1 / 17

Securing Your Application With WebSphere Security

Securing Your Application With WebSphere Security. You will need to develop Login procedures for your web applications. This short section describes how to do this for WebSphere Application Servers, connected to an authentication Server such as LDAP – or any other security realm

darryl-burgess
Download Presentation

Securing Your Application With WebSphere Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing Your Application With WebSphere Security You will need to develop Login procedures for your web applications. This short section describes how to do this for WebSphere Application Servers, connected to an authentication Server such as LDAP – or any other security realm Note that this is an involved lab – that will take at least an hour. Ideally you should get assistance from your WebSphere administrator, before starting.

  2. WebSphere Security - Overview • You will perform the following tasks, to enable WebSphere security for your project: • Create a Login Page – that conforms to the WebSphere Security requirements • (Optionally) Create an Error page – that can be specified to your WAR file, as the page to automatically re-direct to, when a Login error occurs • Enable security for your WebSphere Application Server • Enable security for your WAR (web.xml) file • Enable security for your WebSphere Server Configuration • Setup security for your Enterprise Application Resource (EAR) file • Code your EGL calls to J2EELIB – to: • Return the user-ID • Determine if the user is in a particular role • In this lab, we will show you how to enable WebSphere for Local operating system security. If you wanted to actually integrate LDAP, RACF or any other security “realm” your WebSphere administrator would have to assist you with this. WARNING – In fact, you should probably obtain assistance from your WebSphere administrator before starting this section. Because: • These processes are complex – a great deal of security semantics are involved • You could actually – if you make mistakes in doing this, you could conceivably cause WebSphere to not be able to boot. Period.

  3. 1. WebSphere and LDAP Security – Create Login and Error Pages • WebSphere requires that you define a .JSP page, that calls WebSphere internal methods passing specific-named variables as parameters within the form. • At this point in time, this can not be an EGL/JSF page (it must be .JSP/Java) • In the Notes section of this slide we’ve given you an example of such a page. To implement in your project: • Create a new page in \WebContent\ named: login.jsp • From the notes section of this slide, copy and paste all of the .JSP and HTML source • Using Page Designer, edit your login.jsp in Source mode • Select all of the existing source (Ctrl/A) • Paste your copied source in (Ctrl/V) • Save and test by running the page on the server

  4. 2. WebSphere and LDAP Security – Server Security Overview • Next you will setup the WebSphere Server to enable Security on a given “realm” • The Security realm could be: • RACF • LDAP • Local operating system • The Security realm authenticates the User-ID/Password combination passed to it, by WebSphere • In this section you will: • Define a Security configuration for using your local operating system as the Security realm • Enable WebSphere for Security Login Page • WebSphere • Security Sends User-ID/Password to… LDAP …or… Security Realm Which connects to… LDAP Database Which performs authentication

  5.  Login to the WebSphere Administrative Console • With WebSphere started: • From the Servers tab, right-click over your Server configuration and select • Run Administrative Console • Login

  6. Setup WebSphere Local Operating System Security – 1 of 3 With WebSphere started: • From the Security tab • Click: Secure administration, applications and infrastructure • From Available realm definitions, select Local operating system • Click: Configure

  7.  Setup WebSphere Local Operating System Security – 2 of 3 From Secure administration, applications and infrastructure • Specify the Primary administrative user name • Note that this would be your Windows login user name. • Click OK • Note that if WebSphere cannot find the user name in the Windows registry you will not be able to continue

  8.  Setup WebSphere Local Operating System Security – 3 of 3 From Secure administration, applications and infrastructure • Check: Enable administrative security • Un-check Use Java 2 security • Click Apply • Click Save From the top of the Administration Console • Logout From the Servers tab • Restart WebSphere ***Notes

  9.  3. Secure the WAR (web.xml) File – 1 of 4 – Add a Security Role • Now you will add one or more Security Roles to your WAR (web.xml) file • (example: user, admin, manager, etc.). • You will then add one or more Security Constraints – and for each constraint, you will specify: • Web resource collection – Essentially, these are constraint rules, or what a defined constraint allows an application user to “do” • Authorized users – which of the Security Roles is assigned to the constraint – effectively limiting individuals who login to the application to be able to “do” what you want them to (and only what you want them to  ) • From Project Explorer – Expand \WebContent\WEB-INF\ and open web.xml • From the Security tab, Add… one or more Security roles

  10.  Secure the WAR (web.xml) File – 2 of 4 – Add a Security Constraint • From the Security Constraints part of the Security tab • Click Add… • Name your Security Constraint • From the Web resource collection part of the Security tab (with your new Constraint selected): • Click Add… • From Add Web Resource: • Name the resource • Leave all the checkboxes un-checked • From the Pattern area • Click Add.. • Specify: /* ***Notes

  11.  Secure the WAR (web.xml) File – 3 of 4 – Add Authorized Roles • From the Authorized Roles part of the Security tab (with your constraint selected) • Click Add… • Type a Description • Check the Role Names you wish to add to this web application

  12.  Secure the WAR (web.xml) File – 4 of 4 – Add a Security Constraint • From the Pages tab – within the Login section: • Open the Authentication method: • Select Form • For the Login and Error pages: • Click Browse… • Select login.jsp • Save and close web.xml

  13.  4. Enable Security for Your WebSphere Server Configuration • From your Servers tab, Double-click on your WebSphere Server to open the server settings • Click the Security “twisty” • Check:  Security is enabled on this server, and enter your Windows logon User ID and Password values • Close …and… • Save ***Notes

  14.  5. Setup Security for Your EAR File • From Project Explorer – open the EAR file’s Deployment Descriptor, and from the Security tab: • Click Gather… • Check:  All authenticated users • Close …and… • Save

  15.  5. Code Calls to the Security – 1 of 2 • From Project Explorer – open any jsfhandler .EGL file (here we are using allcustomers.egl) • Add: • A String variable for the userID • A Boolean variable for isUserInRole(…) • Calls to the j2eelib. functions • Save your edits • From Page Designer/Page Data • Select both variables • Drag them on to the page • Restart the Server • Run the page on the server

  16.  5. Code Calls to the Security – 2 of 2 • Your Security form should be invoked. • After you login successfully, the page you ran on the server should be invoked • If your login fails, WebSphere should redirect to your Login Error Page • Note the new WebSphere port – for secured applications

  17. LDAP Example – From the Samples Gallery If you are actually working with your WebSphere Administrator to hook LDAP into your project, from the product Help, open the Sample Gallery, and follow the steps therein, for an excellent, tutorial example.

More Related