Configuring users for the web app on Apache Tomcat

Configure the users for the web app on an Apache Tomcat server by using these steps.

Before you begin

You must install Apache Tomcat, Rational® Publishing Engine, and the web app, and then deploy it before you can configure the users and the Java™ options.

About this task

For more information about how user names and passwords are stored, see Security considerations for IBM® Rational Publishing Engine.

The user roles should be defined for the rpeng application only, and not the dgaas application.

Review the web app roles:

Table 1. Web app user roles
Role	Capabilities
End user (`rpe_user`)	Can generate documents from the web app Can view output files and logs about their document generation jobs Can schedule document generation
Report designer (`rpe_report_designer`)	Can upload templates and style sheets into the web app Can assemble reports Can define data source connections Can mark reports as available or unavailable to other users Can generate documents from the web app Can view output files and logs about their document generation jobs Can schedule document generation
Administrator (`rpe_admin`)	Can access the Administer menu option Can monitor system health, view all running jobs, and assign runtime and environment variables Can generate documents from the web app Can upload templates and style sheets into the web app Can assemble reports Can define data source connections Can generate documents from the web app Can view output files and logs about their document generation jobs Can schedule document generation

Procedure

Open the Apache Tomcat Manager
- If you are running Apache Tomcat as a Windows service, open the Control Panel and, in the Apache Tomcat row, click Admin. Then click Manager App.
- If you are not running Apache Tomcat as a Windows service, open the Apache Tomcat Manager in a browser in the following format: http://server:port/manager/html
  Example: http://localhost:8080/manager/html.
Stop the deployed web app. In the Applications section, locate the rpeng.war application row and click Stop.
Open the web.xml file located in <Tomcat_install_dir>\webapps\rpeng\WEB-INF.

If the security constraints are not enabled in the web.xml file, uncomment the following section:

<security-constraint>
        <web-resource-collection>
            <web-resource-name>All</web-resource-name>
            <url-pattern>/api/*</url-pattern>
            <url-pattern>/home/*</url-pattern>
            <url-pattern>/license</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>PUT</http-method>
            <http-method>DELETE</http-method>
        </web-resource-collection>

        <auth-constraint>
            <role-name>rpe_user</role-name>
            <role-name>rpe_report_designer</role-name>
            <role-name>rpe_admin</role-name>
        </auth-constraint>
    </security-constraint>

Create Apache Tomcat users and roles for the web app.
1. Open the tomcat-users.xml file, which is located by default in $CATALINA_HOME\conf\tomcat-users.xml.
2. Add the following roles:
```
<role rolename="rpe_user" />
<role rolename="rpe_report_designer" />
<role rolename="rpe_admin" />  
```
3. Add at least one end user. Assign the end user the user roles. Example:
```
<user username="user" password="password" roles="rpe_user"/>
```
4. Optional: Add report designer users. Assign the report designer the user, and report designer roles. Example:
```
<user username="designer" password="password" roles="rpe_user,rpe_report_designer"/>
```
5. Add at least one administrator and assign the administrator both the administrator, user, and report designer roles. Example:
```
<user username="admin" password="password" roles="rpe_user,rpe_report_designer,rpe_admin"/>
```
Start the web app. In the Applications section of the Apache Tomcat Manager, locate the rpeng.war application row and click Start.

Feedback