Release 10.1A: OpenEdge Application Server:
Administration

Customizing WSA administration roles

When you install the WSA, you can choose to enable security. In this case, security is preset to enable access to WSA administration with two predefined administrator roles, PSCAdmin (for system administrators) and PSCOper (for system operators). However, you can define your own custom administrator roles.

To define your own custom administrator roles:
  1. Enable the JSE to authenticate users and grant them access if they hold a membership in one of your customized administrator roles. To do so, in the WSA’s web.xml file, in the security-constraint for WSA administration, add a role-name element for each of your customized administrator roles.

    2. A security-constraint for WSA administration looks like this: 

    <security-constraint> 
  <web-resource-collection> 
    <url-pattern>/wsa1/admin/*</url-pattern/*> 
  </web-resource-collection> 
</security-constraint>

    The syntax for a role-name element is:

    Syntax 
    <auth-constraint> 
  <role-name>name</role-name> 
</auth-constraint>

    For example, if you created the new administrator roles tempadmin1 and tempadmin2, you might modify the security-constraint for WSA administration to appear as follows: 

    <security-constraint> 
  <web-resource-collection> 
    <url-pattern>/wsa1/admin/*</url-pattern/*> 
      <auth-constraint> 
        <role-name>tempadmin1</role-name> 
        <role-name>tempadmin2</role-name> 
      </auth-constraint> 
  </web-resource-collection> 
</security-constraint>

  2. Add an administrator role to the WSA security. Using a text editor, edit the ubroker.properties file from which the WSA is initialized:

    1. Locate the [AdminRole.PSCAdmin] group.

      2. Each administrator role definition resides in groups that begin with “[AdminRole.”, followed by the role-name, and ending with “]”.

    2. Copy the group once for each new administrator role you want to create.
    3. Choose a new role-name. Change the group’s role-name to reflect the new role name.
    4. Edit the group’s Permission properties and actions as desired:

      5. [AdminRole.PSCAdmin] 
    apps_defaults=read,write 
    apps_enable=read,write 
    apps_props=read,write 
    apps_stats=read,write 
    servlet_props=read,write 
    servlet_services=read,write,delete 
    servlet_stats=read,write

  3. Modify the adminRole property of the WSA to add the new role-names to the list of role-names. The technique for doing so depends on whether the WSA instance is local (residing on the AdminServer machine) or remote (not residing on the AdminServer machine).

    4. If the WSA is local, using Progress Explorer, select the WSA instance. Then, in the WSA’s Security panel, in the list of Admin roles, add the new role-names.

    If the WSA instance is remote, using a text editor, edit the ubroker.properties file. In the adminRoles property, add the new role-names to the comma-separated list of existing role names: 

    [WSA] 
. 
. 
. 
adminRoles=PSCAdmin,PSCOper

Copyright © 2005 Progress Software Corporation
 www.progress.com
Voice: (781) 280-4000
Fax: (781) 280-4095