SSL: Secure Backend Login

This function has been deprecated.

After a dotCMS instance is configured to run SSL, you may configure the dotCMS web.xml file (/dotserver/tomcat-X.x.xx/webapps/ROOT/WEB-INF/web.xml) to require SSL for all operations which require authentication on the dotCMS back-end (including logins, API access, etc.).

Minimum Security Requirements #

It is recommended that, at a minimum, you require SSL for access to all back-end logins, all REST API calls, WebDAV access, and all access to the /html and /dwr URL branches. To require SSL for all of these areas, add all of the following <security-constraint> sections to your web.xml file.


<security-constraint>
   <web-resource-collection>
        <web-resource-name>Portal</web-resource-name>
        <description>Secure the dotCMS back-end</description>
        <url-pattern>/html/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

<security-constraint>
   <web-resource-collection>
        <web-resource-name>Portal Admin Login</web-resource-name>
        <description>Secure the dotCMS back-end</description>
        <url-pattern>/dotAdmin/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

<security-constraint>
   <web-resource-collection>
        <web-resource-name>API Calls</web-resource-name>
        <description>Secure the dotCMS back-end</description>
        <url-pattern>/api/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

<security-constraint>
   <web-resource-collection>
        <web-resource-name>Portal Login</web-resource-name>
        <description>Secure the dotCMS back-end</description>
        <url-pattern>/dwr/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

<security-constraint>
   <web-resource-collection>
        <web-resource-name>WebDAV File Access</web-resource-name>
        <description>Secure the dotCMS back-end</description>
        <url-pattern>/webdav/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

Requiring SSL for All Site Access #

As a best practice, you may wish to require SSL for ALL access to the dotCMS site, especially for internal sites or authoring environments. To do this, you may use the following global definition for the web.xml file:


<security-constraint>
   <web-resource-collection>
        <web-resource-name>Require SSL for All Site Access</web-resource-name>
        <description>Secure the entire dotCMS site</description>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

SSL: Secure Backend Login

Minimum Security Requirements#

Requiring SSL for All Site Access#

Minimum Security Requirements #

Requiring SSL for All Site Access #