Show TOC

Creating Application Roles for Web AccessLocate this document in the navigation structure

Use

You create a J2EE role and map it to an existing UME role on the AS Java to protect Web access to your application. Only users and/or groups of users who have the UME role assigned to them can access the application.

Procedure

To create the J2EE role for an application, proceed as follows:

  1. Open the web.xml file.

  2. Create the role as shown below:

                      <security-role>
                  <role-name>MyApplicationRole</role-name>
                  </security-role>

  3. Save the file.

To map the J2EE role to a UME role, proceed as follows:

  1. Open the web-j2ee-engine.xml deployment descriptor file.

  2. Map the roles as shown below:

                      <security-role-map>
                  <role-name>MyApplicationRole</role-name>
                  <server-role-name>ApplicationUsers</server-role-name>
                  </security-role-map>

  3. Save the file.

Note

You can also protect access to individual EJB methods. By doing this you can specify different levels of access to your application and have different users or groups of users with different rights over the application.

For example, you can define two groups: Administrators and Users where the Administrators can add, change or delete the data that an application stores, and the Users can only view the data in the application.

To protect individual EJB methods you use Java annotations. More information: Specifying Security .

Result

After you deploy the application, the system assigns the J2EE role to the UME role which you specified in the deployment descriptor.

Caution

Before you deploy the application, make sure that the administrator of the target system has created the UME role which you specify in the deployment descriptor. If the role is missing, no mapping occurs.

More information: Managing Users, Groups, and Roles .