You can configure Liberty to
authenticate and authorize users by using a basic user registry.
Before you begin
The Liberty features appSecurity-2.0 and
servlet-3.0 must be enabled in the server.xml file.
For more information about the security configuration in Liberty, see Getting started with security in Liberty.
About this task
You can set up a basic user registry and configure more role mapping in the
server.xml file for a Liberty server by going through the following
steps.
Procedure
- Configure the basic registry as follows. Use a user name and password that are meaningful to
you. Never use the name and password from this example in your applications.
<basicRegistry id="basic" realm="WebRealm">
<user name="Bob" password="bobpwd" />
</basicRegistry>
- Optional: Grant the user or group the Administrator role if the user, or group of users,
is used to perform remote system management activities. This step is done automatically when using the quickStartSecurity element or may
be accomplished by adding the administrator-role element to the
server.xml file as shown.
<administrator-role>
<user>Bob</user>
<group>myAdmins</group>
</administrator-role>
- Encode the password within the configuration. You can get the encoded value by using the securityUtility encode task.
- Optional: Add additional users. Make sure that each user name is unique.
<basicRegistry id="basic" realm="WebRealm">
<user name="Bob" password="bobpwd" />
<user name="user1" password="user1pwd" />
<user name="user2" password="user2pwd" />
</basicRegistry>
- Create groups for users. Make sure that each group name must be unique.
<basicRegistry id="basic" realm="WebRealm">
<user name="Bob" password="bobpwd" />
<user name="user1" password="user1pwd" />
<user name="user2" password="user2pwd" />
<group name="myAdmins">
<member name="Bob" />
<member name="user1" />
</group>
<group name="users">
<member name="user1" />
<member name="user2" />
</group>
</basicRegistry>
- Assign some users and groups to the testing role of an application.
<application type="war" id="myWebApp" name="myWebApp"
location="${server.config.dir}/apps/myWebApp.war">
<application-bnd>
<security-role name="testing">
<user name="Bob" />
<user name="user1" />
<group name="users" />
</security-role>
</application-bnd>
</application>
What to do next
Configure security-related elements in the deployment descriptor of your application.
See Getting started with security in Liberty for a sample web.xml
file.