Enabling security for nontrusted widgets for administratorsAdded by IBM on May 19, 2011 | Version 1 (Original)
|This topic describes how to enable security so that any widgets that are marked as non-trusted are sandboxed.
This topic describes how to enable security so that any widgets that are marked as non-trusted are sandboxed.
About this task
In the following steps, you will set the required sandboxing properties, run a configuration command to pick up your changes, configure the subdomains with the DNS server, and configure the client. Finally, you will test to make sure that the configuration steps work by registering a widget into the catalog and then adding that widget to the mashup builder.
- Locate the MashupCenter_install_root\mm\config\ConfigService.properties file, and modify the following properties:
Optional: Still in the MashupCenter_install_root\mm\config\ConfigService.properties file, modify the serverdomain property so that the server domain is different than the default host name. If you do not provide a value for this property, the default host name is used. For example, if the URL to access the Mashup Center server is http://server1.domain.com:9080/mum/enabler, then the default server domain is server1.domain.com.
Optional: Still in the MashupCenter_install_root\mm\config\ConfigService.properties file, modify the subdomains property so that each sandboxed widget is created in its own subdomain under the main server domain. For example, if you modified the value to be w0,w1,w2,w3,w4,w5, then you create six subdomain for six sandboxed widgets.
Save the PROPERTIES file.
At a command line, run the following command to update the configuration: config.bat update-was-config.
- sandboxenabled = true: enables the system to support sandboxing
- subdomainreuse = false: when false, subdomain reuse may introduce a security risk. For example, although widgets that share the same subdomain will not exist together, cookies set by one widget are accessible by another widget.
Note: For Linux®, replace config.bat with ./config.sh
Do the following steps to configure either wildcard or preconfigured subdomains with the DNS server:
If the Mashup Center server is running in an SSL enabled environment, request a wildcard SSL certificate for the servers.
To confirm that security is enabled properly, do the following steps:
The following steps are based on configuring a wildcard domain using Microsoft® Windows® Server 2003. Configure a wildcard subdomain when you want these settings to apply to all sites that share these DNS and SSL settings.
- Open the Windows Server 2003 Configure Your Server Wizard by clicking Start -> Programs -> Administrative Tools -> Configure Your Server Wizard.
- After the wizard opens, on the Server Role window, select DNS Server.
- Click Next to install the DNS server.
- When prompted by the wizard, insert the required CD, and finish the installing the DNS server. Now you are ready to configure the DNS server.
- Still in the Configure Your Server Wizard, on the Select Configuration Action page, select Create a forward lookup zone, and click Next.
- On the Primary Server Location page, select This server maintains the zone, and click Next.
- On the Zone Name page, specify the name of the DNS zone for your domain, and click Next.
- If you have set up a stand-alone DNS server, on the Forwarders page, click No.
- Finish the configuration.
- To open the DNS Manager window, click Start -> Programs -> Administrative Tools -> DNS.
- Register your host in Forward Lookup Zones.
- Right-click the zone name, select New Domain, and configure the wildcard host name. .
- Optional: If necessary, configure the Reverse Lookup Zones. With reverse lookup, use the nslookup command to check the DNS Service.
- Open the catalog.
- Click Upload -> Upload Widget.
- In the Select a widget type source window, select iWidget URL.
- Click Next.
- In the Register a Widget window, specify the widget URL, for example http://host:port/feedReader/feedReader.xml.
- Click Next.
- Open the newly uploaded widget in the catalog.
- Click Add To -> Mashup Builder.
- Complete the field, and click Finish.
- Refresh the mashup builder so that the new widget displays in the palette.
- Click the display menu beside the widget in the palette.
- Confirm that an option to mark the widget as trusted or non-trusted exists.
Parent topic: Sandboxing widgets