While m-Power offers many types of built-in security options within the development interface, you may occasionally want to offer increased security in the interface based on your individual needs. You can do so by adding additional Tomcat security to the corresponding interface screens. For instance, within the Messaging and Scheduled Task utility, you might want users to be allowed to scheduled messages– but not maintainers or summaries. In this situation, you could enable Tomcat security so that users have access to the utility, but not to maintainers or summaries.
This document will walk through adding Tomcat security to both the Manage CSS/HTML/XML Files screen and the Manage Promotion Locations screen in the Promote to Production Utility. However, this functionality can be enabled for any screen within the m-Power development interface.
Tomcat security is used by default when turning on the security options within the Application Menu and Security screen, as well as when accessing the Tomcat Probe utility. When clicking on the buttons to open these features, the user is prompted to authenticate:
Selecting the Protected URL
For more on setting the Tomcat credentials, see here. This security can be added to any screen within the m-Power interface. To do so, first navigate to whichever screen you want to secure. Then note the URL used to access that screen.
For instance, if I wanted to secure the Manage CSS/HTML/XML files screen within the promote to production utility, the URL would be IPADDRESS:PORT/webapp/mrc/servlet/MRCXPROM.M00070s. In this case, the important part of the URL that must be remembered is MRCXPROM.M00070s.
Enabling the Security
Next, you must edit the web.xml file to enable the security. This file is located in /m-power/tomcat/conf/web.xml. Note: Do not add this text to the /m-power/mrcwebgui/WEB-INF/web.xml file. This file will be overwritten when you update your version of m-Power.
Open the web.xml file in a text editor, and look for the </web-app>
Directly above this tag, copy in the following code:
<security-constraint>
<web-resource-collection>
<web-resource-name>Manage CSS/HTML Files in promote to production</web-resource-name>
<url-pattern>/servlet/MRCXPROM.M00070s</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>Manage promotion locations in promote to production</web-resource-name>
<url-pattern>/servlet/MRCXPROM.I70040s</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager-gui</role-name>
</auth-constraint>
</security-constraint>
This will allow you to secure both the Manage CSS/HTML/XML Files screen and the Manage Promotion Locations screen in the Promote to production Utility. Note that <role-name>manager-gui</role-name> corresponds to a role with configured username/password in tomcat/conf/tomcat-users.xml, should you wish to change the default username and password.
Note: Tomcat must be restarted for this security to take effect.
Adding Tomcat Security to Other Screens
While this document described adding Tomcat security to the Promote to Production utility, this same security can be enabled for any screen within the m-Power development interface. For each additional screen you want to secure, add the following code immediately beneath the <security-constraint> tab, and replace in the correct URL and description text.
<web-resource-collection> <web-resource-name>Text Description</web-resource-name> <url-pattern>/servlet/URL goes here</url-pattern> </web-resource-collection>