Develop > Presentation layer > WebSphere Commerce integration with WebSphere Portal > Customize WebSphere Commerce Portal integration

Secure HTTP requests on WebSphere Portal

During a typical shopping flow, sensitive information, such as credit card number and user's mailing address, can be passed between the WebSphere Portal server and the user's web browser. In order to protect this information from other malicious people, it is important that the connection between the web browser and the WebSphere Portal server is secured. WebSphere Portal allows the use of URL redirection to achieve this.

This can be done at two different stages:

Procedure

1. At the time when user logs in:

   This is the recommended approach and the safest method to ensure no further sensitive information will be leaked out. The setting allows the WebSphere Portal user to be redirected to a secured connection, using HTTPS as the protocol, after successfully authenticated.

   See Configure SSL only for the login process in the WebSphere Portal Information Center for more information.

2. At a specific point during the shopping flow, such as when checking out or when displaying user profile information, where sensitive information is being displaying on the web browser.

   There are two things that need to be performed:

   1. One required setting in the WebSphere Portal server to enable SSL port redirection. This can be done by setting the host.port.https custom properties in Configuration Services. For example, setting this port to 443 in a production environment, while one will configure this to port 10029 in a development environment. See WebSphere Portal configuration services in the WebSphere Portal Information Center for more information.

   2. Update portlet JSP files to allow secure redirection upon calling an action or render URL.

      <portlet:actionURL var="AddAddressActionURL" secure="true">        
      <portlet:param name="actionName" value="AddAddress" />        
      <portlet:param name="renderName" value="AddressBookDisplay" />        
      <portlet:param name="faultRenderName" value="AddressErrorDisplay" />
      </portlet:actionURL>
      

Related concepts

Customize WebSphere Commerce Portal integration

+

Search Tips   |   Advanced Search