Kbase P101379: How to enable authentication for WSA Administration with Tomcat
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
19/12/2008 |
|
Status: Verified
GOAL:
How to enable authentication for WSA Administration with Tomcat
GOAL:
How to avoid a Web Service to be deployed from another machine by an unauthorized user
FACT(s) (Environment):
OpenEdge 10.x
All Supported Operating Systems
Tomcat 4.1
FIX:
1. Stop the Progress AdminServer as well as Tomcat.
2. Edit the tomcat-users.xml file located in [Tomcat Directory]\conf and add the entry:
<role rolename="myRole"/>
<user username="myUser" password="myPwd" fullName="" roles="myRole"/>
3. Enable security on WSA administration in the web.xml located in [Tomcat]\webapps\wsa\WEB-INF:
Comment the <security-constraint> tag out and add the new role 'myRole'.
<security-constraint>
<web-resource-collection>
<web-resource-name>wsa1 Admin</web-resource-name>
<url-pattern>/wsa1/admin/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>myRole</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
4. Declare which roles this application uses. After the </login-config> element add the following:
<!-- Security roles referenced by this web application -->
<security-role>
<role-name>myRole</role-name>
</security-role>
5. Modify the WSA instance's properties in the ubroker.properties on the machine where the WSA is installed:
adminauth=1
6. Add the new role in the ubroker.properties on the machine where the WSA is installed:
[AdminRole.myRole]
apps_defaults=read,write
apps_enable=read,write
apps_props=read,write
apps_stats=read,write
servlet_props=read,write
servlet_services=read,write,delete
servlet_stats=read,write
7. Restart the AdminServer and Tomcat
When listing, deploying, undeploying a Web Service, enter the user name 'myUser' and password 'myPassword' when required.