WAS v8.5 > Secure applications > Secure web services > Secure JAX-RS web applicationsAdminister secure JAX-RS applications
We can use the dmgr console to administer Java API for RESTful Web Services (JAX-RS) applications that have enabled security mechanisms.
This task assumes familiarity with the Sample REST application used in the Secure JAX-RS applications within the web container topic and the security mechanisms applied to this JAX-RS application. After we have implemented security mechanisms, such as basic HTTP authentication or role-based authorization constraints on your REST resources, we can administer your JAX-RS applications by mapping defined roles to users, groups, or special subjects.
- In the dmgr console, click Applications > Application Types > WebSphere enterprise applications > application_name.
- Under Detail properties, click Security role to user/group mapping. A list of all the roles that belong to this application is displayed.
- Select one of the roles you defined for the application.
In the AddressBookApp Sample, the defined roles are Role1 and Role2.
- Determine the users, groups, or special subjects such as the All Authenticated in Application's Realm option to assign the appropriate roles. This option specifies that any authenticated user is able to access the resource. The security constraint in this Sample is for authentication only.
- Repeat the previous steps for every role that we have defined in your JAX-RS application.
- Click OK to save your changes.
Results
Using the dmgr console, we have applied role constraints to various resource URI patterns to enable role-based access to those resources.
Related
Implement secure JAX-RS applications
Secure JAX-RS applications within the web container
Reference:
WAS roles and goals