Map the administrator role for the Liberty profile

JMX methods and MBeans accessed through the REST connector are currently protected by a single role named "administrator".

• Use the LDAP registry for administrator role mapping. Before setting, add the ldapRegistry-3.0 feature to server.xml.

   
  <ldapRegistry id="basic" 
                host="" 
                port="">
       <tds.properties ... />
   </ldapRegistry>
  
   <administrator-role>
       <user>cn=bob,o=ibm,c=us</user>
   </administrator-role>

• Use quickStartSecurity element for a minimal single-user mapping...

    
  <featureManager>
       <feature>restConnector-1.0</feature>
     </featureManager>
     <quickStartSecurity userName="bob"  userPassword="bobpassword" />
     <keyStore id="defaultKeyStore" password="keystorePassword"/>

• Use the basic registry for administrator role mapping.

  <basicRegistry>
       <user name="bob" password="bobpassword"/>
       <user name="joe" password="joepassword"/>
       <group name="group1" ...>
       </group>
   </basicRegistry>
  
   <administrator-role>
       <user>bob</user>
       <group>group1</group>
   </administrator-role>

Parent topic: Configure secure JMX connection to the Liberty profile

Tasks:

Access local and JMX REST connectors

Reference:

Configuration elements in server.xml