Deploy secured applications: WAS v5.1

Deploy secured applications

Before you perform this task, develop and assemble an application with all the relevant security configurations.
Deploying applications that have security constraints requires an active user registry, and the assignment of users and groups to roles.
If you are installing a secured application, roles would have been defined in the application. If delegation was required in the application, RunAs roles also are defined. If the delegation policy is set to Specified Identity (during assembly) the intermediary invokes a method using an identity setup during deployment. Use the RunAs role to specify the identity under which the downstream invocations are made.
For example, if the RunAs role is assigned user "bob" and the client "alice" is invoking a servlet, with delegation set, which in turn calls the enterprise beans, then the method on the enterprise beans is invoked with "bob" as the identity.
As part of the deployment process one of the steps is to assign or modify users to the RunAs roles. This step is titled Map RunAs roles to users. Use this step to assign new users or modify existing users to RunAs roles when the delegation policy is set to Specified Identity.
Click Correct use of System Identity to specify RunAs roles if needed. Complete this action if the application has delegation set to use System Identity (applicable to enterprise beans only).System Identity uses the WAS security server ID to invoke downstream methods and should be used with caution as this ID has more privileges than other identities in terms of accessing WAS internal methods. This task is provided to make sure that the deployer is aware that the methods listed in the panel have System Identity set up for delegation and to correct them if necessary. If no changes are necessary, skip this task.
Once a secured application is deployed, verify that you can access the resources in the application with the correct credentials. For example, if your application has a protected Web module, make sure only the users that you assigned to the roles are able to use the application.

See Also
Assembling secured applications
Configuring global security
Assigning users to RunAs roles
Security role to user and group selections