Try OpenEdge Now
skip to main content
Administration
REST Administration : REST Management Agent and REST Web Application Security Configurations : Working with security configurations : Choosing and applying a security configuration
 
Choosing and applying a security configuration
Security configurations are defined in the web.xml file of the REST Management Agent or REST Web application. Based on your REST Web service requirements, you choose one of the security configurations models, as described in Security configuration models.
To choose and apply security configuration:
1. Open the WEB-INF folder of the REST Management Agent or REST Web application in your Web server directory.
Note: For more information on the installation and the location of the REST Management Agent, see Installing and Configuring REST Management Agent.
2. Open the web.xml file in an XML editor.
3. Find the <context-param> tag. Uncomment one of the <param-value> from the list of security configurations in the <param-value> code block.
For instance, the following <param-value> code block marks Form security as your choice of security configuration model.
<param-name>contextConfigLocation</param-name>
<param-value>
<!--
/WEB-INF/appSecurity-basic-local.xml
            /WEB-INF/appSecurity-basic-ldap.xml
            /WEB-INF/appSecurity-basic-oerealm.xml            
            /WEB-INF/appSecurity-form-ldap.xml
            /WEB-INF/appSecurity-form-oerealm.xml
            /WEB-INF/appSecurity-anonymous.xml
            /WEB-INF/appSecurity-container.xml
/WEB-INF/appSecurity-form-saml.xml
/WEB-INF/appSecurity-basic-saml.xml
-->
            /WEB-INF/appSecurity-form-local.xml
</param-value>
</context-param>
Note: If you chose the Container security (/WEB-INF/appSecurity-container.xml) as your security configuration model, you enable the Web application's use of the Tomcat container's authenticated user accounts and role definitions.
Note: The Spring Security configurations extends the Web application's security and uses the container's authenticated user accounts and assigned roles for authorization. So, if you chose the Container security model, you must edit user accounts information in two configuration files, web.xml and appSecurity-container.xml, for authorization to Web resources. To edit user accounts information in the web.xml file, search for the BEGIN tag (<!-- BEGIN:container.security-->) in the web.xml code and follow the instructions given by the NOTE, right below the BEGIN tag, in the code. To edit user accounts information in the appSecurity-container.xml, see Modifying user roles and privileges.
4. Save the web.xml file.
5. If you chose the LDAP security model, appSecurity-XXXX-ldap.xml, you must proceed to Configure the LDAP security configuration model to apply security configurations. If you chose the SPA security model, appSecurity-XXXX-oerealm.xml, you must proceed to Configure the SPA security configuration model to apply security configurations. If you chose the SAML security model,  you must proceed to Using SAML in security configurations. Otherwise, proceed to Adding and modifying a user.
As per your choice of Security configuration model, you must ensure that you have appropriately set the webServerAuth property in the ubroker.properties file in OpenEdge (by default, $DLC\properties\ubroker.properties). For more information on the values that the webServerAuth property can take, see the descriptions in the ubroker.properties file.