4. Copy the encrypted Java keystore file to each PAS for OpenEdge instance's .../conf directory.
5. Configure the OEClientPrincipalFilter bean in the oeablSecurity.properties file as follows:
a. Set the OEClientPrincipalFilter.key property to a blank value.
b. Set the OEClientPrincipalFilter.registryFile property and set its value to the file name of the Java keystore that you created in Step 3. For example:
c. Set the OEClientPrincipalFilter.domain property to a default domain that has minimal access rights to your ABL application.
d. Optionally configure authz, accntinfo, roles, and other properties.
The next step is to design the role name pattern that will be used to designate an OpenEdge domain. Ideally the name pattern will have a unique prefix that distinguishes it from all other names. The name pattern may also employ a postfix to help establish uniqueness. See Obtaining a domain name from a role name for more information about designing a role name pattern.
Note: Since the OEClientPrincipalFilter bean uses Java RegEx functionality, create a role name pattern that is easy for Java RegEx to parse.
When you have established a role name pattern, construct the Java RegEx pattern that will distinguish the domain name from any other normal user account granted roles. For example, with OED:domain-name as the domain name:
Table 13. Spring users.properties accounts
Role Name
Spring Security Role Name
Java RegEx Match Pattern
ROLE_OED:acme
ROLE_OED:acme
ROLE_OED:(.*)
Table 14. Spring LDAP groupOfUniqueNames object
Role Name
Spring Security Role Name
Java RegEx Match Pattern
cn=OED:acme
ROLE_OED:ACME
ROLE_OED:(.*)
The Spring LDAP Authentication Provider prefixes ROLE_ to any LDAP group name it uses as a user account role, and it converts the LDAP group name to upper case.
Finally, set the OEClientPrincipalFilter bean's domainRoleFilter property to the value of the Java RegEx match pattern.
Note: If your Java RegEx match pattern contains a back slash ( \ ), you may be required to escape it with another backslash ( \\ ).
