Security settings
Use the console to modify the security settings for all applications.
We can enable security for applications by selecting the Enable application security option on the Global security panel.
Note that:
- Global settings apply to existing and future applications and cannot be customized.
- Default settings apply only to future applications and can be customized.
The default settings are used as a template or starting point for configuring individual applications. The administrator should still explicitly configure security settings for each application.
The following security settings are specified during application assembly:
- Security role settings
- When using an assembly tool at an application level (EAR file), security roles are synchronized with the security roles defined for the embedded modules of the application.
If a security role is manually added to the EAR file, it can be automatically removed when the file is saved if an embedded module does not reference the role, or the role is in conflict with an existing role. In this case, remove the manually added role, but then all roles with the same name are removed.
The role is automatically added again when the file is saved if it is still referenced in an embedded module file. If a duplicate role is added in an embedded module file, delete all roles with the same name and manually read the correct role.
- Security constraints
- Security constraints declare how to protect web content. These properties associate security constraints with one or more web resource collections. A constraint consists of a web resource collection, an authorization constraint, and a user data constraint.
Security constraints are set when configuring a web application in an assembly tool.
Subtopics
- Security role references in web applications
Web application developers or EJB providers must use a role-name in the code when using the available programmatic security Java EE APIs isUserInRole(String roleName) and isCallerInRole(String roleName).
Related concepts
Security constraints in web applications
Related information:
Development and assembly tools