Adding users and groups to roles using an assembly tool

After creating new roles and assigning them to enterprise bean and web resources, use this task to add users and groups to roles with an assembly tool.

Before you begin

Before you perform this task, you already completed the steps in Securing web applications using an assembly tool and Securing enterprise bean applications where you created new roles and assigned those roles to enterprise bean and web resources. Complete these steps during application installation. The environment user registry under which the application is running is not known until deployment.

About this task

If you already know the environment in which the application is running and the user registry that is used, you can use an assembly tool to assign users and groups to roles. Using the administrative console to assign users and groups to roles is recommended.

[z/OS]The following information applies to authorization using WebSphere® Application Server bindings. If you create WebSphere Application Server bindings, but specify System Authorization Facility (SAF) authorization, the WebSphere Application Server bindings are ignored. If SAF authorization is to be used, you must create a SAF EJBROLE profile for each Java™ Platform, Enterprise Edition (Java EE) role in your application, and permit users and groups to that role. Refer to System Authorization Facility for role-based authorization for reference.

Note: This procedure might not match the steps that are required when using your assembly tool, or match the version of the assembly tool that you are using. You should follow the instructions for the tool and version that you are using.

To add users and groups to roles using an assembly tool, follow these steps:

Procedure

  1. In the Project Explorer view of an assembly tool, rclick an enterprise application project, or Enterprise Archive (EAR) file, and click Open With > Deployment Descriptor Editor. An application deployment descriptor editor opens on the EAR file. To access information about the editor, press F1 and click Application deployment descriptor editor.
  2. Click the Security tab and, under the main panel, click Add.
  3. In the Add Security Role wizard, name and describe the security role. Click Finish.
  4. Under WebSphere Bindings, select the user or group extension properties for the security role. Available values include: Everyone, All authenticated users, and Users/Groups.
  5. If you selected Users/Groups, click Add next to the Users or Groups pane. In the wizard that opens, specify a user or group name and click Finish. Repeat this step until you added all the users and groups to which the security role applies.
  6. Close the application deployment descriptor editor and, when prompted, click Yes to save the changes.

Results

The ibm-application-bnd.xmi or ibm-application-bnd.xml file in the application contains the users and groups-to-roles mapping table, which is the authorization table. For Java EE Version 5 applications, the ibm-application-bnd.xml file contains the authorization table.
支援的配置 支援的配置: 對於 IBM® 延伸和連結檔而言,.xmi 或 .xml 副檔名取決於您是使用 Java EE 5 之前的應用程式或模組,或 Java EE 5 或更新版本的應用程式或模組。 IBM 延伸或連結檔稱為 ibm-*-ext.xmi 或 ibm-*-bnd.xmi,其中 * 是延伸或連結檔的類型,例如:app、application、ejb-jar 或 web。 適用的條件如下:
  • 如果應用程式或模組使用第 5 版之前的 Java EE,副檔名必須是 .xmi。
  • 如果應用程式或模組使用 Java EE 5 或更新的版本,副檔名必須是 .xml。 如果 .xmi 檔是隨附在應用程式或模組,則本產品會忽略 .xmi 檔。

不過,即使應用程式含有 Java EE 5 之前的檔案,且所用的副檔名是 .xmi,其中也可以有 Java EE 5 或更新版本的模組。

ibm-webservices-ext.xmiibm-webservices-bnd.xmiibm-webservicesclient-bnd.xmiibm-webservicesclient-ext.xmiibm-portlet-ext.xmi 檔會繼續使用 .xmi 副檔名。

sptcfg

What to do next

After securing an application, install the application using the administrative console.

指出主題類型的圖示 作業主題



時間戳記圖示 前次更新: July 9, 2016 11:17
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=tsec_addusers_atk
檔名:tsec_addusers_atk.html