Try OpenEdge Now
skip to main content
Administration
Web Services Adapter Administration : Web Services Adapter Security Configurations : Alphabetical list of configuration instructions : Customizing WSA administration roles
 
Customizing WSA administration roles
When you install the WSA, you can choose to enable security. In this case, security is preset to enable access to WSA administration with two predefined administrator roles, PSCAdmin (for system administrators) and PSCOper (for system operators). However, you can define your own custom administrator roles.
To define your own custom administrator roles:
1. Enable the Java container to authenticate users and grant them access if they hold a membership in one of your customized administrator roles. To do so, in the WSA's web.xml file, in the security-constraint for WSA administration, add a role-name element for each of your customized administrator roles.
A security-constraint for WSA administration looks like the following:
<security-constraint>
  <web-resource-collection>
    <url-pattern>/wsa1/admin/*</url-pattern/*>
  </web-resource-collection>
</security-constraint>
The syntax for a role-name element is:
Table 33. Syntax
<auth-constraint>
  <role-name>name</role-name>
</auth-constraint>
For example, if you created the new administrator roles tempadmin1 and tempadmin2, you might modify the security-constraint for WSA administration to appear as follows:
<security-constraint>
  <web-resource-collection>
    <url-pattern>/wsa1/admin/*</url-pattern/*>
      <auth-constraint>
        <role-name>tempadmin1</role-name>
        <role-name>tempadmin2</role-name>
      </auth-constraint>
  </web-resource-collection>
</security-constraint>
2. Add an administrator role to the WSA security. Using a text editor, edit the ubroker.properties file from which the WSA is initialized, as follows:
a. Locate the [AdminRole.PSCAdmin] group.
Each administrator role definition resides in groups that begin with "[AdminRole.", followed by the role-name, and ending with "]".
b. Copy the group once for each new administrator role you want to create.
c. Choose a new role-name. Change the group's role-name to reflect the new role name.
d. Edit the group's Permission properties and actions as desired. For example:
[AdminRole.PSCAdmin]
apps_defaults=read,write
apps_enable=read,write
apps_props=read,write
apps_stats=read,write
servlet_props=read,write
servlet_services=read,write,delete
servlet_stats=read,write
3. Modify the adminRole property of the WSA to add the new role-names to the list of role-names. The technique for doing so depends on whether the WSA instance is local (residing on the AdminServer machine) or remote (not residing on the AdminServer machine).
If the WSA is local, select the WSA instance in OpenEdge Management or OpenEdge Explorer. Then, in the WSA's Security tab, in the Admin Role Links, add the new role-names. For more information, see the online help.
If the WSA instance is remote, using a text editor, edit the ubroker.properties file. In the adminRoles property, add the new role-names to the comma-separated list of existing role names, as shown:
[WSA]
.
.
.
adminRoles=PSCAdmin,PSCOper