Security configurations are defined in the web.xml file of the REST Management Agent or REST Web application. Based on your REST Web service requirements, you choose one of the security configurations models, as described in Security configuration models.
To choose and apply security configuration:
1. Open the WEB-INF folder of the REST Management Agent or REST Web application in your Web server directory.
Note: If you chose the Container security (/WEB-INF/appSecurity-container.xml) as your security configuration model, you enable the Web application's use of the Tomcat container's authenticated user accounts and role definitions.
Note: The Spring Security configurations extends the Web application's security and uses the container's authenticated user accounts and assigned roles for authorization. So, if you chose the Container security model, you must edit user accounts information in two configuration files, web.xml and appSecurity-container.xml, for authorization to Web resources. To edit user accounts information in the web.xml file, search for the BEGIN tag (<!-- BEGIN:container.security-->) in the web.xml code and follow the instructions given by the NOTE, right below the BEGIN tag, in the code. To edit user accounts information in the appSecurity-container.xml, see Modifying user roles and privileges.
As per your choice of Security configuration model, you must ensure that you have appropriately set the webServerAuth property in the ubroker.properties file in OpenEdge (by default, $DLC\properties\ubroker.properties). For more information on the values that the webServerAuth property can take, see the descriptions in the ubroker.properties file.