As is explained in general terms in Operation-level security - role-based authorization,
your target Web service is protected by wrapping it in an EAR file and applying
role-based authorization to the EAR file. In this task, the EAR file that
contains your Web service (your_webservice.ear)
is imported into the sibwsauthbean.ear file (which contains
all of the protected Web services) and the sibwsauthbean.ear file
is modified to set the roles and assign them to methods. This modified sibwsauthbean.ear
file is then deployed in WebSphere Application Server and users are assigned
to the previously defined roles.
Use an assembly tool such as the Application Server
Toolkit (AST) or Rational Web Developer to complete the following steps:
- Start the assembly tool then open the J2EE
perspective.
- From the File menu select File > Import > EAR, then browse
to select your copy of the sibwsauthbean EAR file. On the Project Explorer tab these projects are created:
- An enterprise application project called sibwsauthbean
- An EJB project called Authorization
- From the File menu select File > Import > EAR, specify
a new EAR project name, then browse to select the your_webservice EAR
file. On the Project Explorer tab these projects are created:
- An enterprise application project called your_webservice.
- An EJB project called your_webservice ejb.
- Select the EJB project your_webservice ejb,
then edit the EJB Deployment Descriptor. For every security role that
you want to create, repeat the following steps:
- On the Assembly tab, add the required security role (for example
READER).
- Use the Add Method Permission wizard to add one or more method
permissions to the security role.
- Save your changes.
- To import the enterprise application your_webservice into
the sibwsauthbean EAR file, complete the following steps:
- Select the enterprise application project sibwsauthbean,
then edit the EAR Deployment Descriptor.
- On the Module tab, add the your_webservice ejb enterprise
bean from the EJB project your_webservice ejb.
- Save your changes.
- To ensure that the authorization enterprise bean can reference
the newly-imported enterprise bean, complete the following steps to add an
EJB reference:
- Select the EJB project Authorization, then
edit the EJB Deployment Descriptor.
- On the Reference tab, select the Authorization reference
then click Add. The Add Reference wizard is displayed.
- Select .
- Select the Enterprise beans in the workspace radio button,
then browse to select the your_webservice ejb enterprise
bean.
- Save your changes.
- To assign users to roles, complete the following steps:
- Select the enterprise application project sibwsauthbean,
then edit the EAR Deployment Descriptor.
- On the Security tab, select Gather. For every security
role that you want to assign, repeat the following steps:
- Select a security role.
- Under WebSphere Bindings, select the required access level from
the following choices:
- Everyone
- All authenticated
- Users/Groups
- Export the enterprise application project sibwsauthbean as
an EAR file.