Securing Java™ protocols - HTTP API tester

The HTTP API tester is provided only to test APIs in development mode. If you plan to provide access to this page in production, you should secure access to it.

Before you use the HTTP API tester, set your browser encoding to UTF-8 for special characters.

You can use the HTTP API tester to test the upload and download of binary large objects (BLOBs). To upload a BLOB, user information (user ID and password) should already be present in the session. If a session is not already open, you can make a dummy API call so that user information gets stored in the session. You do not need to make a dummy API call to download a BLOB.

To secure access to the Sterling™ Order Management System Software httpapitester, the deployment descriptor needs to be modified. The deployment descriptor's web.xml is defined by the servlet specification from Sun Microsystems. This deployment descriptor can be used to deploy a web application on any J2EE-compliant application server. The deployment descriptor for Sterling Order Management System Software are stored in the <INSTALL_DIR>/repository/eardata/smcfs/descriptors/<App_Server>/WAR/WEB-INF directory. By using the security-constraint element with the web-resource-collection element, you can set up authorization to protect this page from unauthorized access. For more information about the web.xml deployment descriptor, see the documentation for your application server.

Alternatively, you can simply remove the yfshttpapi directory under <INSTALL_DIR>/repository/eardata/platform/war and secure the /interop/InteropHttpServlet servlet using the security features provided by your application server.

Specify the following URL to access the HTTP API tester: http://<ipaddress>:<port>/smcfs/yfshttpapi/yantrahttpapitester.jsp