Try OpenEdge Now
skip to main content
Administration
Web Services Adapter Administration : Web Services Adapter Security Configurations : Alphabetical list of configuration instructions : Enabling Web services per user and per application
 
Enabling Web services per user and per application
When you install the WSA, you can choose to enable security. In this case, security is preset to allow any user authenticated and authorized by the Java container to access to any deployed Web service application. You can, however, restrict access to Web service applications per user and per application. The technique involves creating a WSA instance for each unique user community, setting the security of each WSA instance to restrict access to a particular user community, and deploying to each WSA instance Web services only for its user community.
For example, suppose the Acme Company wants to deploy the applications described in the following table as Web services.
Table 42. Enabling Web services per user and per application
This application . . .
Available to . . .
Lets its users . . .
Accounting (Query Only)
All department managers and their superiors
Read any record in the Accounting system
Accounting (Update)
Members of the Accounting department only
Read, modify, and create records in the Accounting system
Human Resources
Members of the Human Resources department only
Read, modify, and create records in the Human Resources system
Work Tracking
All employees
Record the time spent on each project
To enable Web services per user and per application:
1. Set up the WSA instances, security-constraint URL-patterns, and role names as shown in the following table.
Table 43. Sample Web service security constraints by application and role name
Application
WSA instance name
Security-constraint URL-pattern
Role-name
Accounting-Full
accntg
/accntg/
Acctdept
Accounting-Query
accntgquery
/accntgquery/
DeptMgr
Human Resources
Hr

/hr/

Hrdept
Work-Tracking
worktracking
/worktracking/
Users
2. In the properties of each WSA instance, require user authorization to Web service applications. For example:
*If the WSA is local, select the WSA instance in OpenEdge Management or OpenEdge Explorer, and select Configuration. Select Security to display the Security tab. In the Security tab, add user authorization to Web services.
*If the WSA instance is remote, using a text editor, edit the ubroker.properties file. Add user authorization to Web services.
3. In the Java container's user database, assign each employee the appropriate role, as shown in the following table.
Table 44. Sample Web service user roles
To these employees . . .
Assign this role . . .
All department managers and their superiors.
DeptMgr
All employees of the company.
Users
All members of the Accounting department.
Acctdept
All members of the Human Resources department.
Hrdept
The resulting web.xml file follows:
Table 45. web.xml (Continued)

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
  PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
  "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
  <display-name>Web Services Adapter</display-name>
<!-- List all of the servlet definitions here -->
  <servlet>    <servlet-name>hr_servlet</servlet-name>
    <display-name>Web Services Adapter hr servlet</display-name>
    <servlet-class>com.progress.wsa.WsaServlet</servlet-class>
    <init-param>
      <param-name>InstallDir</param-name>
      <param-value>/progress/openedge</param-value>
    </init-param>
    <init-param>
      <param-name>instanceName</param-name>
      <param-value>hr</param-value>
    </init-param>
    <init-param>
      <param-name>propertyFileName</param-name>
      <param-value>/progress/openedge/properties/ubroker.properties
      </param-value>
    </init-param>
  </servlet>
<servlet>
    <servlet-name>worktracking_servlet</servlet-name>
    <display-name>Web Services Adapter worktracking servlet
    </display-name>
    <servlet-class>com.progress.wsa.WsaServlet</servlet-class>
    <init-param>
      <param-name>InstallDir</param-name>
      <param-value>/progress/openedge</param-value>
    </init-param>
    <init-param>
      <param-name>instanceName</param-name>
      <param-value>worktracking</param-value>
    </init-param>
    <init-param>
      <param-name>propertyFileName</param-name>
      <param-value>/progress/openedge/properties/ubroker.properties
      </param-value>
    </init-param>
  </servlet>
  <servlet>
    <servlet-name>accntgquery_servlet</servlet-name>
    <display-name>Web Services Adapter accounting-query servlet
    </display-name>
    <servlet-class>com.progress.wsa.WsaServlet</servlet-class>
    <init-param>
      <param-name>InstallDir</param-name>
      <param-value>/progress/openedge</param-value>
    </init-param>
    <init-param>
      <param-name>instanceName</param-name>
      <param-value>accntgquery</param-value>
    </init-param>
    <init-param>
      <param-name>propertyFileName</param-name>
      <param-value>/progress/openedge/properties/ubroker.properties
      </param-value>
    </init-param>
  </servlet>
<servlet>
    <servlet-name>accntg_servlet</servlet-name>
    <display-name>Web Services Adapter full accountingservlet
    </display-name>
    <servlet-class>com.progress.wsa.WsaServlet</servlet-class>
    <init-param>
      <param-name>InstallDir</param-name>
      <param-value>/progress/openedge</param-value>
    </init-param>
    <init-param>
      <param-name>instanceName</param-name>
      <param-value>accntg</param-value>
    </init-param>
    <init-param>
      <param-name>propertyFileName</param-name>
      <param-value>/progress/openedge/properties/ubroker.properties
      </param-value>
    </init-param>
  </servlet>
  <!-- List all of the servlet mappings here -->
  <servlet-mapping>
    <servlet-name>hr_servlet</servlet-name>
    <url-pattern>/hr/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>worktracking_servlet</servlet-name>
    <url-pattern>/worktracking/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>accntgquery_servlet</servlet-name>
    <url-pattern>/accntgquery/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>accntg_servlet</servlet-name>
    <url-pattern>/accntg/*</url-pattern>
  </servlet-mapping>
 <!-- List all of the security constraints here -->
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>HR Web Services</web-resource-name>
      <url-pattern>/hr/</url-pattern>
      <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>Hrdept</role-name>
    </auth-constraint>
  </security-constraint>
 <security-constraint>
    <web-resource-collection>
      <web-resource-name>Work-Tracking Web Services</web-resource-name>
      <url-pattern>/worktracking/</url-pattern>
      <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>Users</role-name>
    </auth-constraint>
  </security-constraint>
 <security-constraint>
    <web-resource-collection>
      <web-resource-name>Accounting-query Web Services
      </web-resource-name>
      <url-pattern>/accntgquery/</url-pattern>
      <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>DeptMgr</role-name>
    </auth-constraint>
  </security-constraint>
 <security-constraint>
    <web-resource-collection>
      <web-resource-name>Accounting Web Services</web-resource-name>
      <url-pattern>/accntg/</url-pattern>
      <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>Acctdept</role-name>
    </auth-constraint>
  </security-constraint>
 <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Acme Company Web Services</realm-name>
  </login-config>
</web-app>