Implementation Guide › Optimizing CA GovernanceMinder › How to Prepare an Implementation for Production

How to Prepare an Implementation for Production

We recommend that you perform the following steps before you move CA GovernanceMinder from a test to a production environment.

1. Mark session cookies as http only. Do the following:
   1. Navigate to the following directory:

      eurekify-jboss\server\eurekify\deploy\jbossweb.sar
      

   2. Open the context.xml file, and add the following line:

      <SessionCokkie secure="true"httpOnly="true"/>
      

   3. Save and close the file.
2. Configure JBoss cross domain policy for Flash. Do the following:
   1. Navigate to the following directory:

      \eurekify-jboss\server\eurekify\deploy\ROOT.war
      

   2. Open the crossdomain.xml file, and replace the default value with the company domain name in the following entry:

      <allow-access-from domain="*"/>
      

      Example: company.com

   3. Save and close the file.
3. Disable HTTP TRACE support in web browsers.Do the following:
   1. Navigate to the following directory:

      \eurekify-jboss\server\eurekify\deploy\ROOT.war\WEB-INF
      

   2. Open the web.xml file, and add the following section:

      <security-constraint>
      		<web-resource-collection>            
       <web-resource-name>secure</web-resource-name>
      			<url-pattern>/*</url-pattern>
      			<http-method>GET</http-method>
      			<http-method>POST</http-method>
      			<http-method>HEAD</http-method>
      			<http-method>PUT</http-method>
      			<http-method>DELETE</http-method>
      		</web-resource-collection>
      	</security-constraint>
      

   3. Save and close the file.
4. Configure CA GovernanceMinder for SSL communication.

   Note: For more information, see the Installation Guide.

5. Secure the JBoss JMX Console. Do the following:

   Important! If you do not want to secure the JBoss JMX Console, we recommend that you remove the following files:

   jmx-console.war, admin-console.war
   

   Note: For more information about the JBoss JMX Console refer to the JBoss documentation.

   1. Enable authentication on the JBoss JMX Console. Do the following:
      1. Navigate to the following directory:

         eurekify-jboss\server\PROFILE\deploy\jmx-console.war\WEB-INF
         

      2. Open the web.xml file.
      3. Uncomment the <security-constraint> entry:

         <security-constraint>
            <web-resource-collection>
               <web-resource-name>HtmlAdaptor</web-resource-name>
               <description>
                  An example security config that only allows users with the role
                  JBossAdmin to access the HTML JMX console web application
               </description>
               <url-pattern>/*</url-pattern>
           </web-resource-collection>
           <auth-constraint>
             <role-name>JBossAdmin</role-name>
           </auth-constraint>
         </security-constraint>
         

      4. Save and close the file.
   2. Enable security domain on the JBoss JMX Console. Do the following:
      1. Navigate to the following directory:

         eurekify-jboss\server\PROFILE\deploy\jmx-console.war/WEB-INF
         

      2. Open the jboss-web.xml file.
      3. Verify that the following section appears:

         <jboss-web>
           <!-- Uncomment the security-domain to enable security. You will
              need to edit the htmladaptor login configuration to setup the
              login modules used to authentication users.
           -->
           <security-domain>java:/jaas/jmx-console</security-domain>
         </jboss-web>
         

      4. Save and close the file.
   3. Enable authentication on the administration console. Do the following:
      1. Navigate to the following directory:

         eurekify-jboss\server\PROFILE\deploy\management\console-mgr.sar\web-console.war\WEB-INF
         

      2. Open the web.xml file.
      3. Uncomment the following entry:

         <security-constraint>
            <web-resource-collection>
               <web-resource-name>HtmlAdaptor</web-resource-name>
               <description>
                  An example security config that only allows users with the role
                  JBossAdmin to access the HTML JMX console web application
               </description>
               <url-pattern>/*</url-pattern>
           </web-resource-collection>
           <auth-constraint>
             <role-name>JBossAdmin</role-name>
           </auth-constraint>
         

      4. </security-constraint>
   1. Save and close the file.
   1. Enable security domain on the administration console. Do the following:
      1. Navigate to the following directory:

         eurekify-jboss\server\PROFILE\deploy\management\console-mgr.sar\web.console.war\WEB-INF
         

      2. Open the jboss-web.xml file.
      3. Verify that the following entry appears:

         <jboss-web>
           <!-- Uncomment the security-domain to enable security. You will
              need to edit the htmladaptor login configuration to setup the
              login modules used to authentication users.
           -->
           <security-domain>java:/jaas/jmx-console</security-domain>
         </jboss-web>
         

      4. Save and close the file.

More information:

SSL-Encrypted Communication