Skip Headers
Oracle® Universal Content Management
10g Release 3 (10.1.3.3.3)
 Go To Table Of Contents
Contents		 Go To Index
Index
Previous
Previous 		 Next
Next

Enabling CIS Administration Application Security

By default, the CIS Administration Application has no security. Enabling security provides a login screen.


Note:

The system administrator may need to modify these steps, depending on the configuration of the particular application server environment.

Follow these steps to enable security:

  1. If you have not already done so, unbundle the CIS distribution file.

  2. Unbundle the CIS Admin Web WAR file (e.g., cis-admin-web-10g.war depending on version number). To avoid confusion with other files, you may want to create a sub-directory named unbundled-admin-web-war and unbundle to that location.

  3. In the WEB-INF directory, open the web.xml file in a text-only editor.

  4. In the web.xml file, add security-constraint and security-role information. Depending on your application server, these entries may vary.

    Example:

    <security-constraint>
  <web-resource-collection>
    <web-resource-name>staticfiles</web-resource-name>
    <url-pattern>/ui/resources/*</url-pattern>
  </web-resource-collection>
</security-constraint>

<security-constraint>
  <web-resource-collection>
    <web-resource-name>secure</web-resource-name>
    <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
    <role-name>CISAdministrator</role-name>
  </auth-constraint>
</security-constraint>

<login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
    <form-login-page>/login.do</form-login-page>
    <form-error-page>/login.do</form-error-page>
</login-config>

<security-role>
  <description>CIS Administrator</description>
  <role-name>CISAdministrator</role-name>
</security-role>

  5. Change the default security role-name entries (optional step).

    <role-name>CISAdministrator</role-name>

    When you access the CIS Administration Application, you will encounter a login screen. Only those assigned the defined security role-name will be allowed access. You will need to create this role in your application server and assign it to the appropriate users. Consult your application server documentation for more details.

  6. Save the web.xml file.

  7. Rebundle CIS Admin Web WAR file (including the edited web.xml file). If you followed the steps above, this would be the contents of the unbundled-admin-web-war directory.

For WebSphere only, if you have enabled Global Security, do not check the Enforce Java 2 Security option.

Previous
Previous 		 Next
Next		 Go To Table Of Contents
Contents		 Go To Index
Index