Elastic Path Commerce for AWS Setup
Core Commerce Architecture
Cortex API Architecture
Tutorials & Code Examples
Elastic Path Production Tools
Core Commerce Release Notes
Cortex API Front-End Documentation
EP for Adobe Marketing Cloud Architecture
EP for AMC Developer Documentation
EP for AMC Release Notes
Cortex Studio
Security (Commerce Manager)
Security (Commerce Manager)
Elastic Path uses the Spring Security framework for user authentication and authorization. The security.xml file, which is located in ep-cmserver\src\main\resources\spring\security, contains the security settings you need to configure.
Configuring the HTTPS port redirect
You can configure the application server to switch to the HTTPS port for pages that require it based on the request port number. In the security.xml, the <port-mapping> element's attributes http and https define the http and https ports. The following example shows how to redirect requests on port 8080 to port 8443:
<port-mappings>
<port-mapping http="8080 " https="8443" />
</port-mappings>
Enabling/Disabling SSL
To configure SSL for specific URLs, locate the URL's <intercept-url> element in the security.xml and define https or http for the requires-channel attribute. For example, for Elastic Path Commerce, if you wanted to enable SSL for /checkout.ep* URLS, the <intercept-url> element would look like this:
<intercept-url pattern="/commerce-legacy/checkout.ep*" access="ROLE_CUSTOMER,ROLE_ANONYMOUS_CUSTOMER" requires-channel="https" />