The CICS® Liberty
Default Web Application verifies that the Liberty server is running.
The Default Web Application also provides information on the server
configuration. Users are able to browse the JVM Profile, the JVM server
logs, the Liberty server.xml, and the messages
log by using the FileViewer servlet.
Before you begin
Without application security enabled, full access to the Default
Web Application is available to all users. If you have autoconfigure
enabled and run with CICS security
(sec=yes), or you have manually configured your server.xml by
adding the cicsts:security-1.0
feature, your user
ID requires additional permissions to run the application. For access
to the Default servlet and basic information, you
need to be in the User role. For access to
the FileViewer servlet, you need to be in the Administrator role.
Procedure
- If you are using SAF authorization, and your server.xml contains
the
<safAuthorization .../>
element, you need
to create these profiles:
- To access the Default servlet, use
the following example:
RDEFINE EJBROLE BBGZDFLT.com.ibm.cics.wlp.defaultapp.User UACC(NONE)
PERMIT BBGZDFLT.com.ibm.cics.wlp.defaultapp.User CLASS(EJBROLE) ID(WLPSVRS) ACCESS(READ)
SETROPTS RACLIST(EJBROLE) REFRESH
- To access the FileViewer servlet,
use the following example:
RDEFINE EJBROLE BBGZDFLT.com.ibm.cics.wlp.defaultapp.Administrator UACC(NONE)
PERMIT BBGZDFLT.com.ibm.cics.wlp.defaultapp.Administrator CLASS(EJBROLE) ID(WLPSVRS) ACCESS(READ)
SETROPTS RACLIST(EJBROLE) REFRESH
- Alternatively, if you do not have SAF authorization configured,
then the default JEE role-based access is used.
- CICS provides a default authorization definition as shown
in the following configuration. Access to the Default servlet is
granted through the User role to the special
subject ALL_AUTHENTICATED_USERS, which means
all users are authenticated. By default CICS does not provide access
to the FileViewer servlet.
<authorization-roles id="com.ibm.cics.wlp.defaultapp">
<security-role name="User">
<special-subject type="ALL_AUTHENTICATED_USERS"/>
</security-role>
</authorization-roles>
- However, the default JEE role information can be customized
in server.xml by adding an authorization element
in the example that follows. This example extends the default configuration
by adding user2 into the Administrator role
and giving access to the FileViewer servlet.
<authorization-roles id="com.ibm.cics.wlp.defaultapp">
<security-role name="User">
<user name="user1"/>
<user name="user2"/>
</security-role>
<security-role name="Administrator">
<user name="user2"/>
</security-role>
</authorization-roles>
In this case, user1 can
access the Default servlet but not the FileViewer
servlet and user2 can access the Default
servlet and the FileViewer servlet.
Results
You have successfully configured the CICS Default Web Application.