WAS v8.5 > Secure applications > Secure the Liberty profile and its applications > Get started with security in the Liberty profile

Set up BasicRegistry and role mapping on the Liberty profile

We can configure the Liberty profile to authenticate and authorize users using a basic user registry.

Before beginning

The Liberty feature appSecurity-1.0 must be enabled in server.xml of the Liberty profile. This topic goes through the steps to set up a basic user registry and configure more role mapping in server.xml for a Liberty profile server.

1. Configure the basic registry as follows. Make sure to use a user name and password that are meaningful to you. Never use the name and password in the example for the applications.
   < basicRegistry id="basic" realm="WebRealm"> <user name="Bob" password="bobpwd" /> </basicRegistry>
2. Optional: Grant the user with the Administrator role if the user is used to perform remote system management activities. This step is done automatically when using the quickStartSecurity element.

   < administrator-role>
      <user>Bob</user> </administrator-role>

3. Encode the password within the configuration. We can get the encoded value using the securityUtility encode task.

4. Add additional users. Make sure that each user name is unique.
   < basicRegistry id="basic" realm="WebRealm"> <user name="Bob" password="bobpwd" /> <user name="user1" password="user1pwd" /> <user name="user2" password="user2pwd" /> </basicRegistry>

5. Create groups for users. Make sure that each group name must be unique.

   < basicRegistry id="basic" realm="WebRealm">    <user name="Bob" password="bobpwd" />   <user name="user1" password="user1pwd" />   <user name="user2" password="user2pwd" />   
          <group name="myAdmins">           <member name="Bob" />           <member name="user1" />        </group>   
          <group name="users">           <member name="user1" />           <member name="user2" />        </group> </basicRegistry>

6. Assign a user group to the Administrator role.

   < administrator-role>
      <user>Bob</user>    <group>myAdmins</group> </administrator-role> 

7. Assign some users and groups to the testing role of an application.

   < application type="war" id="myWebApp" name="myWebApp"
                location="${server.config.dir}/apps/myWebApp.war">    < application-bnd>
          <security-role name="tesing">            <user name="Bob" />            <user name="user1" />            <group name="users" />        </security-role>    </application-bnd> </application>

What to do next

Configure security-related elements in the deployment descriptor of the application. See Get started with security in the Liberty profile for a sample web.xml file.

Parent topic: Get started with security in the Liberty profile

|