How to protect the Endevor Webhook Server Configuration from unauthorized changes via the URL or limiting this access to specific users?
Release : 18.0
Component : CA Endevor Software Change Manager
One way to limit access to the UI part of webhook server is to use the tomcat setup (if Tomcat instance is used for Webhook Server only). That would include definition of the role and user associated with that role and then set constraints for the location of the web hook server.
Location: <tomcat dir>\conf\tomcat-users.xml
In the tomcat-user.xml navigate to the bottom of the file where are located “roles”.
Uncomment and delete the example ones and set your own like bellow “whadmin” role. Then define user name and password that would be associated with that role.
<user username="admin" password="<admin password>" roles="whadmin"/>
Find the web.xml file in the WEB-INF for the webhook server usually in webapps directory under webhookserver
Update the section as follows …. Especially add <auth-constraint> and then<login-config> in the<web-resource-collection> make sure to have the <url-pattern>/*</url-pattern> specified.
<realm-name>Basic Authentication Area</realm-name>
Restart the tomcat server and then try to access the
Specifying the set username and password should allow specific user to access the UI for webhook server.