Java EE – enabling role-based security in WebSphere 7

Java

My web application (created using struts 2) contains 2 pages

>1) make request > 2) approve request

)Deployed in WebSphere 7.0 I need to enable role - based security for this application I have two roles

1) Users (who can make requests)

2) Examine and approve

Both have different credentials I do not use any backend for authentication How to use web XML and mapping users use WebSphere security features to do this

Solution

I invite you to read the JavaEE 6 tutorial Chapter "getting started secure web applications", especially the examples provided

Your application must declare two security roles user and approver, and web XML must protect servlet paths, thanks to security constraints

Here is the starting point:

<security-constraint>
    <display-name>Raise Request</display-name>
    <web-resource-collection>
        <web-resource-name>raiserequestservlet</web-resource-name>
        <description/>
        <url-pattern>/raiserequest</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <description/>
        <role-name>user</role-name>
    </auth-constraint>
</security-constraint>
<security-constraint>
    <display-name>Approve Request</display-name>
    <web-resource-collection>
        <web-resource-name>approverequestservlet</web-resource-name>
        <description/>
        <url-pattern>/approverequest</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <description/>
        <role-name>approver</role-name>
    </auth-constraint>
</security-constraint>

<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>WebSphere</realm-name>
</login-config>

<security-role>
    <description>Security Role required to raise a request</description>
    <role-name>user</role-name>
</security-role>
<security-role>
    <description>Security Role required to approve a request</description>
    <role-name>approver</role-name>
</security-role>

For the first test, I chose basic authentication, but there are other options

Then, when deploying the war package to WebSphere, the wizard will allow you to map two application roles to LDAP groups, which is highly recommended as long as you use LDAP as the backend for authentication and permissions

The server instance running the application is configured to use global security by default, but you can create a dedicated security domain for the server / application pair to use a dedicated back end This is the guidance of network deployment reference documentation security section

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>