Configure a basic user registry for Liberty

We can configure a basic user registry in Liberty for authentication.

The latest documentation about configuring a basic user registry for Liberty is available on the Open Liberty website.

We can use a basic user registry by defining the users and groups information for authentication on the Liberty server. To do this, we add the appSecurity-2.0 Liberty feature to the server.xml file, along with user information in the basicRegistry element.

  1. Add the appSecurity-2.0 Liberty feature to the server.xml file.

  2. To use SSL, add the transportSecurity-1.0 Liberty feature in the server.xml file.

    See Enable SSL communication in Liberty.

  3. Configure the basic registry for the server as follows: 

      <basicRegistry id="basic" realm="customRealm">
     <user name="mlee" password="p@ssw0rd" />
     <user name="rkumar" password="pa$$w0rd" />
     <user name="gjones" password="{xor}Lz4sLCgwLTs=" />
     <group name="students">
 <member name="mlee" />
 <member name="rkumar" />
     </group>
</basicRegistry>

    Notes:

    • We must use unique names for our users and groups.

    • Remove all trailing and leading spaces from the user and group names.

    • If user ID or password contains characters other than US-ASCII, make sure that the file is saved using UTF-8 character encoding.

    • If we use the WebSphere Application Server Developer Tools for Eclipse, the password is encoded automatically.

    • If we edit the server.xml file directly, we can use the securityUtility encode command to encode the password for each user. The securityUtility command-line tool is available in the $INSTALL_ROOT/bin directory. When we run the securityUtility encode command, we either supply the password to encode as an input from the command line or, if no arguments are specified, the tool prompts for the password. The tool then outputs the encoded value. Copy the value output by the tool, and use that value for the password. For example, to encode the password GiveMeLiberty, run the following command: 

        securityUtility encode GiveMeLiberty

    • There are several security configuration examples on the Open Liberty website for reference when configuring security for the applications on Liberty.