skip to main content
Pacific Application Server for OpenEdge: Administration Guide
Web application security configurations : Applying a Spring Security model to a Web application
 

Applying a Spring Security model to a Web application

You implement a Spring Security model by supplying a reference to its configuration template in a Web application's web.xml file.
To choose and apply a Spring Security configuration:
1. Open the Web application's $CATALINA_BASE/webapps/webapp_name/WEB-INF/web.xml file.
2. Find the <context-param> tag.
3. Uncomment one of the configuration file templates from the list of security configurations in the <param-value> code block.
For example, the following shows oeablSecurity-form-local.xml as the chosen security model template.
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
<!--
/WEB-INF/oeablSecurity-basic-local.xml
            /WEB-INF/oeablSecurity-basic-ldap.xml
            /WEB-INF/oeablSecurity-basic-oerealm.xml            
            /WEB-INF/oeablSecurity-form-ldap.xml
            /WEB-INF/oeablSecurity-form-oerealm.xml
            /WEB-INF/oeablSecurity-anonymous.xml
            /WEB-INF/oeablSecurity-container.xml
/WEB-INF/oeablSecurity-form-saml.xml
/WEB-INF/oeablSecurity-basic-saml.xml
-->
            /WEB-INF/oeablSecurity-form-local.xml
</param-value>
</context-param>
Note: You cannot uncomment more than one security model template.
4. Save the web.xml file.
*All security models, with the possible exception of oeablSecurity-anonymous.xml, require further configuration with regard to setting up user accounts, roles, authentication, and authorization.
*Initial configuration enables Spring Security for REST Web applications. Additional configuration is necessary if you want to enable Spring Security for the APSV and the SOAP transports.
*Additional configuration steps are required to set up CORS support and Single sign-on.
For information on additional Spring Security configuration tasks, follow the link to the appropriate topic listed below.