Security role to user/group mapping in WebSphere 7 with file-based user registry

security authentication websphere role

22,044

Solution 1

Okay, so apparently WAS7 has this bug where you can't save the stated configuration. I somehow managed to find a solution for my own question, and here it is: I created a file named ibm-application-bnd.xml in META-INF folder of my EAR which has a structure like this:

<?xml version="1.0" encoding="UTF-8"?>    
<application-bnd
    xmlns="http://websphere.ibm.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee
         http://websphere.ibm.com/xml/ns/javaee/ibm-application-bnd_1_0.xsd"
   version="1.0">

    <security-role name="operator">
        <user name="admin" />
        <group name="operator" />
    </security-role>
</application-bnd>

Seems to work alright.

Solution 2

This is a bit late but it does provide the most convenient solution to the problem. I tried it and it does work. http://www-01.ibm.com/support/docview.wss?uid=swg21383952 P.S.: Make sure you logout your administrative console if you're already loggen in before trying this solution.

Solution 3

Although my reply is a bit late, but may be helpful for people who still face the problem. I had the same problem using RAD 7.5 with WAS 7.0 where ok button was not visible after mapping role to user/group.

I changed my server's settings from 'Run server with resources in the workspace' to 'Run server with resources on server'. (its radio buttons and change is from work-space to server) and It worked for me.

Solution 4

Binding files is where the mapping information (like user mapping) are stored. It is obviously easier to work with admin console or wsadmin instead of touching the XML files directly. Also bear in mind that the way WAS works with DDs is subtle different.

The runtime picks up the binaries for the EAR from under the installedApps directory. The DD information is not picked up from the installedApps directory. It is picked up from the applications directory (under config). So if you are making changes to the DD files directly you would need to make changes to the copy under the config directory and not in the installed Apps.

HTH Manglu

View more solutions

22,044

Author by

Sergey

Updated on February 01, 2020

Comments

Sergey over 4 years

I am trying to make a form-based authentication. I configured my deployment descriptor correctly, did all the actions listed in IBM Infocenter related to "enabling user authentication using file-based registry only", mapped my users to appropriate roles, clicked OK, tested and it worked. But when I moved on to something else in the administrative console, I realised that there are no "OK", "Save" or "Apply" buttons in "Security role to user/group mapping", thus all my changes can take action only while I stay on that page, and as soon as I click a link in the console all the changes are instantly reset. I think it might be a bug in the console. Is there a solution to it? Perhaps a way to directly edit an xml file with these properties?

Thanks in advance.