I've enabled the wl anaytics on my environment, (WLP v8,5 and WL6.2) but it's entry point is unprotected.
So I've looked around and found this article. http://www-01.ibm.com/support/knowledgecenter/SSZH4A_6.2.0/com.ibm.worklight.monitor.doc/monitor/t_securing_op_analytics.html
And figured I should be able to protected it with LDAP as well. However When I follow those steps I can't protect my analytics.
My next step was to go to worklightconsole.war and copy the configuration to have form enabled authentication. So I've ended up with my web.xml from the analytics.war with the following:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>worklightRealm</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/loginError.html</form-error-page>
</form-login-config>
</login-config>
I even copied into the WAR the login.html and loginError.html.
However after I uploaded to my apps folder the modified analytics.war it still doesn't ask me for authentication and just pops open.
The configuration I have on server.xml of analytics is:
<application context-root="/analytics"
id="analytics"
location="analytics.war"
name="analytics"
type="war">
<application-bnd>
<security-role name="worklightadmin">
<user name="<someUserOnMyLDAP>"/>
</security-role>
</application-bnd>
<classloader delegation="parentLast"/>
</application>
Does anyone have any clues on what I'm doing wrong?
The security put in place only protects the data entry point which is the endpoint at which the worklight server sends data to the analytics platform. If you wish to also protect the actual console with Basic Auth, then you'll need to modify the server.xml for the WAR file. I think its something along these lines:
But I haven't tested this.