Defining Web Application Security Roles

You define security roles in your Web application to group its users logically. You then specify the mapping of these application security roles to existing server security roles that are set up in the Security Provider Service of the J2EE Engine.

You define the application security roles using both of the Web application's deployment descriptors:

• Define the name of the application-scoped security roles in the web.xml;
• Map the above roles to server security roles in the web-j2ee-engine.xml.

On the web.xml screen, proceed as follows to define a security role:

1. Open the Security Roles screen.
2. Select SecurityRoles and choose Add to add a new security role.
3. Enter the name of the security role in the Role Name field.
4. Optionally, enter a description of the security role in the Description field.

   After this step, you have already defined your application security role. Make sure you save the changes that you made to the web.xml descriptor. You perform the next steps on the web-j2ee-engine.xml screen.

5. Open the Security screen.
6. Expand the security roles tree node and select your security role.
7. Choose one of the two options to map this role to server security roles:
   • Choose Role based mapping. This implies that you map your security role to a server security role that is already defined by the Security Provider Service. Enter the name of the server security role in the Server role name field. For more information about security roles in Security Provider Service, see Security Roles Management in the Administration Manual.
   • Choose No mapping. This implies that your application will be deployed without mapping the security role it defines to a real server security role. You have to do this exclusively after the application deployment process is finished. To do this, use the means provided by the Security Provider Service as described in Security Roles Management in the Administration Manual.