Try OpenEdge Now
skip to main content
Administration Guide
Web application security configurations : User account configurations : Local and Extended Local user accounts
 

Local and Extended Local user accounts

Both local and extended local configurations use an ABL application's WEB-INF/users.properties file as the source for user account information.

Local configurations

The local model is usually used during application development, where you would want a quick way of testing a web application's security structure. It allows you to easily edit accounts and add clear-text passwords in order to test user access based on roles.
To implement the local model, add the following setting in the Security and authentication models section of the oeablSecurity.properties file:
http.all.authmanager=local
See the oeablSecurity.properties.README file for more information.
After choosing the local security configuration model for a web application, you can add, remove, modify users or user authentication settings by updating the ABL application's WEB-INF/users.properties file.

Extended local configurations

Like the local model, the extended local model uses the WEB-INF/users.properties as the source for user account information . However, the extended local model is more secure because it allows you to use encrypted passwords. Encrypted (i.e. hashed/salted) passwords are generated with the GENSPRINGPWD utility. See Generating encrypted passwords with GENSPRINGPWD
To implement the extended local model, add the following setting in the Security and authentication models section of the oeablSecurity.properties file:
http.all.authmanager=extlocal
See the oeablSecurity.properties.README file for more information.

The users.properties file

The following shows the syntax of entries in users.properties:
username=password, role1, [role2, ..., roleN, ] { enabled | disabled }
The following shows the content of the default users.properties file:
restuser=password,ROLE_PSCUser,enabled
restdebug=password,ROLE_PSCUser,ROLE_PSCDebug,enabled
The contents of the users.properties file are included as an example and they are not secure since they are stored as plain text. Typically, for a production server, you would generate encrypted passwords, and add the secure passwords to the users.properties file. See Generating encrypted passwords with GENSPRINGPWD for more information.
* Generating encrypted passwords with GENSPRINGPWD