> Oracle WebCenter Interaction Administrator Guide > Configuring Advanced Properties in the Portal Configuration Files > Modifying the portalconfig.xml File > Security

Oracle WebCenter Interaction Administrator Guide

     Previous Next  Open TOC in new window   View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Security

The following configuration parameter applies to security.

Parameter Description
SecurityMode This setting determines which pages will use SSL encryption. You must install a digital certificate and enable SSL on your Web server before changing the default value of 0.
Note: Changing the security mode affects the URL Mapping. For more information, see Appendix A, “Configuring Advanced Properties and Logging.”???

  • 0: The portal does not check the security of incoming requests.

    In mode 0, ApplicationURL0 and SecureApplicationURL0 may be equal to “*”. In this case, the Application Base URL will be the base URL from the Request object.

  • 1: Selected pages that involve sensitive information such as passwords use SSL, while other pages are sent unencrypted for better performance.

    Only pages of Activity Spaces listed in SecureActivitySpaces.xml (which is located in the same folder as portalconfig.xml) are sent through HTTPS.

    The portal verifies that links and redirections to Secure Activity Spaces uses HTTPS. If a secure Activity Space were requested through a non-secure URL, the portal would redirect the same request to HTTPS.

    If XPRequest.GetRequestURL() is equal to URLFromRequest0, ApplicationURL0 and SecureApplicationURL0 might both be the Application Base URL, depending on the security of the Activity Space.

    You must install a digital certificate and enable SSL on your Web server.

  • 2: Every page uses SSL.The portal verifies that every single incoming request uses HTTPS. If it does not, the portal will redirect this request to HTTPS. This setting is best for very secure applications where performance is not a major concern.

    If the URL from the Request object is equal to URLFromRequest0, SecureApplicationURL0 will be the Application Base URL.

    URLFromRequest0 has to be equal to “*”. This is the default entry. It will be used if no mapping entry matched the URL from the Request object.

    You must install a digital certificate and enable SSL on your Web server.

  • 3: Select this mode if you are using an SSL Accelerator. Because the portal is behind an SSL Accelerator, the security of the incoming requests is not verified. The portal trusts every request from the SSL Accelerator. All the links and redirections are in HTTPS.

    If URL from the Request object is equal to URLFromRequest0, SecureApplicationURL0 will be the Application Base URL.

    URLFromRequest0 has to be equal to “*”. This is the default entry. It will be used if no mapping entry matched the URL from the Request object.

    You must install a digital certificate and enable SSL on your Web server.
Parent topic: Modifying the portalconfig.xml File

  Back to Top      Previous Next