[Version 5.0.2 and later]Using the Assembly Toolkit to enable operation-level authorization

Before you begin

This task assumes that you have already completed the initial steps for Enabling operation-level authorization.

Why and when to perform this task

As is explained in general terms in Operation-level security - role-based authorization, your target Web service is protected by wrapping it in an EAR file and applying role-based authorization to the EAR file. In this task, the EAR file that contains your Web service (your_webservice.ear) is imported into thewsgwauth.ear file (which contains all of the protected Web services) and the wsgwauth.ear file is modified to set the roles and assign them to methods. This modified wsgwauth.ear file is then deployed in WebSphere Application Server and users are assigned to the previously defined roles.

Use the Assembly Toolkit component of the Application Server Toolkit to complete the following steps:

Steps for this task

  1. Start the Assembly Toolkit then open the J2EE perspective.
  2. From the File menu select File > Import > EAR, then browse to select your copy of the wsgwauth.ear file.
    Two J2EE projects are created:
    • wsgwauth
    • wsgwauthejb
  3. From the File menu select File > Import > EAR, then browse to select the your_webservice.ear file.
    Two J2EE projects are created:
    • your_webservice
    • your_webserviceejb
  4. Select the your_webserviceejb project, then edit the EJB Deployment Descriptor. For every security role that you want to create, repeat the following steps:
    1. On the Assembly Descriptor tab, add the required security role (for example READER).
    2. Follow the on-screen instructions to assign one or more method permissions to the security role.
    3. Save your changes.
  5. To import the your_webservice.ear file into the wsgwauth.ear file, complete the following steps:
    1. Select the wsgwauth project, then edit the EAR Deployment Descriptor.
    2. On the Module tab, add the your_webserviceejb enterprise bean from the your_webserviceejb project.
    3. Save your changes.
  6. To ensure that the authorization enterprise bean can reference the newly-imported enterprise bean, complete the following steps to add an EJB reference:
    1. Select the wsgwauthejb project, then edit the EJB Deployment Descriptor.
    2. On the References tab, select Add EJB Reference.
    3. In the Add EJB Reference pane, click Browse.
    4. Select the Enterprise bean in a different EJB project radio button, then browse to select the your_webserviceejb enterprise bean.
    5. Save your changes.
  7. To assign users to roles, complete the following steps:
    1. Select the wsgwauth project, then edit the EAR Deployment Descriptor.
    2. On the Security tab, select Gather. For every security role that you want to assign, repeat the following steps:
      1. Select a security role.
      2. Under WebSphere Bindings, select the required access level from the following choices:
        • Everyone
        • All authenticated
        • Users/Groups
  8. From the pop-up menu for the wsgwauth project, select Generate Deploy Code.
  9. Export the wsgwauth project as an EAR file.

What to do next

You are now ready to install the modified copy of the wsgwauth.ear file as described in the final step of Enabling operation-level authorization.

Related concepts
Operation-level security - role-based authorization
Related tasks
Enabling operation-level authorization
Using the Application Assembly Tool to enable operation-level authorization[5.0 only][Version 5.0.1][Version 5.0.2]



Searchable topic ID:   twsg_security_wslevel_atk
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/twsg_security_wslevel_atk.html

Library | Support | Terms of Use | Feedback