Setting up BasicRegistry and role mapping on the Liberty profile

You can configure the Liberty profile to authenticate and authorize users by using a basic user registry.

Before you begin

Fix Pack 8550 The Liberty features appSecurity-2.0 and servlet-3.0 must be enabled in the server.xml file of the Liberty profile.

For more information about security configuration in the Liberty profile, see Getting started with security in the Liberty profile.

About this task

You can set up a basic user registry and configure more role mapping in the server.xml file for a Liberty profile server by going through the following steps.

Procedure

  1. Configure the basic registry as follows. Use a user name and password that are meaningful to you. Never use the name and password from this example in your applications.
    <basicRegistry id="basic" realm="WebRealm">
    		<user name="Bob" password="bobpwd" />
    </basicRegistry>
  2. Optional: Grant the user or group the Administrator role if the user, or group of users, is used to perform remote system management activities. This step is done automatically when using the quickStartSecurity element or may be accomplished by adding the administrator-role element to the server.xml file as shown.
    <administrator-role>
       <user>Bob</user>
       <group>myAdmins</group>
    </administrator-role>
  3. Encode the password within the configuration. You can get the encoded value by using the securityUtility encode task.
  4. Optional: Add additional users. Make sure that each user name is unique.
    <basicRegistry id="basic" realm="WebRealm">
    	  <user name="Bob" password="bobpwd" />
    		<user name="user1" password="user1pwd" />
    		<user name="user2" password="user2pwd" />
    </basicRegistry>
  5. Create groups for users. Make sure that each group name must be unique.
    <basicRegistry id="basic" realm="WebRealm">
    	  <user name="Bob" password="bobpwd" />
    		<user name="user1" password="user1pwd" />
    		<user name="user2" password="user2pwd" />
    		
           <group name="myAdmins">
              <member name="Bob" />
              <member name="user1" />
           </group>
    		
           <group name="users">
              <member name="user1" />
              <member name="user2" />
           </group>
    </basicRegistry>
  6. Assign some users and groups to the testing role of an application.
    <application type="war" id="myWebApp" name="myWebApp"
                 location="${server.config.dir}/apps/myWebApp.war">
       <application-bnd>
           <security-role name="testing">
               <user name="Bob" />
               <user name="user1" />
               <group name="users" />
           </security-role>
       </application-bnd>
    </application>

What to do next

Configure security-related elements in the deployment descriptor of your application. See Getting started with security in the Liberty profile for a sample web.xml file.

Icon that indicates the type of topic Task topic

Terms and conditions for information centers | Feedback


Timestamp icon Last updated: Monday, 21 April 2014
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-express-iseries&topic=twlp_sec_basicreg_full
File name: twlp_sec_basicreg_full.html