Deploying applications that have security constraints (secured applications) is similar to deploying applications without any security constraints. The only difference is that you might need to assign users and groups to roles for a secured application, which requires that you have the correct active registry. To deploy a newly secured application click Applications > Install New Application in the navigation panel on the left and follow the prompts. If you are installing a secured application, roles would have been defined in the application. If delegation was required in the application, RunAs roles also are defined.
Before you perform this task, verify that you already designed, developed, and assembled an application with all the relevant security configurations. For more information on these tasks refer to Developing secured applications and Assembling secured applications in the WebSphere Application Server Information Center. In this context, deploying and installing an application are considered the same task.
You must complete the steps in Installing a module on a production server before commencing this task.
Deploying applications that have security constraints (secured applications) is not much different than deploying applications that do not contain any security constraints. The only difference is that you might need to assign users and groups to roles for a secured application, which requires that you have the correct active user registry. To deploy a newly secured application click Applications > Install New Application in the navigation panel on the left and follow the prompts. If you are installing a secured application, roles are defined in the application. If delegation is required in the application, RunAs roles also are defined.
One of the required steps to deploy secured applications is to assign users and groups to roles defined in the application. This task is completed as part of the step entitled, "Map security roles to users and groups". This assignment might have already be done through an assembly tool. In that case you can confirm the mapping by going through this step. You can add new users and groups and modify existing information during this step.
If the applications support delegation, then a RunAs role is already defined in the application. If the delegation policy is set to Specified Identity during assembly, the intermediary invokes a method using an identity setup during deployment. Use the RunAs role to specify the identity under which the downstream invocations are made. For example, if the RunAs role is assigned user, "bob", and the client, "alice", is invoking a servlet, with delegation set, which calls the enterprise beans, the method on the enterprise beans is invoked with "bob" as the identity. As part of the deployment process one of the steps is to assign or modify users to the RunAs roles. This step is entitled, "Map RunAs roles to users". Use this step to assign new users or modify existing users to RunAs roles when the delegation policy is set to specified identity.
The steps described below are common for both installing an application and modifying an existing application. If the application contains roles, you see the "Map security roles to users and groups" link during application installation and also during managing applications, as a link in the Additional properties section.
Last updated:
Copyright IBM Corporation 2005.
This information center is powered by Eclipse technology (http://www.eclipse.org)