Use this task to learn how to protect a web service operation
by using the sibwsauthbean.ear
file.
About this task
As is explained in general terms in Operation-level security: Role-based authorization, your target web service is protected by
wrapping it in an EAR file and applying role-based authorization to the EAR file. In this task, the
EAR file that contains your web service (your_webservice.ear
) is
imported into the sibwsauthbean.ear
file (which contains all of the protected web
services) and the sibwsauthbean.ear
file is modified to set the roles and assign
them to methods. This modified sibwsauthbean.ear
file is then deployed in WebSphere® Application Server and users are assigned to the previously defined roles.
Use an assembly tool to
complete the following steps:
Procedure
- Start the assembly tool, then open the Java™ EE
perspective.
- From the File menu select File > Import > EAR,
then browse to select your copy of the
sibwsauthbean
EAR
file. On the Project Explorer tab these projects
are created:
- An enterprise application project called
sibwsauthbean
- An EJB project called
Authorization
- From the File menu select File > Import > EAR,
specify a new EAR project name, then browse to select the
your_webservice
EAR
file. On the Project Explorer tab these projects
are created:
- An enterprise application project called
your_webservice
.
- An EJB project called
your_webservice ejb
.
- Select the EJB project
your_webservice ejb
,
then edit the EJB Deployment Descriptor. For every security
role that you want to create, repeat the following steps:
- On the Assembly tab, add the required security role
(for example READER).
- Use the Add Method Permission wizard to add one or more
method permissions to the security role.
- Save your changes.
- To import the enterprise application
your_webservice
into
the sibwsauthbean
EAR file, complete the following
steps:
- Select the enterprise application project
sibwsauthbean
,
then edit the EAR Deployment Descriptor.
- On the Module tab, add the
your_webservice ejb
enterprise
bean from the EJB project your_webservice ejb
.
- Save your changes.
- To ensure that the authorization enterprise bean can reference
the newly-imported enterprise bean, complete the following steps to
add an EJB reference:
- Select the EJB project
Authorization
,
then edit the EJB Deployment Descriptor.
- On the Reference tab, select the
Authorization
reference
then click Add. The Add Reference wizard is
displayed.
- Select EJB Reference > Next.
- Select the Enterprise beans in the workspace radio
button, then browse to select the
your_webservice ejb
enterprise
bean.
- Save your changes.
- To assign users to roles, complete the following steps:
- Select the enterprise application project
sibwsauthbean
,
then edit the EAR Deployment Descriptor.
- On the Security tab, select Gather.
For every security role that you want to assign, repeat the following
steps:
- Select a security role.
- Under WebSphere Bindings, select the required
access level from the following choices:
- Everyone
- All authenticated
- Users/Groups
- Export the enterprise application project
sibwsauthbean
as
an EAR file.
What to do next
You are now ready to install the modified copy of the sibwsauthbean
EAR
file as described in the final step of Password-protecting a web service operation.