Fix Pack 8550

Securing an application endpoint

You can secure your feature's application endpoint by performing the following steps:

Procedure

  1. In the .mf file of your feature, add the com.ibm.wsspi.appserver.webBundleSecurity-1.0 feature to the Subsystem-Content: header. This addition causes any protected servlets (as specified in your feature bundle's WEB-INF/web.xml file) to be authenticated, and enables role base authorization. You can also assign users, groups, and special subjects to any roles that are defined in the WEB-INF/web.xml file.
    Subsystem-Content: 
     my.user.feature.bundle; version="[1,1.0.100)",
     com.ibm.wsspi.appserver.webBundleSecurity-1.0; type="osgi.subsystem.feature"
  2. To map roles to users, groups, and special subjects, do the following steps:
    1. Add the IBM-Authorization-Roles header to your OSGi bundle's MANIFEST.MF file. The header must specify a name which is the id of a role mapping you specify in the server.xml file.
      IBM-Authorization-Roles: my.feature.role.map
    2. In the server.xml file, add an authorization-roles element to map the role names to users and groups. The id attribute of the authorization-roles element must have the same value as the IBM-Authorization-Roles header in the MANIFEST.MF file. Add a <security-role> subelement for each role that you want to assign user and groups to.
      <authorization-roles id="my.feature.role.map">
        <security-role name="employee">
          <special-subject type="ALL_AUTHENTICATED_USERS"/>
        </security-role>
        <security-role name="manager">
          <user name="bob"/>
          <user name="mary"/>
          <group name="managers"/>
        </security-role>
      </authorization-roles>

Icon that indicates the type of topic Task topic

Terms and conditions for information centers | Feedback


Timestamp icon Last updated: Monday, 21 April 2014
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-express-iseries&topic=twlp_secure_app_endpoint
File name: twlp_secure_app_endpoint.html