Restrict REST Access to the HTTPS Port

In a production environment, you should restrict REST access to a secure port. To do so, make the following changes to a default installation:

  • Edit your project's conf/jetty.xml configuration file.

    Comment out or delete the <Call name="addConnector"> code block that includes the openidm.port.http property. Keep the <Call name="addConnector"> code blocks that contain the openidm.port.https and openidm.port.mutualauth properties.

    Set the openidm.port.https and openidm.port.mutualauth port numbers in the resolver/boot.properties file.

  • Edit your project's conf/config.properties file.

    Set the org.osgi.service.http.enabled property to false, as shown in the following excerpt:

    # Enable pax web http/https services to enable jetty
    org.osgi.service.http.enabled=false
    org.osgi.service.http.secure.enabled=true

Use a certificate to secure REST access, over HTTPS. You can use self-signed certificates in a test environment. In production, all certificates should be signed by a certificate authority. The examples in this guide assume a CA-signed certificate named ca-cert.pem.

Read a different version of :