During a typical shopping flow, sensitive information,
such as credit card number and user's mailing address, can be passed
between the WebSphere Portal server and the user's web browser. In
order to protect this information from other malicious people, it
is important that the connection between the web browser and the WebSphere
Portal server is secured. WebSphere Portal allows the use of URL redirection
to achieve this.
This can be done at two different stages:
Procedure
- At the time when user logs in:
This is the
recommended approach and the safest method to ensure no further sensitive
information will be leaked out. The setting allows the WebSphere
Portal user to be redirected to a secured connection, using HTTPS
as the protocol, after successfully authenticated. For more information,
see Configuring SSL only for the login process.
- At a specific point during the shopping flow, such as when
checking out or when displaying user profile information, where sensitive
information is being displaying on the web browser.
There
are two things that need to be performed:
- One required setting in the WebSphere Portal server to enable
SSL port redirection. This can be done by setting the host.port.https
custom properties in Configuration Services. For example, setting
this port to 443 in a production environment, while one will configure
this to port 10029 in a development environment. For more information,
see WebSphere Portal configuration services.
- Updating portlet JSP files to allow secure redirection upon calling
an action or render URL. The following is an example:
<portlet:actionURL var="AddAddressActionURL" secure="true">
<portlet:param name="actionName" value="AddAddress" />
<portlet:param name="renderName" value="AddressBookDisplay" />
<portlet:param name="faultRenderName" value="AddressErrorDisplay" />
</portlet:actionURL>