Adding Users to the Certificate Realm
Adding Users to the Certificate Realm
Select the file realm to add users you want to enable to access applications running in
this realm. (For the example security applications, select the file realm.)
Select the admin-realm to add users you want to enable as system administrators of the
Application Server.
You cannot enter users into the certificate realm using the Admin Console. You can
only add certificates to the certificate realm. For information on adding (importing)
certificates to the certificate realm, read
7. Click the Manage Users button.
8. Click New to add a new user to the realm.
9. Enter the correct information into the User ID, Password, and Group(s) fields.
If you are adding a user to the file realm, enter the name to identify the user, a password
to allow the user access to the realm, and a group to which this user belongs. For more
information on these properties, read
For the example security applications, enter a user with any name and password you like,
but make sure that the user is assigned to the group of user.
If you are adding a user to the admin-realm, enter the name to identify the user, a
password to allow the user access to the Application Server, and enter asadmin in the
Group field.
10. Click OK to add this user to the list of users in the realm.
11. Click Logout when you have completed this task.
Adding Users to the Certificate Realm
In the certificate realm, user identity is set up in the Application Server security context and
populated with user data obtained from cryptographically-verified client certificates. For
step-by-step instructions for creating this type of certificate, see
Setting Up Security Roles
When you design an enterprise bean or web component, you should always think about the
kinds of users who will access the component. For example, a web application for a human
resources department might have a different request URL for someone who has been assigned
the role of DEPT_ADMIN than for someone who has been assigned the role of DIRECTOR. The
DEPT_ADMIN
role may let you view employee data, but the DIRECTOR role enables you to modify
employee data, including salary data. Each of these security roles is an abstract logical grouping
of users that is defined by the person who assembles the application. When an application is
deployed, the deployer will map the roles to security identities in the operational environment,
as shown in
Working with Realms, Users, Groups, and Roles
The Java EE 5 Tutorial · September 2007
782
