WebSphere Issues

13/07/2012

Map Java EE application security roles to groups in WebSphere Application Server

Filed under: Java, Scripts, WAS — Tags: , , — Ishtiaque @ 12:07 pm

Assume we have a Java web app in which we have two servlets Staff and Student. Staff servlet is suppose to be accessed by members of group All-Staff and Student servlet by members of All-student group. Those groups are defined in WebSphere Application repository.

  • Login to WAS admin console and install the app
  • Create a group All-Staff and create a few staff users in this group such staff1, staff2..
  • Create a group All-Student and create a few student uses in this group such as student1, student2..
  • Install the app and then start the app
  • Navigate to MyApp > Security role to user/group mapping
  • Map All Student role to All-Student group and All Staff role to All-Staff group

Here are the contents of the web.xml file:

<?xml version=”1.0″ encoding=”UTF-8″?>
<web-app id=”WebApp_ID” version=”2.5″ xmlns=”http://java.sun.com/xml/ns/javaee&#8221; xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance&#8221; xsi:schemaLocation=”http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd”&gt;
<display-name>JEERole</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>

<servlet>
<servlet-name>Student Servlet</servlet-name>
<servlet-class>edu.sp.StudentServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>Staff Servlet</servlet-name>
<servlet-class>edu.sp.StaffServlet</servlet-class>
</servlet>

<servlet-mapping>
<servlet-name>Student Servlet</servlet-name>
<url-pattern>/student</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Staff Servlet</servlet-name>
<url-pattern>/staff</url-pattern>
</servlet-mapping>

<security-constraint>
<web-resource-collection>
<web-resource-name>Student Servlet</web-resource-name>
<url-pattern> /student</url-pattern>
<url-pattern> /servlet/StudentServlet/*</url-pattern>
<http-method> GET</http-method>
<http-method> POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name> All Student</role-name>
</auth-constraint>
</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>Staff Servlet</web-resource-name>
<url-pattern> /staff</url-pattern>
<url-pattern> /servlet/StaffServlet/*</url-pattern>
<http-method> GET</http-method>
<http-method> POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>All Staff</role-name>
</auth-constraint>
</security-constraint>

<security-role>
<role-name> All Student</role-name>
</security-role>
<security-role>
<role-name> All Staff</role-name>
</security-role>
</web-app>

Sources:

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: