Turning on Secure for ATG Applications

Closed for business | FlickrClosed for business by maistora’s Photostream | Flickr

Almost all web applications have some parts of their site they want to be secure such as login and profile pages.

To enable security ATG has a ProtocolSwitchServlet, located at /atg/dynamo/servlet/dafpipeline/ProtocolSwitchServlet. Set the enable property to true and configure the other properties appropriately.

The only other properties that you will need to configure are the secureList property and the ignoreList property.  Examples of how these properties would be configured follow.

secureList=/myapp/account,/myapp/checkout
ignoreList=/myapp/css,/myapp/javascript

Optionally you might want to change the secureHostName and the httpsPort but typically it would be better to change siteHttpServerName and httpsPort respectively in /atg/dynamo/Configuration.

The default values for the other properties should be fine.

Leave a Reply

Your email address will not be published. Required fields are marked *