![[레벨:9]](http://jazzlab.net/jazz/modules/point/icons/default/9.gif "포인트:8442point (67%), 레벨:9/30"){kind=icon}
풍차Create files with user information
- Create directory
D:\localAuth(or wherever you like). - Create file
users.propsin that directory. There is one line per user in this file. Each line contains userid, password, uid (numerical), groupIds(numerical), and optional description, separated by colons. For example (note trailing colon required in the case of no description):
lainhart:ADMIN:1:100:The UIDs are unique - the group ids map to ids described in
chaney:ADMIN:2:100:
groups.props.
- Create file
groups.propsin that directory. There is one line per group in this file. Each line contains groupName, groupId (numerical), comma-separated userid list (no spaces), group description separated by colons. See a good starting point for Jazz (including our four roles) below:
JazzAdmins:100:lainhart,chaney:JazzAdmins roleNotice that there is some redundant information here. In order to ensure that the user
JazzDWAdmins:200::JazzDWAdmins role
JazzUsers:300::JazzUsers role
JazzGuests:400::JazzGuests role
lainhart (e.g.) is a member of JazzAdmins, you need to add the JazzAdmins groupid (100) to users.props and you have to add lainhart to the JazzAdmins line in groups.props.
Set up security realm in WAS
- Log into the WAS console
-
Security->Secure administration, applications, and infrastructure - Select
Enable administrative securityandEnable application security. Do not selectJava 2 security. - Under
User account repository, selectStandalone custom registry. ClickConfigure. - Set the
Primary administrative user nameto a name that you defined inusers.propsabove (e.g. "lainhart" or "chaney"). - Choose
Automatically generated server identity - Leave default value of
com.ibm.websphere.security.FileRegistrySampleforCustom registry class name. - Click
Custom Properties - Add these two properties:
-
usersFile=D:/localAuth/users.props -
groupsFile=D:/localAuth/groups.props
-
- restart WAS
Role mapping for Jazz application
- Log into the WAS console
-
Applications->Enterprise Applications - Select the Jazz application
-
Security role to user/group mapping - For each of the four roles, select the table row by clicking the left checkbox, then click
Look up groups - Set
Search Stringto "*" and clickSearch - The four roles defined in groups.props should show up under
Available. Select the appropriate one and click on ">>". - Click "OK".
- Save changes.