Adding security role "run as" bindings

You can specify a user ID and password that are required to access a bean from another bean. This additional security level is a WebSphere Application Server binding.

Before you can add a security role "run as" binding, first create a security role on the Assembly Descriptor page of the EJB deployment descriptor editor for an EJB module. Then you need to add a security identity on the Access page of the EJB deployment descriptor editor. This security identity must be set to use the identity of a security role. Then, in the application deployment descriptor editor, gather up the security roles and select the role that you created for your enterprise beans. This enables the Security Role Run as Bindings section in the application deployment descriptor editor.

This setting is a WebSphere Application Server binding for an enterprise application that allows you to specify a user ID and password that are required in order to execute an enterprise bean.

To add a user ID and password to a security role gathered from an EJB module:

1. Switch to the J2EE perspective.

2. In the Project Explorer view, right-click the desired enterprise application, and select Open With > Deployment Descriptor Editor from the pop-up menu.

3. On the Security page of the editor, select a security role that was gathered from an EJB module. The gathered security role must also be used as the identity of a security identity that you also specified in for the EJB module. When you select a valid security role, the Security Role Run As Bindings section is enabled.

4. Click the Add button next to the Security Role Run As Bindings section. The Add Security Role Run As Binding wizard opens.

5. Type a User ID and Password for the security role.

6. Click Finish. The "run as" binding for the selected security role is added.

For additional information about security roles, see the WebSphere Application Server documentation.