Removing access to the EGL Rich UI Proxy servlet

If your Rich UI application does not call Web SOAP or REST services, the EGL Rich UI Proxy will not be used. In this case, you have three options:
  1. Remove the EGL Rich UI Proxy servlet from the web.xml of your deployed project so a third party cannot access it.
  2. Use JEE basic authentication to secure the proxy.
  3. Leave the proxy unsecured.

Option 1 is the best option for EGL. It is simple and removes all security risks that are related to the proxy, as described in EGL Rich UI Proxy. Option 2 is valid, but it requires more work from the EGL developer or a security administrator. For directions on how to use JEE basic authentication to secure the EGL Riche UI Proxy, see JEE security example. If you choose Option 3, you leave the EGL Rich UI Proxy vulnerable to security threats.

To remove access to the EGL Rich UI Proxy:
  1. Double-click on the deployment descriptor (WebContent/WEB-INF/web.xml) of your deployed Web project to open it with the Deployment Descriptor Editor.
  2. Click the Servlets tab.
  3. In the Servlets and JSPs pane, click EGLRichUIProxy.
  4. In the URL Mappings pane, select /___proxy->EGLRichUIProxy.
  5. Click Remove.
  6. Save your changes and exit the Deployment Descriptor Editor.

If you want to invoke Web services from your Rich UI application later, edit the web.xml and add a servlet URL mapping into EGLRichUIProxy by using the URL pattern /___proxy.


Feedback