1. Manuals
  2. Brands
  3. Novell Manuals
  4. Software
  5. ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
  6. Manual

Configuring Applications On The Websphere Server; Configuring For Authentication; Configuring For Runas Roles - Novell ACCESS MANAGER 3.1 SP1 - AGENT GUIDE Manual

J2ee* agent guide
Hide thumbs
Table of Contents

Advertisement

<auth-constraint>
<role-name>authenticated</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description></description>
<role-name>authenticated</role-name>
</security-role>
The role must be declared with the
constraint.
4.3 Configuring Applications on the WebSphere
Server
Section 4.3.1, "Configuring for Authentication," on page 71
Section 4.3.2, "Configuring for RunAs Roles," on page 71

4.3.1 Configuring for Authentication

You need to create policies that deny access to the anonymous user. You can do this either with the
file within the
web.xml
access to the anonymous user by creating an authorization policy that denies access to anyone who
has not been assigned the
have this role, and users who have authenticated to Access Manager are automatically assigned this
role.
If you have pages that call Enterprise JavaBeans that are protected, you should assign a policy to
these pages that denies access to users who have not authenticated.
If you have WebSphere applications already deployed when you installed the J2EE Agent, you need
to run the wsadmin tool to update the agent with the security policies of the applications. For more
information, see
Section 9.7, "Authorization Fails in the WebSphere Application," on page 108

4.3.2 Configuring for RunAs Roles

An Enterprise JavaBean deployment descriptor can state that an Enterprise JavaBean must run with
a particular role. The the sample application (
descriptor:
<security-identity>
<run-as>
<role-name>Manager</role-name>
</run-as>
</security-identity>
Without configuring WebSphere to map a RunAs role to a user, WebSphere ignores this statement. If
a user is mapped to a RunAs role, the agent cannot know which J2EE roles the user has unless the
role is also mapped.
To configure mapping for RunAs roles, complete the following during WebSphere deployment:
1 Map the user or group to J2EE roles. This is Step 7 of the deployment process.
<security-role>
file or with Access Manager policies. In Access Manager, you deny
.war
role. Anonymous users who haven't authenticated do not
authenticated
PayrollApp.ear
tags when it is used inside a security
) includes such a statement in its
Preparing the Applications and the J2EE Servers
71

Advertisement

Table of Contents
loading

Related Manuals for Novell ACCESS MANAGER 3.1 SP1 - AGENT GUIDE

Related Content for Novell ACCESS MANAGER 3.1 SP1 - AGENT GUIDE

This manual is also suitable for:

Access manager 3.1 sp 1

Table of Contents