Configuring security for a Liberty JVM server
You can use the CICS® Liberty security feature to authenticate users and authorize access to web applications through Java™ Platform, Enterprise Edition roles, providing integration with CICS transaction and resource security. You can also use CICS resource security to authorize the appropriate users to manage the lifecycle of both the JVMSERVER resource and Java web applications that are deployed in a CICS BUNDLE resource.
Before you begin
cicsts:security-1.0
, is to use the SAF registry.
The basic user registry (which is also used by quickStartSecurity
) is only suitable
for simple security testing. Be aware that if you configure and run with basic user registry and you
need to switch to cicsts:security-1.0
, you will need to delete the session
tokens.About this task
This task explains how to configure security for a Liberty JVM server and integrate Liberty security with CICS security.
The default transaction ID for running any web request is CJSA. However, you can configure CICS to run web requests under a different transaction ID by using a URIMAP of type JVMSERVER. Typically, you might specify a URIMAP to match the generic context root (URI) of a web application to scope the transaction ID to the set of servlets that make up the application. Or you might choose to run each individual servlet under a different transaction with a more precise URI.
Procedure
Results
cicsts:security-1.0
feature
is used, the web container is automatically configured to use the z/OS® Security feature of Liberty.
Additionally a SAF Registry is used for authentication, and Java Platform, Enterprise Edition
roles in an <application-bnd> element are respected for authorization.What to do next
- Configure Liberty application security authentication rules, see Authenticating users in a Liberty JVM server.
- Define authorization rules for web applications, see Authorizing users to run applications in a Liberty JVM server and JEE application role security.
- Modify the Liberty authentication cache.
For more information about using Secure Sockets Layer (SSL), see Configuring SSL (TLS) for a Liberty JVM server.