Configuring a basic user registry for Liberty

You can configure a basic user registry in Liberty for authentication.

About this task

You can use a basic user registry by defining the users and groups information for authentication on the Liberty server. To do this, you add the appSecurity-2.0 Liberty feature to the server.xml file, along with user information in the basicRegistry element.

Procedure

  1. Add the appSecurity-2.0 Liberty feature to the server.xml file.
  2. Optional: To use SSL, add the transportSecurity-1.0 Liberty feature in the server.xml file. See Enabling SSL communication in Liberty.
  3. Configure the basic registry for the server as follows:
    <basicRegistry id="basic" realm="customRealm">
         <user name="mlee" password="p@ssw0rd" />
         <user name="rkumar" password="pa$$w0rd" />
         <user name="gjones" password="{xor}Lz4sLCgwLTs=" />
         <group name="students">
             <member name="mlee" />
             <member name="rkumar" />
         </group>
    </basicRegistry>
    Notes:
    • You must use unique names for your users and groups.
    • Remove all trailing and leading spaces from the user and group names.
    • If user ID or password contains characters other than US-ASCII, make sure that the file is saved by using UTF-8 character encoding.
    • For distributed platformsIf you use the WebSphere┬« Application Server Developer Tools for Eclipse, the password is encoded for you automatically.
    • If you edit the server.xml file directly, you can use the securityUtility encode command to encode the password for each user. The securityUtility command-line tool is available in the $INSTALL_ROOT/bin directory. When you run the securityUtility encode command, you either supply the password to encode as an input from the command line or, if no arguments are specified, the tool prompts you for the password. The tool then outputs the encoded value. Copy the value output by the tool, and use that value for the password. For example, to encode the password GiveMeLiberty, run the following command:
      securityUtility encode GiveMeLiberty
    • There are several security configuration examples on the Open Liberty website for reference when configuring security for your applications on Liberty.