You can configure Liberty to authenticate and authorize users by using a basic user
registry.
Before you begin
The Liberty features appSecurity-2.0 and
servlet-3.0 must be enabled in the server.xml file.
For more information about security configuration in Liberty, see Getting started with security in Liberty.
About this task
You can set up a basic user registry and configure more role mapping in the
server.xml file for a Liberty server by going through the following steps.
Procedure
- Configure the basic registry as follows. Use a user name
and password that are meaningful to you. Never use the name and password
from this example in your applications.
<basicRegistry id="basic" realm="WebRealm">
<user name="Bob" password="bobpwd" />
</basicRegistry>
- Optional: Grant the user or group the Administrator role
if the user, or group of users, is used to perform remote system management
activities. This step is done automatically when using the quickStartSecurity element or
may be accomplished by adding the administrator-role element
to the server.xml file as shown.
<administrator-role>
<user>Bob</user>
<group>myAdmins</group>
</administrator-role>
- Encode the password within the configuration. You can get
the encoded value by using the securityUtility encode task.
- Optional: Add additional users. Make sure that
each user name is unique.
<basicRegistry id="basic" realm="WebRealm">
<user name="Bob" password="bobpwd" />
<user name="user1" password="user1pwd" />
<user name="user2" password="user2pwd" />
</basicRegistry>
- Create groups for users. Make sure that each group name
must be unique.
<basicRegistry id="basic" realm="WebRealm">
<user name="Bob" password="bobpwd" />
<user name="user1" password="user1pwd" />
<user name="user2" password="user2pwd" />
<group name="myAdmins">
<member name="Bob" />
<member name="user1" />
</group>
<group name="users">
<member name="user1" />
<member name="user2" />
</group>
</basicRegistry>
- Assign some users and groups to the testing role
of an application.
<application type="war" id="myWebApp" name="myWebApp"
location="${server.config.dir}/apps/myWebApp.war">
<application-bnd>
<security-role name="testing">
<user name="Bob" />
<user name="user1" />
<group name="users" />
</security-role>
</application-bnd>
</application>
What to do next
Configure security-related elements in the deployment
descriptor of your application. See Getting started with security in Liberty for
a sample web.xml file.