Configure EAServer to restrict access to onepage files

[CR #311651] The EP Web application (onepage) consists of some directories that are accessible to anyone.

Workaround: Configure EAServer to restrict access to the onepage files.

Restricting access to onepage files

1. Start Jaguar Manager, and connect to EAServer.

2. Expand these successive folders: Servers | Jaguar | Installed Web Applications.

3. Highlight onepage, and select File | Web Application Properties. This displays the Web Application Properties dialog box.

4. Select the Role Mapping tab, and click Add. This creates a new row in the row mapping table.

5. In the new row, under J2EE Role, enter “No Access”. In the same row, under Jaguar Role, select “nobody” from the drop-down list.

6. Select the Security tab, and under Security Constraints, click Add. This adds a new row to the Security Constraints list.

7. Highlight the new row, and click Web Resource Collection | Edit. The Web Resource Collection dialog box displays.

8. Click Add. This creates a new collection called “securityzone.”

9. Highlight securityzone, and select all the collection attributes: Get, Post, Put, Delete, Options, and Trace.

10. Under URL Patterns, click Add. This creates a new row in the URL Patterns list.

11. In the new row, enter “/config/*” as the URL, then click OK. This restricts access to all the files under the onepage/config directory.

12. On the Security tab, select Enable Authorization and Authorized Roles | Edit. The Select Roles dialog box displays.

13. Select No Access, and click OK.

14. In Jaguar Manager, highlight Jaguar, and select File | Shutdown.

15. Restart EAServer, then reconnect to EAServer from Jaguar Manager.

---

Copyright © 2007. Sybase Inc. All rights reserved.

View this release bulletin as PDF