This topic applies to WebSphere Application Server Liberty V8.5.5.9 and earlier. For the latest Liberty topics, see the WebSphere Application Server Liberty documentation.

Securing an application endpoint

You can secure your feature's application endpoint by performing the following steps:

Procedure

  1. In the .mf file of your feature, add the com.ibm.wsspi.appserver.webBundleSecurity-1.0 feature to the Subsystem-Content: header. This addition causes any protected servlets (as specified in your feature bundle's WEB-INF/web.xml file) to be authenticated, and enables role base authorization. You can also assign users, groups, and special subjects to any roles that are defined in the WEB-INF/web.xml file.
    Subsystem-Content: 
     my.user.feature.bundle; version="[1,1.0.100)",
     com.ibm.wsspi.appserver.webBundleSecurity-1.0; type="osgi.subsystem.feature"
  2. To map roles to users, groups, and special subjects, do the following steps:
    1. Add the IBM-Authorization-Roles header to your OSGi bundle's MANIFEST.MF file. The header must specify a name which is the id of a role mapping you specify in the server.xml file.
      IBM-Authorization-Roles: my.feature.role.map
    2. In the server.xml file, add an authorization-roles element to map the role names to users and groups. The id attribute of the authorization-roles element must have the same value as the IBM-Authorization-Roles header in the MANIFEST.MF file. Add a <security-role> subelement for each role that you want to assign user and groups to.
      <authorization-roles id="my.feature.role.map">
        <security-role name="employee">
          <special-subject type="ALL_AUTHENTICATED_USERS"/>
        </security-role>
        <security-role name="manager">
          <user name="bob"/>
          <user name="mary"/>
          <group name="managers"/>
        </security-role>
      </authorization-roles>

Icon that indicates the type of topic Task topic



Timestamp icon Last updated: Tuesday, 12 December 2017
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-libcore-mp&topic=twlp_secure_app_endpoint
File name: twlp_secure_app_endpoint.html