Assigning Administrator Permissions
Use
You need to have administrator permissions to work with the MBean Server (recall Registering the MBean ). Therefore, you have to introduce a security role and map it to the administrators group in the AS Java.
Procedure
- Declare the security role MBeanCreator and state that the BankServlet and the PropertiesReaderServlet must run in this role:
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <web-app> <display-name>Bank</display-name> <description>Bank</description> <servlet> <servlet-name>com.sap.engine.bank.BankServlet</servlet-name> <servlet-class>com.sap.engine.bank.BankServlet</servlet-class> <run-as> <role-name>MBeanCreator</role-name> </run-as> </servlet> <servlet> <servlet-name>com.sap.engine.bank.PropertiesReaderServlet</servlet-name> <servlet-class>com.sap.engine.bank.PropertiesReaderServlet</servlet-class> <run-as> <role-name>MBeanCreator</role-name> </run-as> </servlet> <servlet-mapping> <servlet-name> com.sap.engine.bank.BankServlet </servlet-name> <url-pattern> /bank </url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name> com.sap.engine.bank.PropertiesReaderServlet </servlet-name> <url-pattern> /properties </url-pattern> </servlet-mapping> <security-role> <description>Creator of MBeans</description> <role-name>MBeanCreator</role-name> </security-role> </web-app>
- In the web-j2ee-engine.xml, map the MBeanCreator security role to the AS Javaadministrators group:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE web-j2ee-engine SYSTEM "web-j2ee-engine.dtd"> <web-j2ee-engine> <security-role-map> <role-name> MBeanCreator </role-name> <server-role-name> administrators </server-role-name> </security-role-map> </web-j2ee-engine>