Try OpenEdge Now
skip to main content
Administration
REST Administration : REST Management Agent and REST Web Application Security Configurations : Working with security configurations : Adding and modifying a user
 
Adding and modifying a user
After having chosen a security configuration model for the REST Management Agent or the REST Web application, you can add, remove, modify users and user authentication settings using the users.properties file in the WEB-INF folder of the REST Management Agent or the REST Web application in your Web server directory.
For more information on the location of the REST Management Agent, see Installing and Configuring REST Management Agent. For more information choosing and applying security configuration model, see Choosing and applying a security configuration.
The following sample illustrates the editing operations using the users.properties file:
restmgr=password,ROLE_PSCAdmin,ROLE_PSCOper,ROLE_PSCUser,enabled
restoper=password,ROLE_PSCOper,ROLE_PSCUser,enabled
restuser=password,ROLE_PSCUser,enabled
After editing user properties in the users.properties:
restmgr=password,ROLE_PSCAdmin,ROLE_PSCUser,ROLE_PSCNewUser,enabled
restoper=password,ROLE_PSCOper,ROLE_PSCUser,enabled
restuser=password,ROLE_PSCUser,ROLE_PSCNewUser,disabled
restNewUserGroup=password,ROLE_PSCNewUser,enabled
<!--
The following operations were performed:
1. Added "ROLE_PSCNewUser" role to the two users, "restmgr" and "restuser".
2. Removed "ROLE_PSCOper" user from the "restmgr" user.
3. Disabled "restuser" user.
4. Added a new user "restNewUserGroup".
-->
The contents of the users.properties file are not secure as they are stored as plain text. The contents in the file are shipped as an example. Typically, a production installation would use the Spring Security configuration for hashed and salted password storage, and then add the secure passwords to the users.properties file as illustrated earlier in this section. For more information, see Setting hashed and salted password using EncodePassword.