1. Security Guide
  2. Remove Inbound HTTP Basic Authentication Support for External Integration End Points

Remove Inbound HTTP Basic Authentication Support for External Integration End Points

By default, most of the non-UI, non-OAUTH2 external integration http request end points support HTTP Basic Authentication.

You need to configure the application to stop all or any particular Inbound Integration End Points from using the HTTP Basic Authentication method. This ability can be configured to stop all, stop based on the integration type, and stop based on specific HTTP application endpoint.

It is strongly recommended to restrict all Inbound Integration End Points from using the HTTP Basic Authentication method if they are not being used or the support is not required.

List of options to stop the Inbound Integration End Points using the HTTP Basic Authentication:
  • Stop All globally
  • Stop based on individual HTTP Resource Use Case
    • glog.integration.servlet.BatchCSVUtilServlet
    • glog.integration.servlet.DBXMLServlet
    • glog.integration.servlet.DirLoadServlet
    • glog.integration.servlet.ExternalSystemServlet
    • glog.integration.servlet.TransformerServlet
    • glog.integration.servlet.WMServlet
    • gtm.integration.aes.servlet.AESFilingResponseServlet
    • gtm.integration.itm.servlet.ITMIntegrationServlet
    • resources-int
    • data-int
    • api
    • int-api
  • Stop based on type of HTTP application request
    • Servlet
    • Rest

Properties to Control the HTTP Basic Authentication Support for Inbound Integration End Points

Properties to Control the HTTP Basic Authentication Support for Inbound Integration End Points

Property Description Default Value Values
glog.security.basicAuth.on Controls HTTP Basic Authentication for all types of application HTTP requests. true true|false
glog.security.basicAuth.useCase.glog.integration.servlet.BatchCSVUtilServlet.on Controls HTTP Basic Authentication for glog.integration.servlet.BatchCSVUtilServlet application use cases of HTTP requests. true true|false
glog.security.basicAuth.useCase.glog.integration.servlet.DBXMLServlet.on Controls HTTP Basic Authentication for glog.integration.servlet.DBXMLServlet application use cases of HTTP requests. true true|false
glog.security.basicAuth.useCase.glog.integration.servlet.DirLoadServlet.on Controls HTTP Basic Authentication for glog.integration.servlet.DirLoadServlet application use cases of HTTP requests. true true|false
glog.security.basicAuth.useCase.glog.integration.servlet.ExternalSystemServlet.on Controls HTTP Basic Authentication for glog.integration.servlet.ExternalSystemServlet application use cases of HTTP requests. true true|false
glog.security.basicAuth.useCase.glog.integration.servlet.TransformerServlet.on Controls HTTP Basic Authentication for glog.integration.servlet.TransformerServlet application use cases of HTTP requests. true true|false
glog.security.basicAuth.useCase.glog.integration.servlet.WMServlet.on Controls HTTP Basic Authentication for glog.integration.servlet.WMServlet application use cases of HTTP requests. true true|false
glog.security.basicAuth.useCase.gtm.integration.aes.servlet.AESFilingResponseServlet.on Controls HTTP Basic Authentication for gtm.integration.aes.servlet.AESFilingResponseServlet application use cases of HTTP requests. true true|false
glog.security.basicAuth.useCase.gtm.integration.itm.servlet.ITMIntegrationServlet.on Controls HTTP Basic Authentication for gtm.integration.itm.servlet.ITMIntegrationServlet application use cases of HTTP requests. true true|false
glog.security.basicAuth.useCase.resources-int.on Controls HTTP Basic Authentication for resources-int application use cases of HTTP requests. true true|false
glog.security.basicAuth.useCase.data-int.on Controls HTTP Basic Authentication for data-int application use cases of HTTP requests. true true|false
glog.security.basicAuth.useCase.api Controls HTTP Basic Authentication for api application use cases of HTTP requests. true true|false
glog.security.basicAuth.useCase.int-api Controls HTTP Basic Authentication for int-api application use cases of HTTP requests. true true|false
glog.security.basicAuth.type.Servlet.on Controls HTTP Basic Authentication for Servlet types of application HTTP requests. true true|false
glog.security.basicAuth.type.Rest.on Controls HTTP Basic Authentication for Rest types of application HTTP requests. true true|false