Local and Extended Local user accounts

Both local and extended local configurations use an ABL application's WEB-INF/users.properties file as the source for user account information.

The local model is usually used during application development, where you would want a quick way of testing a web application's security structure. It allows you to easily edit accounts and add clear-text passwords in order to test user access based on roles.

To implement the local model, add the following setting in the Security and authentication models section of the oeablSecurity.properties file:

See the oeablSecurity.properties.README file for more information.

After choosing the local security configuration model for a web application, you can add, remove, modify users or user authentication settings by updating the ABL application's WEB-INF/users.properties file.

Like the local model, the extended local model uses the WEB-INF/users.properties as the source for user account information . However, the extended local model is more secure because it allows you to use encrypted passwords. Encrypted (i.e. hashed/salted) passwords are generated with the GENSPRINGPWD utility. See Generating encrypted passwords with GENSPRINGPWD

To implement the extended local model, add the following setting in the Security and authentication models section of the oeablSecurity.properties file:

See the oeablSecurity.properties.README file for more information.

The following shows the syntax of entries in users.properties:

The following shows the content of the default users.properties file:

The contents of the users.properties file are included as an example and they are not secure since they are stored as plain text. Typically, for a production server, you would generate encrypted passwords, and add the secure passwords to the users.properties file. See Generating encrypted passwords with GENSPRINGPWD for more information.