Securing an application endpoint
You can secure your feature's application endpoint by performing the following steps:
Procedure
- In the .mf file of your feature, add
the com.ibm.wsspi.appserver.webBundleSecurity-1.0 feature
to the Subsystem-Content: header. This addition causes
any protected servlets (as specified in your feature bundle's WEB-INF/web.xml file)
to be authenticated, and enables role base authorization. You can
also assign users, groups, and special subjects to any roles that
are defined in the WEB-INF/web.xml file.
Subsystem-Content: my.user.feature.bundle; version="[1,1.0.100)", com.ibm.wsspi.appserver.webBundleSecurity-1.0; type="osgi.subsystem.feature"
- To map roles to users, groups, and special subjects, do
the following steps:
- Add the IBM-Authorization-Roles header to your OSGi
bundle's MANIFEST.MF file. The header
must specify a name which is the id of a role mapping you specify
in the server.xml file.
IBM-Authorization-Roles: my.feature.role.map
- In the server.xml file, add an authorization-roles
element to map the role names to users and groups. The id attribute of the authorization-roles element must
have the same value as the IBM-Authorization-Roles header in the MANIFEST.MF
file. Add a <security-role> subelement for each role that you want to assign
user and groups to.
<authorization-roles id="my.feature.role.map"> <security-role name="employee"> <special-subject type="ALL_AUTHENTICATED_USERS"/> </security-role> <security-role name="manager"> <user name="bob"/> <user name="mary"/> <group name="managers"/> </security-role> </authorization-roles>
- Add the IBM-Authorization-Roles header to your OSGi
bundle's MANIFEST.MF file. The header
must specify a name which is the id of a role mapping you specify
in the server.xml file.
Parent topic: Providing an application endpoint

File name: twlp_secure_app_endpoint.html