You can specify security criteria
in the deployment descriptor
of your deployed project (web.xml) in two ways:
- By using
the Security Editor.
- By editing the web.xml in
the Deployment
Descriptor Editor.
The Security Editor is used in
this example because it provides
an easy way to specify and view security criteria.
Using
the Security Editor
You can use the
Security Editor to define the following things in
web.xml:
- Security roles
- Security constraints
- Authentication
method
From the Project Explorer in the EGL Rich UI
perspective,
open the Security Editor by double-clicking on the Security Editor icon
of your deployed project.
Defining security
roles
In JEE role-based
security, users must be assigned roles to access resources. Roles
are mapped to actual user registry entries.
- In the Create a
Security Role dialog, click OK.
- In
the Add Roles window, type user as the role name and click Add.
- Click Finish.
Defining security constraints
To specify
the resources that are protected and the roles that have access to
the resources, define a security constraint.
- In the Resources
pane, expand the folder with your project name,
Servlets, EGLRichUIProxy, and Servlet Mappings. Under Servlet Mappings,
you should see /___proxy.
- To secure the proxy and allow anyone
in the user role to access
the proxy, drag the user role from the Security Roles pane to /___proxy
in the Resources pane.
- To see the security constraints,
in the Resources pane, right
click on /___proxy (user) and click Assign Roles.
In the Select Roles window, select user and click Advanced>>>.
You should see the userConstraint security constraint that is mapped
to user, which specifies how you can access the /___proxy secure resource.
The userConstraint security constraint contains the default HTTP method
access (GET, PUT, HEAD, TRACE, POST, DELETE, OPTIONS). Click OK.
To change the defaults for your security constraints, in the Security
Editor, click Security Preferences.
Selecting an authentication method
To specify
an authentication method:
- Click Authentication.
- For the authentication method, click BASIC.
- To name the example, type Sample registry.
- Click OK.
- Save your changes and close the Security Editor.
Defining a user data constraint
A user data
constraint specifies how data is protected while it is in transit
between a client and server. If you do not want to use the default
user data constraint (NONE), you must specify the user data constraint
directly into the web.xml because that information is not available
from the Security Editor.
You can set a user data constraint
to a value of NONE, INTEGRAL, or CONFIDENTIAL. An INTEGRAL value
guarantees content integrity, preventing tampering of messages in
transit between a client and server. A CONFIDENTIAL setting guarantees
confidentiality, preventing reading of data by others during the transfer.
If you use a value of INTEGRAL or CONFIDENTIAL, requests must be
submitted over SSL.
To specify a user data constraint in the
web.xml:
- From the EGL Rich UI perspective, open the deployment descriptor
of your deployed project by double-clicking on the deployment descriptor.
- Select the Security tab.
- Under Security Constraints,
click userConstraint.
- To require that
requests be submitted over SSL, under User Data
Constraint, select INTEGRAL or CONFIDENTIAL.