cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Running hybris in https only

former_member1336901
Participant

on ‎05-22-2015 9:00 AM

0 Kudos

How can hybris 5.5.1 Telco Accelerator be configured to permanently run in https mode instead of switching between http and https?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎05-22-2015 10:38 AM
0 Kudos

You could also try changing it at tomcat level in web.xml.

 <!-- Require HTTPS for everything except /img (favicon) and /css. -->
     <security-constraint>
         <web-resource-collection>
             <web-resource-name>HTTPSOnly</web-resource-name>
             <url-pattern>/*</url-pattern>
         </web-resource-collection>
         <user-data-constraint>
             <transport-guarantee>CONFIDENTIAL</transport-guarantee>
         </user-data-constraint>
     </security-constraint>
     <security-constraint>
         <web-resource-collection>
             <web-resource-name>HTTPSOrHTTP</web-resource-name>
             <url-pattern>*.ico</url-pattern>
             <url-pattern>/img/*</url-pattern>
             <url-pattern>/css/*</url-pattern>
         </web-resource-collection>
         <user-data-constraint>
             <transport-guarantee>NONE</transport-guarantee>
         </user-data-constraint>
     </security-constraint>
Show replies
Show replies
christoph_probst
Active Participant
‎05-22-2015 10:32 AM
0 Kudos

You have to edit the spring-security-config.xml and set requires-channel="https" for all endpoints. Be aware that there may occure some problems with live edit or orbeon forms if you change this. As I know live-edit only works with http connections and orbeon forms only works with https. Hence, you should test them.

Show replies
Show replies
hiddebroerse
Participant
‎05-22-2015 10:25 AM
0 Kudos

In spring-security-config.xml

         <!-- SSL / AUTHENTICATED pages -->
         <security:intercept-url pattern="/my-account*" access="ROLE_CUSTOMERGROUP" requires-channel="https" />
         <security:intercept-url pattern="/my-account/**" access="ROLE_CUSTOMERGROUP" requires-channel="https" />
 
         <!-- Force every page to SSL -->
         <security:intercept-url pattern="/**" requires-channel="https" />
Show replies
Show replies
former_member1336901
Participant
‎05-22-2015 10:29 AM
0 Kudos

This alone does not work as it forces the user to log in.

We want the my account area and the checkout to require authentication as before, the rest of the shop should work without any authentication.

hiddebroerse
Participant
‎05-22-2015 10:34 AM
0 Kudos

I changed my config example

Ask a Question