Configure Security for the ISAPI Redirector
If you are using Microsoft IIS as your web server with Tomcat as the servlet engine, it is recommended that you protect the connection with a secret string.
To update your configuration, you need to edit the Tomcat server.xml file and the workers.properties file, both located in /common/tomcat/conf/ of your Uniface installation directory.
Before you begin, ensure that the ISAPI Redirector is configured: Configuring Microsoft IIS to Use Tomcat
- Edit the file common/tomcat/conf/server.xml in your Uniface installation directory to add the
secretRequiredandsecretattributes.Set the
secretRequiredattribute totrueand provide a long random string value for secret. For example:!-- Define an AJP 1.3 Connector on port 9093 --> <Connector protocol="AJP/1.3" secretRequired=true address="::1" port="9093" redirectPort="9091" secret="YourLongAndSecureRandomSecretHere"/>
Note: If you are performing a new installation of Uniface, this server.xml file will have a comment explaining the new attribute, directly above the first quoted line.
- Update the workers.properties file to ensure that secret is shared with the Tomcat workers:
# Simple workers configuration file # Check the JK Documentation of Tomcat for more information ps=\ # List all workers worker.list=worker.uniface,ajp13 # Redefining the worker named uniface of type ajp13 worker.uniface.port=8087 worker.uniface.host=localhost worker.uniface.type=ajp13 worker.uniface.lbfactor=1 worker.uniface.secret=YourLongAndSecureRandomSecretHere # Specifies the load balance factor when used with a load balancing worker. worker.loadbalancer.type=lb worker.loadbalancer.balanced_workers=uniface # Or optionally: # worker.loadbalancer.secret=YourLongAndSecureRandomSecretHere
Note: You can either set the
secreton the worker itself, asworker.uniface.secret, or on the loadbalancer:worker.loadbalancer.secret. If you set it on the loadbalancer, all workers that inherit from it will also have access to the secret.
