Setting up security for your application

Setting up security for your application requires the following tasks:

Security roles are logical groups of users (such as bankTeller or bankManager). When you deploy the application, these roles are mapped to specific individuals or groups of individuals. Constraints define which parts of the application to secure, such as servlets and JSPs, and which roles can access them.

Note: For WebSphere Application Server V5.x, refer to the section following these tasks.
Note: If you are setting up security for a WebFacing portlet project, do not follow the steps in this section.

To define security roles and constraints:

  1. In the Project Navigator, expand the Web project folder and double-click the Web Deployment Descriptor file (web.xml) under WebContent/WEB-INF to open it in the editor.
  2. Click the Security tab on the bottom of the panel and click Add to insert a new security role. This example uses the role All application users to specify all users in the LDAP directory.
  3. Under Security Constraints, click Add to define the security constraints for this new security role.
  4. Type the name of the constraint in the Add Constraints dialog and click Next.
  5. Type the resource name in the Resource name field and check the HTTP methods to specify the actions these users can perform, for example, Get and Post. If you check nothing, all actions are allowed.
  6. Click Add next to the Pattern box and enter /* for the URL pattern. This specifies that these particular users have access to all Web resources in the application.
  7. Click Finish to add this definition.

  8. On the Security page, click Add under Authorized Roles to open the Define Authorization Constraint dialog.
  9. Type a description in the Description field.
  10. Check All application users to associate this role with the Web resource collections you just defined and click Finish.

    The updates to the Security page are complete.

  11. Save and close the Web Deployment Descriptor file.
  12. In the Project Navigator, expand the EAR project folder for your project and double-click the EAR Deployment Descriptor file (application.xml) under META-INF to open it in the editor.
  13. Click the Security tab and then click Gather.
  14. Select All application users and check All authenticated users under WebSphere Bindings.

  15. Save and close the EAR Deployment Descriptor file.
  16. Restart the application.

With this configuration, you have allowed any user that can be authenticated to LDAP (All authenticated users) to access any resource in the project (/*). In your application, you may want to create additional roles and constraints to further refine which users (roles) can access which resources.

Related concepts
Deployment descriptor

Configuring security for your applications using WAS V5.x

  1. In the Project Navigator, expand the Web project folder and double-click the Web Deployment Descriptor file to open it in the editor.
  2. Click the Security tab on the bottom of the panel and click Add to insert a new security role. This example uses the role All application users to specify all users in the LDAP directory.

  3. Click the Security Constraints tab and click Add to define the security constraints for this new security role. The Security Constraints box will display the new constraint.

  4. Select the new constraint in the Security Constraints box and click Add under Web Resource Collections to associate a set of web resources to this constraint. This defines the web resources that the associated security role will be authorized to access.
  5. Enter a name for this set of constraints. For this example, check Get and Post to specify the actions these users can perform. If you check nothing, all actions are allowed.
  6. Click Add and enter /* for the URL pattern. This specifies that these particular users have access to all Web resources.
  7. Click OK to add this definition.

  8. Click Add under Authorized Roles to open the Define Authorization Constraint dialog.
  9. Check All application users to associate this role with the Web resource collections you just defined and click OK.

    The updates to the Security page are complete.
  10. Save and close the Web Deployment Descriptor file.
  11. In the Project Navigator, expand the EAR project folder and double-click the EAR Deployment Descriptor file to open it in the editor.
  12. Click the Security tab and then click Gather.
  13. Select All application users.
  14. Enter All application users in the Name field and check All authenticated users under WebSphere Bindings.

  15. Save and close the EAR Deployment Descriptor file.
  16. Restart the application.