Note that if you don’t set the property search.session.history.auth to A in the server configuration (Edit properties files -> trc.properties) then the users can still search and list all the session performed by any user (but they don’t have access to the detailed information anyway).
If you want to completely disable session recording visibility to normal users you can create a security filter in Liberty as described here:
Add the following feature to the file server.xml:
Put this security constraint into the file /wlp/usr/servers/trcserver/apps/TRCAPP.ear/trc.war/WEB-INF/web.xml
Then in the file application.xml you can define the user and the related role as specified in the step 5 of the guide. The user can be defined like this:
<quickStartSecurity userName="admin" userPassword="admin"/>
The role can be binded like this:
<user name="admin" />
NOTE: Put the appication-bnd section inside the following tag:
<application context-root="/trc" type="ear" id="trcserver" location="TRCAPP.ear"
name="trcserver" autoStart="true" >
Restart the server service upon completion.
In this way only a specific user (defined in the liberty configuration) can access this specific URL. The RC users can see the details of their own sessions but as soon as the link “Play the recording of this session” is clicked an authentication panel is prompted.
NOTE: The user defined here has nothing to do with the users defined in the RC application.
If you want to encrypt the password in the file application.xml you can follow the instructions here:
Basically you need to generate the encrypted password by running the command:
Then copy the encrypted password into the file application.xml and restart the server service.