Setting up security for your application

Setting up security for your application requires the following tasks:

Security roles are logical groups of users (such as bankTeller or bankManager). When you deploy the application, these roles are mapped to specific individuals or groups of individuals. Constraints define which parts of the application to secure, such as servlets and JSPs, and which roles can access them.

To define security roles and constraints:

  1. In the Navigator view, expand the Web project folder and double-click the Web Deployment Descriptor file (web.xml) under WebContent/WEB-INF to open it in the editor. (If the Navigator view is not visible in the workbench, click Window > Show View > Other > General > Navigator to display the view.)
  2. Start of changeOn the Design tab, select the Web Application (Application name) and click the Add button in the Overview area. In the popup window, scroll down to select Security Role and click OK to insert a new security role. For this application, the role specifies all users in the LDAP directory.End of change
  3. Start of changeIn the Security Role Details, enter All application users in the Role Name field. End of change
  4. Start of changeOn the Design tab, select the Web Applicatin (Application name) and click the Add button in the Overview area. In the popup window, scroll down to select Security Constraint and click OK to define the security constraints for this new security role.End of change
  5. Start of changeType the name for the constraint in the Display Name field, for example, Access Constraint. End of change
  6. Start of changeClick Add next to Authorization Constraints to add all authorized security roles you just created. Enter a description of the authorization constraint in the Description field. For example, Allow all.End of change
  7. Start of changeIn the Overview section, select Web Resource Collection under this new "Security Constraint". Type the resource name in the Web Resource Name field (for example, All resources) , and click Add next to the URL Pattern box and enter /* for the URL pattern. This specifies that these particular users have access to all Web resources in the application.End of change
  8. Start of changeIn the Overview, select Web Resource Collection and click Add button, select the HTTP method in the popup window and click OK to specify the actions that you can perform, for example, GET and POST. If you add nothing, all actions are allowed. The updates to the Security page are complete.End of change
  9. Save and close the Web Deployment Descriptor file.
  10. In the Navigator view, expand the EAR project folder for your project and double-click the EAR Deployment Descriptor file (application.xml) under the META-INF directory.
  11. Start of changeOn the Design tab, select Application and click Add button. Select Security Role and click OK to add all the security roles. Type the security role name details for added security roles.End of change
  12. Start of changeUnder WebSphere Deployment Descriptors, click the Open WebSphere Bindings Descriptor link. In the WebSphere bindings section, add all authorized security roles and all authorized users under each security role. Save changes. End of change
  13. Save and close the EAR Deployment Descriptor file.
  14. Restart the application.

With this configuration, you have allowed any user that can be authenticated to LDAP (All authenticated users) to access any resource in the project (/*). In your application, you may want to create additional roles and constraints to further refine which users (roles) can access which resources.


Feedback