skip to main content
Core Progress Application Server security : Realms and roles : Managing users and roles for Manager and Host Manager applications
 

Managing users and roles for Manager and Host Manager applications

For user authentication, the Progress Application Server comes configured for use with Tomcat's MemoryRealm. The MemoryRealm accesses user authentication information stored in an XML file, conf/tomcat-users.xml. You can replace the MemoryRealm with a different type of realm, such as JDBC or LDAP, and you can have multiple realms of different types configured at the same time.
Note: The MemoryRealm configuration is not intended for use in a production environment. For production, you should replace the MemoryRealm with a stronger source of user authentication.
PAS retains the roles defined in Tomcat's default MemoryRealm, but PAS also includes a new set of roles that include the Tomcat roles. The following table lists the new roles and what existing Tomcat roles they map to, if any:
Table 9. PAS roles mapped to Tomcat roles
PAS role
Includes Tomcat Manager and Host Manager roles
Description
ROLE_PSCAdmin
admin-gui
admin-script
manager-gui
manager-script
manager-jmx
manager-status
Unrestricted administration access. The Tomcat admin roles allow access to the HTML GUI and text interfaces of the Host Manager application, and the manager roles allow access to the HTML GUI, text interface, JMX proxy, and status pages of the Manager application.
ROLE_PSCOper
admin-script
manager-script
manager-status
Restricted operator administration access. The Tomcat roles allow access to the text interfaces of the Host Manager and Manager applications as well as the status pages in the Manager application.
ROLE_PSCUser
none
Non-priviliged access
ROLE_PSCNone
none
No access, for user account authorization testing
Note: If you use a realm(s) other than the default MemoryRealm, that realm must have the roles listed in the table above.
PAS comes with three default test accounts configured in conf/tomcat-users.xml, as described in the following table:
Table 10. PAS default user accounts
Username
Password
Role(s)
tomcat
tomcat
ROLE_PSCAdmin, ROLE_PSCOper, ROLE_PSCUser
tcuser1
tcuser
ROLE_PSCUser
tcuser2
tcuser
ROLE_PSCNone
The format for users entries in conf/tomcat-users.xml is shown below, with the tomcat default user given as an example:
<user username="tomcat" password="tomcat"
roles="ROLE_PSCAdmin,ROLE_PSCOper,ROLE_PSCUser"/>