If your Rich UI application does not call web SOAP or REST services,
the EGL Rich UI Proxy will not be used. In this case, you have three
options:
- Remove the EGL Rich UI Proxy servlet from the web.xml of your
deployed project so a third party cannot access it.
- Use JEE basic authentication to secure the proxy.
- Leave the proxy unsecured.
Option 1 is the best option for EGL. It is simple and removes all
security risks that are related to the proxy, as described in EGL
Rich UI Proxy. Option 2 is valid, but it requires more work from
the EGL developer or a security administrator. For directions on how
to use JEE basic authentication to secure the EGL Riche UI Proxy,
see JEE security example. If you choose Option 3, you leave
the EGL Rich UI Proxy vulnerable to security threats.
To remove access to the EGL Rich UI Proxy:
- Double-click on the deployment descriptor (WebContent/WEB-INF/web.xml)
of your deployed web project to open it with the Deployment Descriptor
Editor.
- Click the Servlets tab.
- In the Servlets and JSPs pane, click EGLRichUIProxy.
- In the URL Mappings pane, select /___proxy->EGLRichUIProxy.
- Click Remove.
- Save your changes and exit the Deployment Descriptor Editor.
If you want to invoke web services from your Rich UI application
later, edit the web.xml and add a servlet URL
mapping into EGLRichUIProxy by using the URL pattern /___proxy.