RunAs roles are used for delegation. A servlet or enterprise bean
component uses the RunAs role to invoke another enterprise bean by impersonating
that role.
Before you begin
Before you perform this task:
- Secure the Web application and enterprise bean applications, including
creating and assigning new roles to enterprise bean and Web resources. For
more information, see Securing Web applications using an assembly tool and Securing enterprise bean applications.
- Assign users and groups to roles. For more information, see Adding users and groups to roles using an assembly tool. Complete this step during
the installation of the application. The environment or user registry under
which the application is going to run is not known until deployment. If you
already know the environment in which the application is going to run and
you know the user registry, then you can use an assembly tool to assign users
to RunAs roles.
About this task
Note: This procedure might not match the steps that are required
when using your
assembly
tool, or match the version of the assembly tool that you are using.
You should follow the instructions for the tool and version that you are using.
To
define RunAs roles when a servlet or an enterprise bean in an application
is configured with RunAs settings, perform these steps:
Procedure
- In the Project Explorer view of an assembly tool, right-click an
enterprise application project or Enterprise Archive (EAR) file and click Open
With > Deployment Descriptor Editor. An application
deployment descriptor editor opens on the EAR file. To access information
about the editor, press F1 and click Application deployment descriptor
editor.
- On the Security tab, under Security Role Run As Bindings, click Add.
- Click Add under RunAs Bindings.
- In the Security Role wizard, select one or more roles and click Finish.
- Repeat steps 3 through 5 for all the RunAs roles in the application.
- Close the application deployment descriptor editor and, when prompted,
click Yes to save the changes.
Results
The ibm-application-bnd.xmi file in the application contains
the user to RunAs role mapping table.
What to do next
After securing an application, you can
install the application using the administrative console.
You can change the RunAs role mappings of an installed application. For more
information, see
User RunAs collection.