You can configure Liberty to
authenticate and authorize users by using a basic user registry.
For the latest
documentation about Liberty default role
mapping, see the Open Liberty website.
About this task
You can set up a basic user registry and configure more role mapping in the
server.xml file for a Liberty server by going through the following
steps.
Procedure
-
Configure the basic registry as follows. Use a user name and password that are meaningful to
you. Never use the name and password from this example in your applications.
<basicRegistry id="basic" realm="WebRealm">
<user name="Bob" password="bobpwd" />
<user name="John" password="johnpwd" />
</basicRegistry>
- Optional:
Grant the user or group an administrative role if the user, or group of users, is used to
perform remote system management activities. This step is done automatically when using the
quickStartSecurity
element or may
be accomplished by adding the administrator-role
element to the
server.xml file as shown.
<administrator-role>
<user>Bob</user>
<group>myAdmins</group>
</administrator-role>
<reader-role>
<user>John</user>
</reader-role>
-
Encode the password within the configuration. You can get the encoded value by using the securityUtility encode task.
- Optional:
Add additional users. Make sure that each user name is unique.
<basicRegistry id="basic" realm="WebRealm">
<user name="Bob" password="bobpwd" />
<user name="John" password="johnpwd" />
<user name="user1" password="user1pwd" />
<user name="user2" password="user2pwd" />
</basicRegistry>
-
Create groups for users. Make sure that each group name must be unique.
<basicRegistry id="basic" realm="WebRealm">
<user name="Bob" password="bobpwd" />
<user name="John" password="johnpwd" />
<user name="user1" password="user1pwd" />
<user name="user2" password="user2pwd" />
<group name="myAdmins">
<member name="Bob" />
<member name="user1" />
</group>
<group name="users">
<member name="user1" />
<member name="user2" />
</group>
</basicRegistry>
-
Assign some users and groups to the
testing
role of an application.
<application type="war" id="myWebApp" name="myWebApp"
location="${server.config.dir}/apps/myWebApp.war">
<application-bnd>
<security-role name="testing">
<user name="Bob" />
<user name="user1" />
<group name="users" />
</security-role>
</application-bnd>
</application>
What to do next
Configure security-related elements in the deployment descriptor of your application.
See Getting started with security in Liberty for a sample web.xml
file.