Re: Protected webpages - how ?

Securing Web pages and servlets in WebSphere Application Server is a wee
bit more complicated than protecting pages in HTTP.
If you search the Help for security you will come across a link to the
WebSphere 5.0 WebSphere Security Handbook.  This 400+ page 'handbook' will
tell you pretty much all, and a lot more, of what you need to know.

Basically, you have to enable security in the server.  Part of that
enablement is indicating which registry to use for authentication; Local
OS, LDAP, or custom. (tip: when you enable Global security, be sure to
disable Java 2 security until you're ready for, or need it). In the WTE,
double-click on the server configuration and select Enable security on the
Security tab.  In this case, you would specify the userid/pwd of your
workstation.

Then, you need to secure your application by defining security constraints
(those things you want to protect), and security roles, (who can perform
the operations).  This is done in the web.xml and the EAR xml.  The
simplest is to secure everything (set the URL to /*), and allow any one who
can sign on (All Authenticated), and to select Basic authentication on the
Pages tab of web.xml.  At deployment time, you map roles to 'real' people
or groups in the registry.

All of this can be done in the WTE for testing.


Larry Schweyer
iSeries AD, IBM Toronto Lab
schweyer@xxxxxxxxxx
(905)413-4084 Tie-line: 969-4084




                                                                           
             "Paul Nicolay"                                                
             <Paul.Nicolay@Pan                                             
             dora.be>                                                   To 
             Sent by:                  "'Websphere Development Studio      
             wdsci-l-bounces@m         Client for iSeries'"                
             idrange.com               <wdsci-l@xxxxxxxxxxxx>              
                                                                        cc 
                                                                           
             06/21/2004 04:09                                      Subject 
             PM                        [WDSCI-L] Protected  webpages - how 
                                       ?                                   
                                                                           
             Please respond to                                             
                 Websphere                                                 
                Development                                                
             Studio Client for                                             
                  iSeries                                                  
                                                                           
                                                                           




Hi,

How do I setup my webproject so that WDSC requires a user to logon ?

Normally I do this inside Apache on iSeries, but now I'm fully testing this
on WDSC, and my request.getRemoteUser() is always returning null.

I already tried with specifying Basic authentication on the pages, but I'm
still missing something and the whole security tab is not clear to me.

Kind regards,
Paul

_______________________________________________
This is the Websphere Development Studio Client for iSeries  (WDSCI-L)
mailing list
To post a message email: WDSCI-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/wdsci-l
or email: WDSCI-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/wdsci-l.