Configuring the authorizationOnlyApiServlet for direct integration

The authorizationOnlyApiServlet requires two-way SSL authentication for direct API calls. For more information, see Configuring two-way SSL authentication between WebSphere® Commerce and Sterling Order Management.

About this task

To enable access to the authorizationOnlyApiServlet servlet, follow these steps:

Procedure

  1. Open the <INSTALL_DIR>/repository/eardata/smcfs/extn/ directory.
  2. If web.xml.sample does not exist, build the smcfs.ear file to generate it.
  3. Rename web.xml.sample as web.xml.
  4. Edit web.xml to include the following code:
    Note: Ensure that the id fields are unique.
    <context-param>
<param-name>bypass.uri.X</param-name>
<param-value>/interop/AuthorizationOnlyApiServlet</param-value>
</context-param>
<context-param>
<param-name>request.validation.bypass.uri.yfc.X</param-name>
<param-value>/interop/AuthorizationOnlyApiServlet</param-value>
</context-param>
<context-param>
<param-name>sc.csrf.bypass.uri-X</param-name>
<param-value>/interop/AuthorizationOnlyApiServlet</param-value>
</context-param>
<servlet id="Servlet_X">
<servlet-name>AuthorizationOnlyApiServlet</servlet-name>
<servlet-class>com.yantra.interop.client.AuthorizationOnlyApiServlet
</servlet-class></servlet>
<servlet-mapping id="ServletMapping_X">
<servlet-name>AuthorizationOnlyApiServlet</servlet-name>
<url-pattern>/interop/AuthorizationOnlyApiServlet</url-pattern>
</servlet-mapping>
    where
    X is a numerical value
  5. Edit <INSTALL_DIR>/repository/eardata/smcfs/extn/web.xml to include the following: 
    <security-constraint>
<web-resource-collection>
<web-resource-name>AuthorizationOnlyApiServlet</web-resource-name>
<url-pattern>/interop/AuthorizationOnlyApiServlet</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>WCIntegrationUser</role-name>
</auth-constraint>
</security-constraint>
<login-config><auth-method>CLIENT-CERT</auth-method>
<realm-name>defaultWIMFileBasedRealm</realm-name></login-config>
<security-role>
<role-name>WCIntegrationUser</role-name>
</security-role>
    Note: To determine the value to enter for <realm-name> in web.xml, refer to the WebSphere Application Server configuration. The example in step 5 uses defaultWIMFileBasedRealm for <realm-name>.
  6. Build the EAR, which now contains the modified web.xml file.
  7. Redeploy the EAR:
    1. Open the WebSphere Application Server Administrative Console and click Applications > WebSphere enterprise applications.
    2. Select Sterling Order Management and click Update.
    3. Select Replace the entire application and Remote file system. Browse to the smcfs.ear file.
    4. Click Next and accept all defaults.
    The application is updated.
  8. In the WebSphere Application Server Administrative Console, click Security > Global Security. The Global Security settings are displayed.
  9. Click Security Configuration Wizard and click Enable administrative security if it is not enabled by default. Click Next.
  10. For Step 2: Select user repository, click Federated repositories.
  11. For Step 3: Configure federated repository, enter a Primary administrative user name and password. User name example: configadmin
  12. For Step 4: Summary, verify that the following values are shown:
    Table 1. Summary of options set in the global security wizard for administrative security
    Options Value
    Enable administrative security true
    Enable application security true
    Use Java™ 2 security to restrict application access to local resources false
    User repository Federated depositories
    Primary administrative user name Varies.
  13. Restart the WebSphere Application Server for Sterling Order Management.
  14. Go to Users and Groups > Manage Users > Create Users and create WCIntegrationUser.
  15. Go to Users and Groups > Manage Groups > Create Groups and create WCIntegrationGroup.
  16. Go to Applications > WebSphere Enterprise Applications > Application_Name > Security role to user/group mapping, and map the following below:
    1. WCIntegrationUser user role to the WCIntegrationUser user created in Step 14.
    2. WCIntegrationGroup group role to the WCIntegrationGroup group created in Step 15.
  17. Click Security > SSL certificate and key management > SSL configurations > NodeDefaultSSLSettings.
    1. Click Quality of protection (QoP) settings.
    2. Set Client Authentication to Supported.
    3. Set Protocol to TLSv1.2.