After creating new roles and assigning them to enterprise
bean and web resources, use this task to add users and groups to roles
with an assembly tool.
About this task
If you already know the environment in which the application
is running and the user registry that is used, you can use an assembly
tool to assign users and groups to roles. Using the administrative
console to assign users and groups to roles is recommended.
The following
information applies to authorization using WebSphere® Application
Server bindings. If you create WebSphere Application
Server bindings, but specify System Authorization Facility (SAF) authorization,
the WebSphere Application Server bindings are
ignored. If SAF authorization is to be used, you must create a SAF
EJBROLE profile for each Java Platform,
Enterprise Edition (Java EE)
role in your application, and permit users and groups to that role.
Refer to System Authorization Facility for role-based authorization for
reference.
Note: This
procedure might not match the steps that are required when using your
assembly tool,
or match the version of the assembly tool that you are using. You
should follow the instructions for the tool and version that you are
using.
To add users and groups to roles using an assembly
tool, follow these steps:
Procedure
- In the Project Explorer view of an assembly tool, right-click
an enterprise application project, or Enterprise Archive (EAR) file,
and click Open With > Deployment Descriptor Editor. An application deployment descriptor editor opens on the EAR
file. To access information about the editor, press F1 and click Application
deployment descriptor editor.
- Click the Security tab and, under the main panel,
click Add.
- In the Add Security Role wizard, name and describe the
security role. Click Finish.
- Under WebSphere Bindings, select the user or
group extension properties for the security role. Available values
include: Everyone, All authenticated users, and Users/Groups.
- If you selected Users/Groups, click Add beside the
Users or Groups panes. In the wizard that opens, specify a user or
group name and click Finish. Repeat this step until you added
all the users and groups to which the security role applies.
- Close the application deployment descriptor editor and,
when prompted, click Yes to save the changes.
Results
The
ibm-application-bnd.xmi or
ibm-application-bnd.xml file
in the application contains the users and groups-to-roles mapping
table, which is the
authorization table. For Java EE
Version 5 applications, the
ibm-application-bnd.xml file
contains the authorization table.
Supported configurations: For IBM® extension
and binding files, the .xmi or .xml file name extension is different
depending on whether you are using a pre-Java EE 5 application or
module or a Java EE 5 or later
application or module. An IBM extension
or binding file is named ibm-*-ext.xmi or ibm-*-bnd.xmi where * is
the type of extension or binding file such as app, application, ejb-jar,
or web. The following conditions apply:
- For an application or module that uses a Java EE version prior to version 5, the file
extension must be .xmi.
- For an application or module that uses Java EE 5 or later, the file extension must
be .xml. If .xmi files are included with the application or module,
the product ignores the .xmi files.
However, a Java EE
5 or later module can exist within an application that includes pre-Java
EE 5 files and uses the .xmi file name extension.
The ibm-webservices-ext.xmi, ibm-webservices-bnd.xmi, ibm-webservicesclient-bnd.xmi, ibm-webservicesclient-ext.xmi,
and ibm-portlet-ext.xmi files continue to use
the .xmi file extensions.
sptcfg
What to do next
After securing an application,
install the application using
the administrative console.