Try OpenEdge Now
skip to main content
Administration
Web Services Adapter Administration : Web Services Adapter Security Configurations : Alphabetical list of configuration instructions : Controlling access to Web services, WSDL, and WSA administration : Using user-authorization role-names
 
Using user-authorization role-names
You can control access to all of a WSA instance's Web services, WSDL, and WSA administration, or to any desired combination of these functions, using user-authorization role-names.
To control access to Web services, WSDL, and WSA administration:
1. Choose user-authorization role-names to identify users who can access your desired combination of functions.
2. In each security-constraint, uncommented or created in the previous step, add a role-name element for each user-authorization role-name you chose. The syntax of a role-name element is:
Table 30. Syntax
<auth-constraint>
  <role-name>name</role-name>
</auth-constraint>
For example, if you want to grant access to all of a WSA's Web services, WSDL, and WSA administration and grant access to the user-authorization role-names PSCAdmin and GuestAdmin, you might modify the security-constraints as shown in the following table.
Table 31. Controlling Web service, WSDL, and administration access using role names
For accessing . . .
The modified security-constraint might look like this . . .
Web services
<security-constraint>
  <web-resource-collection>
    <url-pattern>/wsa1/</url-pattern>
      <auth-constraint>
        <role-name>PSCAdmin</role-name>
        <role-name>GuestAdmin</role-name>
      </auth-constraint>
  </web-resource-collection>
</security-constraint>
WSDL
<security-constraint>
  <web-resource-collection>
    <url-pattern>/wsa1/wsdl/*</url-pattern>
      <auth-constraint>
        <role-name>PSCADmin</role-name>
        <role-name>GuestAdmin</role-name>
      </auth-constraint>
  </web-resource-collection>
</security-constraint>
WSA administration
<security-constraint>
  <web-resource-collection>
    <url-pattern>/wsa1/admin/*</url-pattern/*>
      <auth-constraint>
        <role-name>PSCAdmin</role-name>
        <role-name>GuestAdmin</role-name>
      </auth-constraint>
  </web-resource-collection>
</security-constraint>
3. Modify the properties of the WSA instance to require Java container authentication of all users of your desired combination of functions. The technique for doing so depends on whether the WSA instance is local (residing on the AdminServer machine) or remote (not residing on the AdminServer machine).
If the WSA instance is local, select the WSA instance in OpenEdge Management or OpenEdge Explorer, select Configuration, and select the Security tab.
Then, click Edit and enable the check boxes to require Java container user authentication of all users in your desired combination of functions, as follows:
*Require WSA administration authorization
*Require Web Services authorization
*Require WSDL retrieval authorization
For more info, see the online help.
If the WSA instance is remote, edit the ubroker.properties file for the WSA. In the section for the WSA instance, for each function in your desired combination, set the property that enables Java container authentication of all users of that function, as shown in the following table.
Table 32. Requiring Web service user authorization for Web service, WSDL, and administration access
To require Java container user authentication for all users of . . .
Set this property . . .
To . . .
Web services
appAuth
1
WSDL
wsdlAuth
1
WSA administration
adminAuth
1
For more information on the properties of a WSA instance, see the comments in the ubroker.properties file.