For up-to-date product documentation, see the IBM MobileFirst Foundation Developer Center.

Configure the Java EE security roles on WebSphere Application Server Liberty profile

Configure the Java™ EE security roles of the Application Center and the data source in the server.xml file.

Before you begin

Review the definition of roles at Configuring user authentication for Application Center.

In WebSphere® Application Server Liberty profile, you configure the roles of appcenteruser and appcenteradmin in the server.xml configuration file of the server.


To configure the security roles, we must edit the server.xml file. In the <application-bnd> element of each <application> element, create two <security-role> elements. One <security-role> element is for the appcenteruser role and the other is for the appcenteradmin role. Map the roles to the appropriate user group name appcenterusergroup or appcenteradmingroup. These groups are defined through the <basicRegistry> element. We can customize this element or replace it entirely with an <ldapRegistry> element or a <safRegistry> element.

Then, to maintain good response times with a large number of installed applications, for example with 80 applications, you should configure a connection pool for the Application Center database.


  1. Edit the server.xml file.

    For example:

    <security-role name="appcenteradmin"> <group name="appcenteradmingroup"/> </security-role> <security-role name="appcenteruser"> <group name="appcenterusergroup"/> </security-role>

    You must include this example in the following location: :

    • If you deployed WAR files, in the <application-bnd> element of each <application> element: the appcenterconsole and applicationcenter applications.
    • If you deployed an EAR file, in the <application-bnd> element of the applicationcenter application.

    Replace the <security-role> elements that have been created during installation for test purposes.

    <basicRegistry id="appcenter"> <user name="admin" password="admin"/> <user name="guest" password="guest"/> <user name="demo" password="demo"/> <group name="appcenterusergroup"> <member name="guest"/> <member name="demo"/> </group> <group name="appcenteradmingroup"> <member name="admin" id="admin"/> </group> </basicRegistry>

    This example shows a definition of users and groups in the basicRegistry of WebSphere Application Server Liberty. For more information about configuring a user registry for WebSphere Application Server Liberty profile, see Configuring a user registry for the Liberty profile.

  2. Edit the server.xml file to define the AppCenterPool size.

    <connectionManager id="AppCenterPool" minPoolSize="10" maxPoolSize="40"/>

  3. In the <dataSource> element, define a reference to the connection manager:

    <dataSource id="APPCNTR" jndiName="jdbc/AppCenterDS" connectionManagerRef="AppCenterPool" ... </dataSource>

Parent topic: Configuring user authentication for Application Center