Setting up security for your application

Setting up security for your application requires the following tasks:

Security roles are logical groups of users (such as bankTeller or bankManager). When you deploy the application, these roles are mapped to specific individuals or groups of individuals. Constraints define which parts of the application to secure, such as servlets and JSPs, and which roles can access them.

Note: If you are setting up security for a WebFacing portlet project, do not follow the steps in this section.

To define security roles and constraints:

  1. In the Navigator view, expand the Web project folder and double-click the Web Deployment Descriptor file (web.xml) under WebContent/WEB-INF to open it in the editor. (If the Navigator view is not visible in the workbench, click Window > Show View > Other > General > Navigator to display the view.)
  2. Click the Security tab at the bottom of the editor area, and click Add in the Security Roles section to insert a new security role. For this application, the role will specify all users in the LDAP directory.
  3. In the Security Role dialog, enter All application users in the Name field. Click Finish to save the role.
  4. Under Security Constraints, click Add to define the security constraints for this new security role.
  5. Type the name for the constraint, for example, Access Constraint in the Add Constraints dialog, and click Next.
  6. Type the resource name in the Resource name field (for example, All resources), and check the HTTP methods to specify the actions these users can perform, for example, GET and POST. If you check nothing, all actions are allowed.
  7. Click Add next to the Pattern box and enter /* for the URL pattern. This specifies that these particular users have access to all Web resources in the application.
  8. Click Finish to add this definition.
  9. On the Security page, click Add under Authorized Roles to open the Define Authorization Constraint dialog.
  10. Type a description of the authorization constraint in the Description field. For example, Allow all.
  11. Check All application users to associate this role with the Web resource collections you just defined and click Finish. The updates to the Security page are complete.
  12. Save and close the Web Deployment Descriptor file.
  13. In the Navigator view, expand the EAR project folder for your project and double-click the EAR Deployment Descriptor file (application.xml) under the META-INF directory.
  14. Click the Security tab and then click Gather.
  15. Select All application users and check All authenticated users under WebSphere Bindings.
  16. Save and close the EAR Deployment Descriptor file.
  17. Restart the application.

With this configuration, you have allowed any user that can be authenticated to LDAP (All authenticated users) to access any resource in the project (/*). In your application, you may want to create additional roles and constraints to further refine which users (roles) can access which resources.

Related concepts
Deployment descriptor

Feedback