/conf/keystore"           keystorePass="changeit" sslProtocol = "TLS" />
  7. Cofigurations
      • /servlet/dafpipeline/ProtocolSwitchServlet
        • $class=ProtocolSwitchServlet
        • insertAfterServlet=/atg/dynamo/servlet/dafpipeline/DynamoServlet
        • httpPort^=/atg/dynamo/Configuration.siteHttpServerPort
        • httpsPort^=/atg/dynamo/Configuration.httpsPort 
  8. Add ProtocolSwitchServlet in to initial.proprties
  9. Java Source
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

public class ProtocolSwitchServlet extends InsertableServletImpl {
 private static fina String SECURE_PROTOCOL= "https"
 public void service(DynamoHttpServletRequest pRequest,
                    DynamoHttpServletResponse pResponse) 
                    throws IOException, ServletException {
  
            if ((pRequest.getScheme() != null) 
                && !pRequest.getScheme().equalsIgnoreCase(SECURE_PROTOCOL)) {
                
  final final StringBuilder secureUrl = new StringBuilder(SECURE_PROTOCOL);
  final int httpsPort = this.getHttpsPort();//This value is taking Configuration.properties
  secureUrl.append("://");
  secureUrl.append(this.serverName);;//This value is taking Configuration.properties
         if (httpsPort != 0)) {
   secureUrl.append(":" + httpsPort);
  }
  secureUrl.append(pUrl);
  final String redirectURL = secureUrl.toString();
  pResponse.sendRedirect(pResponse.encodeRedirectURL(redirectURL));
            }else{
             this.passRequest(pRequest, pResponse);
         }
  }
}

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)