If your Rich UI application
does not
call Web SOAP or REST services,
the EGL Rich UI Proxy will not be used. In this case, you have three
options:
- Remove the EGL Rich UI Proxy servlet from the web.xml
of your
deployed project so a third party cannot access it.
- Use
JEE basic authentication to secure the proxy.
- Leave the proxy
unsecured.
Option 1 is the best option for EGL.
It is simple and removes all
security risks that are related to the proxy, as described in EGL
Rich UI Proxy. Option 2 is valid, but it requires more work from
the EGL developer or a security administrator. For directions on how
to use JEE basic authentication to secure the EGL Riche UI Proxy,
see JEE security example. If you choose Option 3, you leave
the EGL Rich UI Proxy vulnerable to security threats.
To remove
access to the EGL Rich UI Proxy:
- Double-click on the deployment
descriptor (WebContent/WEB-INF/web.xml)
of your deployed Web project to open it with the Deployment Descriptor
Editor.
- Click the Servlets tab.
- In the Servlets and JSPs pane, click EGLRichUIProxy.
- In the URL Mappings pane, select /___proxy->EGLRichUIProxy.
- Click Remove.
- Save your changes
and exit the Deployment Descriptor Editor.
If you
want to invoke Web services from your Rich UI application
later, edit the web.xml and add a servlet URL
mapping into EGLRichUIProxy by using the URL pattern /___proxy.