You can use the <quickStartSecurity> element
to quickly enable a simple (one user) security setup for the Liberty
profile.
About this task
You can set up a secured Liberty profile server and web
application by following some basic configuration steps. Configuration
actions within the Liberty profile are dynamic, which means the configuration
updates take effect without having to restart the server.
Procedure
- Create and start your server.
- Include the appSecurity-2.0 and servlet-3.0 features
in the server.xml file.
The server.xml file
is in the server directory of myNewServer, for
example, wlp\usr\servers\myNewServer\server.xml.
<featureManager>
<feature> appSecurity-2.0</feature>
<feature>servlet-3.0</feature>
</featureManager>
- Define the user name and password that is to be granted
the Administrator role for server management activities.
<quickStartSecurity userName="Bob" userPassword="bobpwd" />
Note: Choose
a user name and password that are meaningful to you. Never use the
name and password in the example for your applications.
- Configure the deployment descriptor with relevant security
constraints to protect web resource. For example, use <auth-constraint> and <role-name> elements
to define a role that can access web resource.
The following
example
web.xml file shows that access to all
the URIs in the application is protected by the
testing role.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app id="myWebApp">
<!-- SERVLET DEFINITIONS -->
<servlet id="Default">
<servlet-name>myWebApp</servlet-name>
<servlet-class>com.web.app.MyWebAppServlet</servlet-class>
<load-on-startup/>
</servlet>
<!-- SERVLET MAPPINGS -->
<servlet-mapping id="ServletMapping_Default">
<servlet-name>myWebApp</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<!-- SECURITY ROLES -->
<security-role>
<role-name>testing</role-name>
</security-role>
<!-- SECURITY CONSTRAINTS -->
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>testing</role-name>
</auth-constraint>
</security-constraint>
<!-- AUTHENTICATION METHOD: Basic authentication -->
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
</web-app>
- Configure your application in the server.xml file.
In the following example, the user
Bob is
mapped to the
testing role of the application:
<application type="war" id="myWebApp" name="myWebApp"
location="${server.config.dir}/apps/myWebApp.war">
<application-bnd>
<security-role name="testing">
<user name="Bob" />
</security-role>
</application-bnd>
</application>
- Access your application and log in with the user name Bob. The default URL for the myWebApp application
is http://localhost:9080/myWebApp
Results
You have now secured your application.