Set up BasicRegistry and role mapping on the Liberty profile
You can configure the Liberty profile to authenticate and authorize users by a basic user registry.
- Enable features appSecurity-2.0 and servlet-3 server.xml of the Liberty profile.
- Set user name and password.
<basicRegistry id="basic" realm="WebRealm"> <user name="Bob" password="bobpwd" /> </basicRegistry>
- Grant roles to users and groups...
<administrator-role> <user>Bob</user> <group>myAdmins</group> </administrator-role>
This step is done automatically when using the quickStartSecurity element.
- Use securityUtility to Encode the password within the configuration.
- Add additional users....
<basicRegistry id="basic" realm="WebRealm"> <user name="Bob" password="bobpwd" /> <user name="user1" password="user1pwd" /> <user name="user2" password="user2pwd" /> </basicRegistry>
- Create groups for users...
<basicRegistry id="basic" realm="WebRealm"> <user name="Bob" password="bobpwd" /> <user name="user1" password="user1pwd" /> <user name="user2" password="user2pwd" /> <group name="myAdmins"> <member name="Bob" /> <member name="user1" /> </group> <group name="users"> <member name="user1" /> <member name="user2" /> </group> </basicRegistry>
- Assign some users and groups to the testing role of an application.
<application type="war" id="myWebApp" name="myWebApp" location="${server.config.dir}/apps/myWebApp.war"> <application-bnd> <security-role name="testing"> <user name="Bob" /> <user name="user1" /> <group name="users" /> </security-role> </application-bnd> </application>
What to do next
Configure security-related elements in the deployment descriptor of the application.
Parent topic: Get started with securityConcepts: The limits to protection through password encryption