Map Java EE application security roles to groups in WebSphere Application Server

Assume we have a Java web app in which we have two servlets Staff and Student. Staff servlet is suppose to be accessed by members of group All-Staff and Student servlet by members of All-student group. Those groups are defined in WebSphere Application repository.

  • Login to WAS admin console and install the app
  • Create a group All-Staff and create a few staff users in this group such staff1, staff2..
  • Create a group All-Student and create a few student uses in this group such as student1, student2..
  • Install the app and then start the app
  • Navigate to MyApp > Security role to user/group mapping
  • Map All Student role to All-Student group and All Staff role to All-Staff group

Here are the contents of the web.xml file:

<?xml version=”1.0″ encoding=”UTF-8″?>
<web-app id=”WebApp_ID” version=”2.5″ xmlns=”http://java.sun.com/xml/ns/javaee&#8221; xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance&#8221; xsi:schemaLocation=”http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd”&gt;
<display-name>JEERole</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>

<servlet>
<servlet-name>Student Servlet</servlet-name>
<servlet-class>edu.sp.StudentServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>Staff Servlet</servlet-name>
<servlet-class>edu.sp.StaffServlet</servlet-class>
</servlet>

<servlet-mapping>
<servlet-name>Student Servlet</servlet-name>
<url-pattern>/student</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Staff Servlet</servlet-name>
<url-pattern>/staff</url-pattern>
</servlet-mapping>

<security-constraint>
<web-resource-collection>
<web-resource-name>Student Servlet</web-resource-name>
<url-pattern> /student</url-pattern>
<url-pattern> /servlet/StudentServlet/*</url-pattern>
<http-method> GET</http-method>
<http-method> POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name> All Student</role-name>
</auth-constraint>
</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>Staff Servlet</web-resource-name>
<url-pattern> /staff</url-pattern>
<url-pattern> /servlet/StaffServlet/*</url-pattern>
<http-method> GET</http-method>
<http-method> POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>All Staff</role-name>
</auth-constraint>
</security-constraint>

<security-role>
<role-name> All Student</role-name>
</security-role>
<security-role>
<role-name> All Staff</role-name>
</security-role>
</web-app>

Sources:

Advertisements

About Ishtiaque

I am IBM Certified Infrastructure Systems Architect, Linux Foundation Certified System Administrator, Oracle Certified Programmer in Java and Web Component Developer, and TOGAF 9 certified with over 10 years of support and development experience in IBM middleware software and Java. Additionally, have a sound grip in databases and OpenStack administration. I hold the following certifications: IBM Certified Infrastructure Systems Architect Linux Foundation Certified System Administrator (LFCS) TOGAF 9 Certified Oracle Certified Expert, Java EE6 Web Component Developer Oracle Certified Professional – Java 6 Programmer ITIL v3 Foundation Certified IBM Certified Solution Architect – Cloud Computing Infrastructure V1 IBM Certified System Administrator – WebSphere Portal V8, V7, V6.1, V6 IBM Certified System Administrator – WebSphere Application Server V7, V6.1 IBM Certified System Administrator – AIX V7 IBM Certified System Administrator – WebSphere MQ V7 IBM Certified Deployment Professional – Business Process Manager Advanced V7.5 IBM Certified Solution Advisor – Cloud Computing Architecture V3 IBM Certified Solution Developer – WebSphere Portal V5.1
This entry was posted in Java, Scripts, WAS and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s