Administer secure JAX-RS applications

We can use the console to administer Java API for RESTful Web Services (JAX-RS) applications that have enabled security mechanisms.

This task assumes familiarity with the Sample REST application used in the Secure JAX-RS applications within the web container topic and the security mechanisms applied to this JAX-RS application.

After we have implemented security mechanisms, such as basic HTTP authentication or role-based authorization constraints on the REST resources, we can administer the JAX-RS applications by mapping defined roles to users, groups, or special subjects.

1. In the console, click Applications > Application Types > WebSphere enterprise applications > application_name.

2. Under Detail properties, click Security role to user/group mapping. A list of all the roles that belong to this application is displayed.

3. Select one of the roles you defined for the application.

   In the AddressBookApp Sample, the defined roles are Role1 and Role2.

4. Determine the users, groups, or special subjects such as the All Authenticated in Application's Realm option to assign the appropriate roles. This option specifies that any authenticated user is able to access the resource. The security constraint in this Sample is for authentication only.

5. Repeat the previous steps for every role that we have defined in the JAX-RS application.

6. Click OK to save the changes.

Results

Use the console, we have applied role constraints to various resource URI patterns to enable role-based access to those resources.

Related tasks

Implement secure JAX-RS applications

Secure JAX-RS applications within the web container

WebSphere Application Server roles and goals