Adding users and groups to roles

 

Before you perform this task, have already completed the steps in the Securing Webapps and Securing EJB applications articles where you created new roles and assigned those roles to EJB and Web resources. Complete these steps during application installation. This is because the environment (user registry) under which the application is running is not known until deployment. If you already know the environment in which the application is running and the user registry that is used, then you can use the Application Assembly Tool (AAT) to assign users and groups to roles. Using the administrative console to assign users and groups to roles is recommended.

 

  1. Open the application file. Open the application file by clicking File > Open. Browse and select the application file.

  2. Open the application folder.

  3. Click Security Roles.

  4. Click the Bindings tab on the right hand side panel.

  5. Select a role from the right navigation top panel.

  6. Add a group to role by clicking Add under Groups and type in a group name. Click OK. Repeat this operation to add more groups.

  7. Add a user to a role by clicking Add under Users. Type a user name and click OK. Repeat this operation to add more users.

  8. Add a special subject (All authenticated users or Everyone) to a role. Click Add under Special Subjects and select All authenticated users or Everyone as required. Click OK. When All authenticated users or Everyone special subjects is assigned to a role, you can skip steps 6 and 7 for that role.

  9. Repeat steps 5 through 8 for all the roles.

  10. Click Apply when done.

 

Results

The ibm-application-bnd.xmi file in the application contains the users and groups to roles mapping table (authorization table).

 

Usage scenario

This step is required to secure an application.

 

What to do next

After securing an application, use the Application Assembly Tool (AAT). One can install an application using the administrative console.

Web component security
Role-based authorization
Security: Links

 

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.