Configure Security for the ISAPI Redirector

If you are using Microsoft IIS as your web server with Tomcat as the servlet engine, it is recommended that you protect the connection with a secret string.

To update your configuration, you need to edit the Tomcat server.xml file and the workers.properties file, both located in /common/tomcat/conf/ of your Uniface installation directory.

Before you begin, ensure that the ISAPI Redirector is configured: Configuring Microsoft IIS to Use Tomcat

  1. Edit the file common/tomcat/conf/server.xml in your Uniface installation directory to add the secretRequired and secret attributes.

    Set the secretRequired attribute to true and provide a long random string value for secret. For example:

    !-- Define an AJP 1.3 Connector on port 9093 -->
    <Connector protocol="AJP/1.3"
      secretRequired=true
      address="::1"
      port="9093"
      redirectPort="9091"
      secret="YourLongAndSecureRandomSecretHere"/>

    Note: If you are performing a new installation of Uniface, this server.xml file will have a comment explaining the new attribute, directly above the first quoted line.

  2. Update the workers.properties file to ensure that secret is shared with the Tomcat workers:
    # Simple workers configuration file
    # Check the JK Documentation of Tomcat for more information
    ps=\
    # List all workers
    worker.list=worker.uniface,ajp13
    
    
    # Redefining the worker named uniface of type ajp13
    worker.uniface.port=8087
    worker.uniface.host=localhost
    worker.uniface.type=ajp13
    worker.uniface.lbfactor=1
    worker.uniface.secret=YourLongAndSecureRandomSecretHere
    
    # Specifies the load balance factor when used with a load balancing worker.
    worker.loadbalancer.type=lb
    worker.loadbalancer.balanced_workers=uniface
    
    
    # Or optionally:
    # worker.loadbalancer.secret=YourLongAndSecureRandomSecretHere
    				

    Note: You can either set the secret on the worker itself, as worker.uniface.secret, or on the loadbalancer: worker.loadbalancer.secret. If you set it on the loadbalancer, all workers that inherit from it will also have access to the secret.