Mapping Application Roles
Mapping Application Roles
To set up users for this example application, follow these steps:
1. Using the Admin Console, create a user in the file realm of the Application Server and
assign that user to the group user. Make sure to note the user name and password that you
enter in this step so that you can use it for testing the application later (these fields are
case-sensitive). If you need help with the steps required to accomplish this task, read
for more information.
2. Map the application security role of loginUser to the group of user that has been
configured on the Application Server. For more information on how to do this mapping,
read
Mapping Application Roles to Application Server Groups
Map the role of loginUser defined in the application to the group of user defined on the
Application Server by adding a security-role-mapping element to the sun-web.xml runtime
deployment descriptor file. To deploy a WAR on the Application Server, the WAR file must
contain a runtime deployment descriptor. The runtime deployment descriptor is an XML file
that contains information such as the context root of the web application and the mapping of
the portable names of an application's resources to the Application Server's resources.
The runtime deployment descriptor for this example,
tut-install/javaeetutorial5/examples/web/hello1_formauth/web/WEB-INF/sun-web.xml,
looks like this:
<?xml version=
"1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN"
"http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
<sun-web-app>
<context-root>/hello1_formauth
</context-root>
<security-role-mapping>
<role-name>loginUser</role-name>
<group-name>user</group-name>
</security-role-mapping>
</sun-web-app>
Examples: Securing Web Applications
Chapter 30 · Securing Web Applications
873
