Management REST API access requires oemanager.war be deployed. Create development instances with the -f option to deploy oemanager.war. Secure the instance by using the -m uid:password option to change the username and password from the default values of tomcat:tomcat.
Access to Swagger UI for management REST APIs is disabled by default. Direct access to management APIs through Swagger UI is considered a security risk. Explicit authorization is required. Limit access to the administrator roles within the organization. Restart the server to apply the security changes. To enable Swagger UI, complete the following steps:
1. Edit the instance-path\webapps\oemanager\WEB-INF\oemgrSecurity-container.xml security file.
2. Find the intercept URL for the interactive documentation, by searching the file for <intercept-url pattern="/doc/**".
3. Uncomment the line containing <intercept-url pattern="/doc/** authorizing specific roles to use the interactive documentation.
4. Save the file.
5. Restart the server to apply the changes.
Use pasman pasoestart -restart -I instance to restart.
6. Enter http://host:port/oemanager/ to show the management REST API documentation confirming that authorization has been correctly defined. Login credentials are required ensuring only administrators have access.
