To control which users can access collections through your
enterprise search application or the content analytics miner, you
must associate user or user groups with the application by using access
control features of your web application server.
About this task
If you use WebSphere Application
Server,
you can use this procedure to control which users access specific
collections.
Procedure
To configure user access controls for a collection through WebSphere Application
Server:
- Associate application IDs with the collections they can
access.
- Add role names for the application ID to the web.xml file:
- Back up the application EAR file and then extract the
EAR file as a ZIP file.
For an enterprise search application,
the file is ES_NODE_ROOT/bin/search.ear. For
the content analytics miner, the file is ES_NODE_ROOT/bin/analytics.ear.
- Extract the search.war file as
a ZIP file.
- At the bottom of web.xml file in
the extracted application folder (such as search.ear/search.war/search/WEB-INF/web.xml),
locate the <security-role> entries.
- Add roles corresponding to all of your application ID
entries to the search/web.xml file.
A
role name must be APPID_ROLE__{AppID},
where AppID is an existing application ID. For example, if the application
ID is AppCol1, the role name is APPID_ROLE__AppCol1. You can check
the application IDs by looking at the ES_NODE_ROOT/master_config/searchapp/appid_mapping.xml file.
- Add role name entries corresponding to your application
IDs, and then save the web.xml file.
For example:
<security-role>
<role-name>APPID_ROLE__AppCol1</role-name>
</security-role>
<security-role>
<role-name>APPID_ROLE__AppCol2</role-name>
</security-role>
- Compress all files under the search folder with all
file selections and rename the file as search.war.
- Compress META-INF and the search.war file,
and rename the output as search.ear.
The
compressed folder structure must be same as the original EAR file.
- Update the application through the WebSphere Application
Server administration console:
- Open the WebSphere Application
Server administration
console, select the application, and click Update in .
- Specify the new EAR file with the option Replace
the entire application.
- Click Next and then click Finish.
After the configuration is saved, you can confirm that
the roles were successfully added by clicking the link View
Deployment Descriptor in the deployed application menu
().
- Map users to a specific application ID:
- Click the link Security role to user/group
mapping in the deployed application menu ().
- Select roles, including REGISTERED_USER and a newly
added APPID role such as APPID_ROLE__AppCol1, and other roles as needed.
The user that you map must also have the AllAuthenticated role.
- Click the menu Map users, select
the users to be mapped, click OK, and then
save the configuration.
- Log in to the enterprise search application (or content analytics
miner) as the mapped user.
- Restart the Watson Explorer Content Analytics system:
esadmin system stopall
esadmin system startall