Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure web services > Secure bus-enabled web services > Work with password-protected components > Password-protecting a web service operation
Use assembly tools to password-protect a web service operation
Use this task to learn how to protect a web service operation by using the sibwsauthbean.ear file.
This task assumes that we have already completed the initial steps for Password-protecting a web service operation.
As is explained in general terms in Operation-level security: Role-based authorization, your target web service is protected by wrapping it in an EAR file and applying role-based authorization to the EAR file. In this task, the EAR file that contains your web service ( your_webservice.ear) is imported into the sibwsauthbean.ear file (which contains all of the protected web services) and the sibwsauthbean.ear file is modified to set the roles and assign them to methods. This modified sibwsauthbean.ear file is then deployed in WAS and users are assigned to the previously defined roles.
Use an assembly tool...
Procedure
- Start the assembly tool, then open the Java EE perspective.
- From the File menu select File > Import > EAR, then browse to select your copy of the sibwsauthbean EAR file. On the Project Explorer tab these projects are created:
- An enterprise application project called sibwsauthbean
- An EJB project called Authorization
- From the File menu select File > Import > EAR, specify a new EAR project name, then browse to select the your_webservice EAR file. On the Project Explorer tab these projects are created:
- An enterprise application project called your_webservice .
- An EJB project called your_webservice ejb.
- Select the EJB project your_webservice ejb, then edit the EJB Deployment Descriptor. For every security role to create, repeat the following steps:
- On the Assembly tab, add the required security role (for example READER).
- Use the Add Method Permission wizard to add one or more method permissions to the security role.
- Save your changes.
- To import the enterprise application your_webservice into the sibwsauthbean EAR file...
- Select the enterprise application project sibwsauthbean, then edit the EAR Deployment Descriptor.
- On the Module tab, add the your_webservice ejb enterprise bean from the EJB project your_webservice ejb.
- Save your changes.
- To ensure that the authorization enterprise bean can reference the newly-imported enterprise bean, complete the following steps to add an EJB reference:
- Select the EJB project Authorization, then edit the EJB Deployment Descriptor.
- On the Reference tab, select the Authorization reference then click Add. The Add Reference wizard is displayed.
- Select EJB Reference > Next.
- Select the Enterprise beans in the workspace radio button, then browse to select the your_webservice ejb enterprise bean.
- Save your changes.
- To assign users to roles...
- Select the enterprise application project sibwsauthbean, then edit the EAR Deployment Descriptor.
- On the Security tab, select Gather. For every security role to assign, repeat the following steps:
- Select a security role.
- Under WebSphere Bindings, select the required access level from the following choices:
- Everyone
- All authenticated
- Users/Groups
- Export the enterprise application project sibwsauthbean as an EAR file.
What to do next
You are now ready to install the modified copy of the sibwsauthbean EAR file as described in the final step of Password-protecting a web service operation.
Operation-level security: Role-based authorization
Related
Bus-enabled web services troubleshooting tips