Securing an application endpoint
You can secure your feature's application endpoint by completing the following steps:
Procedure
- In the .mf file of your feature, add
the com.ibm.wsspi.appserver.webBundleSecurity-1.0 feature
to the Subsystem-Content: header. This addition causes
any protected servlets (as specified in your feature bundle's WEB-INF/web.xml file)
to be authenticated, and enables role base authorization. You can
also assign users, groups, and special subjects to any roles that
are defined in the WEB-INF/web.xml file.
Subsystem-Content: my.user.feature.bundle; version="[1,1.0.100)", com.ibm.wsspi.appserver.webBundleSecurity-1.0; type="osgi.subsystem.feature"
- To map roles to users, groups, and special subjects, do
the following steps:
- Add the IBM®-Authorization-Roles header to your OSGi bundle's MANIFEST.MF
file. The header must specify a name that is the ID of a role mapping you specify in the
server.xml file.
IBM-Authorization-Roles: my.feature.role.map
- In the server.xml file, add an authorization-roles
element to map the role names to users and groups. The id attribute of the authorization-roles element must
have the same value as the IBM-Authorization-Roles header in
the MANIFEST.MF file. Add a <security-role> subelement
for each role that you want to assign user and groups to.
<authorization-roles id="my.feature.role.map"> <security-role name="employee"> <special-subject type="ALL_AUTHENTICATED_USERS"/> </security-role> <security-role name="manager"> <user name="bob"/> <user name="mary"/> <group name="managers"/> </security-role> </authorization-roles>
Note: You can also enable security by configuring the appSecurity-1.0 or appSecurity-2.0 features in the server configuration. If you enable the features after the web application bundles (WABs) start, restart the WABs.
- Add the IBM®-Authorization-Roles header to your OSGi bundle's MANIFEST.MF
file. The header must specify a name that is the ID of a role mapping you specify in the
server.xml file.
Parent topic: Providing an application endpoint

File name: twlp_secure_app_endpoint.html