Getting started with security in the Liberty profile

You can use the <quickStartSecurity> element to quickly enable a simple (one user) security setup for the Liberty profile.

About this task

You can set up a secured Liberty profile server and web application by following some basic configuration steps. Configuration actions within the Liberty profile are dynamic, which means the configuration updates take effect without having to restart the server.

Procedure

  1. Create and start your server.
    • For Windows platforms On Windows systems:
      server.bat create MyNewServer 
server.bat start MyNewServer
    • For LINUX platforms On all systems other than Windows systems:
      server create MyNewServer 
server start MyNewServer
  2. Fix Pack 8550 Include the appSecurity-2.0 and servlet-3.0 features in the server.xml file.

    The server.xml file is in the server directory of myNewServer, for example, wlp\usr\servers\myNewServer\server.xml.

    <featureManager>
     <feature>Fix Pack 8550 appSecurity-2.0</feature>
     Fix Pack 8550 <feature>servlet-3.0</feature>
</featureManager>
  3. Define the user name and password that is to be granted the Administrator role for server management activities. 
    <quickStartSecurity userName="Bob" userPassword="bobpwd" />
    Note: Choose a user name and password that are meaningful to you. Never use the name and password in the example for your applications.
  4. Configure the deployment descriptor with relevant security constraints to protect web resource. For example, use <auth-constraint> and <role-name> elements to define a role that can access web resource.
    The following example web.xml file shows that access to all the URIs in the application is protected by the testing role.
    <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
                         "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app id="myWebApp">

 <!-- SERVLET DEFINITIONS -->
 <servlet id="Default">
    <servlet-name>myWebApp</servlet-name>
    <servlet-class>com.web.app.MyWebAppServlet</servlet-class>
    <load-on-startup/>
 </servlet>

 <!-- SERVLET MAPPINGS -->        
 <servlet-mapping id="ServletMapping_Default">
    <servlet-name>myWebApp</servlet-name>
    <url-pattern>/*</url-pattern>
 </servlet-mapping>

 <!-- SECURITY ROLES -->
 <security-role>
    <role-name>testing</role-name>
 </security-role>

 <!-- SECURITY CONSTRAINTS -->
 <security-constraint>
    <web-resource-collection>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>testing</role-name>
    </auth-constraint>
 </security-constraint>

 <!-- AUTHENTICATION METHOD: Basic authentication -->
 <login-config>
    <auth-method>BASIC</auth-method>
 </login-config> 

</web-app>
  5. Configure your application in the server.xml file.
    In the following example, the user Bob is mapped to the testing role of the application:
     <application type="war" id="myWebApp" name="myWebApp" 
              location="${server.config.dir}/apps/myWebApp.war">
     <application-bnd>
         <security-role name="testing">
              <user name="Bob" />
         </security-role>
     </application-bnd>
 </application>
  6. Access your application and log in with the user name Bob. The default URL for the myWebApp application is http://localhost:9080/myWebApp

Results

You have now secured your application.

Subtopics

Parent topic: Securing the Liberty profile and its applications
Related tasks:
Fix Pack 8550 Enabling secure JMS messaging for the Liberty profile

Icon that indicates the type of topic Task topic
Terms and conditions for information centers | Feedback


Timestamp icon Last updated: Wednesday, 22 May 2013
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-nd-mp&topic=twlp_sec_quickstart
File name: twlp_sec_quickstart.html