Consultor Eletrônico

Status: Unverified

GOAL:

How to enable WSA authentication with Tomcat?

GOAL:

How to prevent unauthorized users from accessing a Web Service?

FACT(s) (Environment):

OpenEdge 10.x
Web Services
Tomcat

FIX:

1. Stop the Progress AdminServer as well as Tomcat.

2. Edit the tomcat-users.xml file located under the [Tomcat Directory]\conf directory and add the entry:

<role rolename="myRole"/>
<user username="myUser" password="myPwd" fullName="" roles="myRole"/>
3. Enable security on Web Service applications within the web.xml located under the [Tomcat]\webapps\wsa\WEB-INF directory:
Uncomment the <security-constraint> tag for the URL "/wsa1/*" and add the new role 'myRole'.
<security-constraint>
<web-resource-collection>
<web-resource-name>wsa1 Web Services</web-resource-name>
<url-pattern>/wsa1/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>myRole</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
4. Declare which roles this application uses. After the </login-config> element add the following:

<!-- Security roles referenced by this web application -->
<security-role>
<role-name>myRole</role-name>
</security-role>
5. Modify the WSA instance's (wsa1) properties in the ubroker.properties on the machine where the WSA is installed:

appAuth=1
6. Add the new role in the ubroker.properties on the machine where the WSA is installed:
[AdminRole.myRole]
apps_defaults=read,write
apps_enable=read,write
apps_props=read,write
apps_stats=read,write
servlet_props=read,write
servlet_services=read,write,delete
servlet_stats=read,write

7. Restart the AdminServer and Tomcat

8. Use the -SOAPEndpointUserid myUser and -SOAPEndpointPassword myPwd parameters within the 4gl's CONNECT method when writing the code to connect to a Web Service deployed under the wsa1 Web Services Adapter.