Endevor Webhook Server Configuration Protection


Article ID: 197052


Updated On:


CA Endevor Software Change Manager (SCM) CA Endevor Software Change Manager - ECLIPSE Plugin (SCM)


How to protect the Endevor Webhook Server Configuration from unauthorized changes via the URL or limiting this access to specific users?


Release : 18.0

Component : CA Endevor Software Change Manager

WebHook Server


One way to limit access to the UI part of webhook server is to use the tomcat setup (if Tomcat instance is used for Webhook Server only). That would include definition of the role and user associated with that role and then set constraints for the location of the web hook server. 

In detail:

Location: <tomcat dir>\conf\tomcat-users.xml

In the tomcat-user.xml navigate to the bottom of the file where are located “roles”.
Uncomment and delete the example ones and set your own like bellow “whadmin” role. Then define user name and password that would be associated with that role. 

  <role rolename="whadmin"/>
  <user username="admin" password="<admin password>" roles="whadmin"/>


Find the web.xml file in the WEB-INF for the webhook server usually in webapps directory under webhookserver
Update the section as follows …. Especially add <auth-constraint> and then<login-config> in the<web-resource-collection> make sure to have the <url-pattern>/*</url-pattern> specified. 

      <web-resource-name>Secured area</web-resource-name>
      <!-- <url-pattern>/rest/configurations/*</url-pattern>
      <realm-name>Basic Authentication Area</realm-name>

Restart the tomcat server and then try to access the


Specifying the set username and password should allow specific user to access the UI for webhook server.