Use this task to learn how to protect a web service operation
by using the sibwsauthbean.ear file.
About this task
As is explained in general terms in Operation-level security:
Role-based authorization, your target web service is protected
by wrapping it in an EAR file and applying role-based authorization
to the EAR file. In this task, the EAR file that contains your web
service (your_webservice.ear)
is imported into the sibwsauthbean.ear file (which
contains all of the protected web services) and the sibwsauthbean.ear file
is modified to set the roles and assign them to methods. This modified sibwsauthbean.ear
file is then deployed in WebSphere Application Server and
users are assigned to the previously defined roles.
Use an assembly tool to
complete the following steps:
Procedure
- Start the assembly tool, then open the Java EE
perspective.
- From the File menu select File > Import > EAR,
then browse to select your copy of the sibwsauthbean EAR
file. On the Project Explorer tab these projects
are created:
- An enterprise application project called sibwsauthbean
- An EJB project called Authorization
- From the File menu select File > Import > EAR,
specify a new EAR project name, then browse to select the your_webservice EAR
file. On the Project Explorer tab these projects
are created:
- An enterprise application project called your_webservice.
- An EJB project called your_webservice ejb.
- Select the EJB project your_webservice ejb,
then edit the EJB Deployment Descriptor. For every security
role that you want to create, repeat the following steps:
- On the Assembly tab, add the required security role
(for example READER).
- Use the Add Method Permission wizard to add one or more
method permissions to the security role.
- Save your changes.
- To import the enterprise application your_webservice into
the sibwsauthbean EAR file, complete the following
steps:
- Select the enterprise application project sibwsauthbean,
then edit the EAR Deployment Descriptor.
- On the Module tab, add the your_webservice ejb enterprise
bean from the EJB project your_webservice ejb.
- Save your changes.
- To ensure that the authorization enterprise bean can reference
the newly-imported enterprise bean, complete the following steps to
add an EJB reference:
- Select the EJB project Authorization,
then edit the EJB Deployment Descriptor.
- On the Reference tab, select the Authorization reference
then click Add. The Add Reference wizard is
displayed.
- Select EJB Reference > Next.
- Select the Enterprise beans in the workspace radio
button, then browse to select the your_webservice ejb enterprise
bean.
- Save your changes.
- To assign users to roles, complete the following steps:
- Select the enterprise application project sibwsauthbean,
then edit the EAR Deployment Descriptor.
- On the Security tab, select Gather.
For every security role that you want to assign, repeat the following
steps:
- Select a security role.
- Under WebSphere Bindings, select the required
access level from the following choices:
- Everyone
- All authenticated
- Users/Groups
- Export the enterprise application project sibwsauthbean as
an EAR file.
What to do next
You are now ready to install the modified copy of the
sibwsauthbean EAR
file as described in the final step of
Password-protecting a
web service operation.