When you build an EAR file, you can define roles and apply them
to methods. When you deploy the EAR file, you can assign individual
users or groups to roles. You can use this feature of EAR files to
add role-based security to your Web service. For example:
- You have a Web service that controls access to important information,
and you want to give read-only access to some users, and write access
to others.
- When you build the EAR file you define two roles: READ and WRITE.
You apply the READ role to the getData method and the WRITE role to
the writeData method.
- When you deploy the EAR file in WebSphere® Application Server, you assign
All Authenticated Users to the READ role and individual users to the
WRITE role.
- When a user tries to access WebService.getData,
their user name and password is checked by the operating system or
by Lightweight Third Party Authentication (LTPA).