Enforce the Usage of SSL

3.1.1 Enforce the Usage of SSL

This topic provides information on enforce the usage of SSL.

The Oracle FLEXCUBE Installer allows a deployer to configure Oracle FLEXCUBE Investor Servicing such that all HTTP connections to Oracle FLEXCUBE Investor Servicing application are over SSL/TLS. In other words, all HTTP traffic in the clear will be prohibited; only HTTPS traffic will be allowed. It is highly recommended to enable this option is a production environment, especially when WebLogic Server acts as the SSL terminator.

Ensure that the following snippet of code is present in the web.xml file of Oracle FLEXCUBE IS web module i.e. in FCJNeoWeb.war.


<security-constraint>      
        <web-resource-collection>             
        <web-resource-name>FLEXCUBE UBS</web-resource-name>             
        <description>All endpoints secured</description>             
        <url-pattern>/*</url-pattern>      
     </web-resource-collection>      
     <user-data-constraint>            
             <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
</security-constraint>

Parent topic: Securing the Oracle FLEXCUBE Investor Servicing Application