Example: Using BasicRegistry and role mapping on Liberty

You can configure Liberty to authenticate and authorize users by using a basic user registry.

Open Liberty For the latest documentation about Liberty default role mapping, see the Open Liberty website.

Before you begin

The Liberty features appSecurity and servlet-3.0 must be enabled in the server.xml file.

For more information about security, see Quick overview of security.

For more information about the security configuration in Liberty, see Getting started with security in Liberty.

About this task

You can set up a basic user registry and configure more role mapping in the server.xml file for a Liberty server by going through the following steps.

Procedure

  1. Configure the basic registry as follows. Use a user name and password that are meaningful to you. Never use the name and password from this example in your applications. 
    <basicRegistry id="basic" realm="WebRealm">
		<user name="Bob" password="bobpwd" />
             <user name="John" password="johnpwd" />
</basicRegistry>
  2. Optional: Grant the user or group an administrative role if the user, or group of users, is used to perform remote system management activities. This step is done automatically when using the quickStartSecurity element or may be accomplished by adding the administrator-role element to the server.xml file as shown. 
    <administrator-role>
   <user>Bob</user>
   <group>myAdmins</group>
</administrator-role>
    <reader-role>
   <user>John</user>
</reader-role>
  3. Encode the password within the configuration. You can get the encoded value by using the securityUtility encode task.
  4. Optional: Add additional users. Make sure that each user name is unique. 
    <basicRegistry id="basic" realm="WebRealm">
	  <user name="Bob" password="bobpwd" />
        <user name="John" password="johnpwd" />
		<user name="user1" password="user1pwd" />
		<user name="user2" password="user2pwd" />
</basicRegistry>
  5. Create groups for users. Make sure that each group name must be unique. 
    <basicRegistry id="basic" realm="WebRealm">
	  <user name="Bob" password="bobpwd" /> 
         <user name="John" password="johnpwd" />
	   <user name="user1" password="user1pwd" />
         <user name="user2" password="user2pwd" />
		
       <group name="myAdmins">
          <member name="Bob" />
          <member name="user1" />
       </group>
		
       <group name="users">
          <member name="user1" />
          <member name="user2" />
       </group>
</basicRegistry>
  6. Assign some users and groups to the testing role of an application. 
    <application type="war" id="myWebApp" name="myWebApp"
             location="${server.config.dir}/apps/myWebApp.war">
   <application-bnd>
       <security-role name="testing">
           <user name="Bob" />
           <user name="user1" />
           <group name="users" />
       </security-role>
   </application-bnd>
</application>

What to do next

Configure security-related elements in the deployment descriptor of your application. See Getting started with security in Liberty for a sample web.xml file.