[Version 5.0.2]Using the Application Assembly Tool to enable operation-level authorization

Before you begin

This task assumes that you have already completed the initial steps for Enabling operation-level authorization.

Why and when to perform this task

As is explained in general terms in Operation-level security - role-based authorization, your target Web service is protected by wrapping it in an EAR file and applying role-based authorization to the EAR file. In this task, the EAR file that contains your Web service (your_webservice.ear) is imported into the wsgwauth.ear file (which contains all of the protected Web services) and the wsgwauth.ear file is modified to set the roles and assign them to methods. This modified wsgwauth.ear file is then deployed in WebSphere Application Server and users are assigned to the previously defined roles.

Use the WebSphere Application Server Application Assembly Tool (AAT) to complete the following steps:

Steps for this task

  1. Start the AAT.
  2. From the File menu select File > Open, then browse to select your copy of the wsgwauth.ear file.
  3. To import the your_webservice.ear file into the wsgwauth.ear file, complete the following steps:
    1. In the navigation pane, open the pop-up menu for EJB Modules then select Import.
    2. Browse to select the your_webservice.ear file. The Select modules to import window opens.
    3. In the Select modules to import window, select the your_webservice module then click OK.
    4. The Confirm values window opens. Click OK.
    5. In the navigation pane, expand EJB Modules to confirm that the your_webservice.ear file has been imported.
  4. In the navigation pane, expand EJB Modules > your_webservice.ear and select Security Roles.
  5. For every security role that you want to create, repeat the following steps:
    1. From the pop-up menu for Security Roles, select New.
    2. Type the name and description of the new security role, then click OK.
  6. In the navigation pane, expand EJB Modules > your_webservice.ear then select Method Permissions.
  7. For every defined role that you want to assign to a Web service method, repeat the following steps:
    1. From the pop-up menu for Method Permissions, select New. The New Method Permission window opens.
    2. Type the name of the new method permission, then click ADD for Methods. The Add Methods window opens.
    3. In the Add Methods window, expand the tree for remote methods then select the method to be protected. Click OK. The Add Methods window closes.
    4. In the New Method Permission window, click ADD for Roles. Select a previously defined role from the list then click OK.
  8. To ensure that the authorization enterprise bean can reference the newly-imported enterprise bean, complete the following steps:
    1. In the navigation pane, expand WSGW Authorization group > Session Beans > Authorization and select EJB References.
    2. From the pop-up menu for EJB References, select New. The New EJB Reference window opens.
    3. In the New EJB Reference window, on the General tab, type a name for the reference then use the Link combination box to select the newly-imported enterprise bean (all the other fields on this tab are populated automatically).
    4. In the New EJB Reference window, on the Bindings tab, type the Java Naming and Directory Interface (JNDI) name as it appears in the bindings tab of the service enterprise bean (this should be in the form websphere/WSGW/Security/your_webservice).
    5. Click OK. The New EJB Reference window closes.
  9. From the AAT File menu, select File > Generate Code For Deployment.
  10. Make a note of the name of the modified EAR file, then click Generate Now.
  11. From the AAT File menu, select File > Save to save the modified copy of the wsgwauth.ear file.
  12. Close the AAT.

What to do next

You are now ready to install the modified copy of the wsgwauth.ear file as described in the final step of Enabling operation-level authorization.

Related concepts
Operation-level security - role-based authorization
Related tasks
Enabling operation-level authorization
Using the Assembly Toolkit to enable operation-level authorization[Version 5.0.2 and later]



Searchable topic ID:   twsg_security_wslevel_aat
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/twsg_security_wslevel_aat.html

Library | Support | Terms of Use | Feedback