+

Search Tips   |   Advanced Search

Use assembly tools to password-protect a web service operation

Use this task to learn how to protect a web service operation using the sibwsauthbean.ear file.

This task assumes that we have already completed the initial steps for Password-protecting a web service operation.

As is explained in general terms in Operation-level security: Role-based authorization, the target web service is protected by wrapping it in an EAR file and applying role-based authorization to the EAR file. In this task, the EAR file containing the web service (your_webservice.ear) is imported into the sibwsauthbean.ear file (which contains all of the protected web services) and the sibwsauthbean.ear file is modified to set the roles and assign them to methods. This modified sibwsauthbean.ear file is then deployed in WebSphere Application Server and users are assigned to the previously defined roles.

Use an assembly tool to complete the following steps:

  1. Start the assembly tool, then open the Java EE perspective.

  2. From the File menu select File > Import > EAR, then browse to select the copy of the sibwsauthbean EAR file. On the Project Explorer tab these projects are created:

    • An enterprise application project called sibwsauthbean

    • An EJB project called Authorization

  3. From the File menu select File > Import > EAR, specify a new EAR project name, then browse to select the your_webservice EAR file. On the Project Explorer tab these projects are created:

    • An enterprise application project called your_webservice.

    • An EJB project called your_webservice ejb.

  4. Select the EJB project your_webservice ejb, then edit the EJB Deployment Descriptor. For every security role to create, repeat the following steps:

    1. On the Assembly tab, add the required security role (for example READER).

    2. Use the Add Method Permission wizard to add one or more method permissions to the security role.

    3. Save the changes.

  5. To import the enterprise application the_webservice into the sibwsauthbean EAR file...

    1. Select the enterprise application project sibwsauthbean, then edit the EAR Deployment Descriptor.

    2. On the Module tab, add the your_webservice ejb enterprise bean from the EJB project your_webservice ejb.

    3. Save the changes.

  6. To ensure that the authorization enterprise bean can reference the newly-imported enterprise bean...to add an EJB reference:

    1. Select the EJB project Authorization, then edit the EJB Deployment Descriptor.

    2. On the Reference tab, select the Authorization reference then click Add. The Add Reference wizard is displayed.

    3. Select EJB Reference > Next.

    4. Select the Enterprise beans in the workspace radio button, then browse to select the your_webservice ejb enterprise bean.

    5. Save the changes.

  7. To assign users to roles...

    1. Select the enterprise application project sibwsauthbean, then edit the EAR Deployment Descriptor.

    2. On the Security tab, select Gather. For every security role to assign, repeat the following steps:

      1. Select a security role.

      2. Under WebSphere Bindings, select the required access level from the following choices:

        • Everyone

        • All authenticated

        • Users/Groups

  8. Export the enterprise application project sibwsauthbean as an EAR file.


What to do next

We are now ready to install the modified copy of the sibwsauthbean EAR file as described in the final step of Password-protecting a web service operation.


Related concepts

  • Operation-level security: Role-based authorization

  • Bus-enabled web services troubleshooting tips