Follow these instructions to set up and run the J2EE security
with EGL LDAP access sample. To set up the sample, you import the
data, configure J2EE security, and run the sample.
Before you begin
To use the J2EE Security with EGL LDAP access sample, you
must use an LDAP-compliant server. If you do not have an LDAP-compliant
server, you can use an open-source server, such as, ApacheDS, and
client, such as, Apache Directory Studio, that provides access to
that server. For details, see Configuring LDAP-compliant software
About this task
These setup instructions are specific to ApacheDS and
Apache Directory Studio. If you use a different LDAP-compliant server,
your configuration might vary, depending upon your server.
Procedure
- Import the data:
- To import the sample projects into your workspace, on
the J2EE Security with EGL LDAP Access page,
click Get the sample. Allow the workspace migration
tool to perform any migration that is necessary.
- In the sample project, open each of the following files,
and make sure that the content is appropriate for your server:
- Import the sample data from SampleCompany.ldif file,
which is in your project, to your directory server.
- If you use an existing LDAP-compliant server, import the sample
data from the SampleCompany.ldif file, which
is in the following location:
workspace/SecureLDAPSample/
Note: workspace is
the fully qualified path name of your EGL product workspace; for example, C:/MyWorkspace.
- If you are use the open-source Apache software for demonstration
purposes, import the sample data onto your ApacheDS directory server
by following the instructions in Importing sample data using Apache Directory Studio.
- Configure J2EE security. For general information
about setting up web-based, container-managed J2EE security, see "Using
J2EE container-managed security".
- Set up WebSphere Application
Server for J2EE security:
- Create an instance of WebSphere Application
Server (for example, version 8.0) and start the server.
- Right-click the server and select .
- At the main administrative console, expand and then click Secure
administration, applications, and infrastructure.
- Select Enable administrative security and Enable
application security, but clear Use Java 2
security to restrict application access to local resources.
- In the Available realm definition section,
select Standalone LDAP registry. Click Set
as current.
- Access the Standalone LDAP registry properties:
- Click Configure.
- On the Additional Properties tab of the Standalone LDAP registry
properties window, click Advanced Lightweight Directory
Access Protocol (LDAP) user registry settings.
- For the User filter, enter (&(uid=%v)(objectclass=person)),
and click OK.
- For the Primary administrative user name, type msmith.
- Select Automatically generated server identity.
- Enter your LDAP bind criteria, and click OK and Apply.
If you use the open source Apache software for demonstration purposes,
use the criteria listed in the table. Otherwise, use the defaults.
Table 1. LDAP bind criteria| Bind criteria |
Value |
| Type of LDAP server |
Custom |
| Host |
localhost |
| Port |
389 |
| Basic distinguished name (DN) |
o=sample |
| Bind distinguished name |
uid=msmith,ou=people,o=sample |
| Bind password |
pass |
- In the message box at the top of the window, click Save
directly to the master configuration.
Important: Because
you enabled administrative security, you must log in to WebSphere Application Server by using the
user ID msmith and password pass.
If you no longer need administrative security, after you run this
sample, turn off administrative security.
- Exit the administrative console and stop the server.
- Set up your instance of WebSphere Application Server:
- Right-click your server and select Open.
- Specify automatic connection settings or change the server connection
type from RMI to SOAP.
Use the default port.
- Under Security, select Security is enabled on this
server. For your user ID, enter msmith;
for your password, enter pass. Make sure that Automatically
trust server certificate during the SSL handshake is selected.
Important: To avoid authentication errors and needless looping,
make sure that the user ID and password exactly match the credentials
entered in the administrative console.
- Save your changes.
- Download the J2EE security with EGL LDAP access sample.
The deployment descriptor (
WebContent/WEB-INF/web.xml)
for the project SecureLDAPSample was configured for J2EE security:
- On the Security tab, the AllRole security
role was added.
- The Constraint1 Security Constraint was added. A constraint specifies
the resources in this project that are secured by J2EE security and
the roles that can access those resources. Constraint1 specifies
that only people with the All Role security role can access the JSP
pages, or resources, in this project that are defined under WebContent
(“/*”).
- On the Pages tab, the Authentication method
was set to FORM; this indicates that form-based authentication is
used. A Login page and Error page were defined in the project and
specified for use with form-based authentication.
The
EarContent/META-INF/application.xml deployment
descriptor for the SecureLDAPSampleEAR project was configured for
J2EE security:
- On the Security tab, the AllRole Security
Role was added.
- Under WebSphere Bindings, All
authenticated users was selected to map to AllRole. As
a result, all user IDs in the SampleCompany directory are mapped to
AllRole and can run this web application.
If you have trouble running administrative security, you
can disable it by working at the command line instead of at the administrative
console. To disable administrative security, do as follows:
- At the command prompt, type the following:
WebSphere_home\bin\wsadmin.bat -conntype NONE
Note: WebSphere_home is
the fully qualified path name of the install directory for WebSphere Application Server.
- When the system prompt is displayed again, type securityoff.
- When you are finished, type quit.
- Restart the application server.
- Run the sample:
- Clean the SecureLDAPSample project.
- To generate the code, use the SecureLDAPSampleWebBuildOptions build
descriptor , which is in SecureLDAPSample.eglbld.
- Right-click your instance of WebSphere Application Server. Click Add
and Remove Projects.
- Add SecureLDAPSampleEAR to the server and click Finish.
- Start WebSphere Application
Server to complete the security configuration:
- Right-click the server and select .
- Expand Applications and click Enterprise
applications. The Enterprise Applications page is displayed.
- Click SecureLDAPSampleEAR. An application
configuration page is displayed.
- In the Web Module Properties section, click Session
Management. The Session Management page is displayed.
- In the General Properties section, click Security Integration.
You do not need to repeat the security configuration if you
run the sample again on the same server instance.
- Restart WebSphere Application
Server.
- In the WebContent folder in SecureLDAPSample,
right click welcome.jsp. Select Run
As then select Run on Server.
- On the login page, authenticate as Sample Company customer
by typing the user ID ajones and the password pass;
then click OK. The Welcome to Sample Company
page opens. You can either display or update the data for ajones.
- Click Update.
- Change some of the data, and click Update
and display. The changes are committed to the directory.
The new data is displayed on the page.
- Restart the server and the workbench.
- On the server, run welcome.jsp and
log in as a Sample Company employee by using the user ID msmith and
the password pass. You can either display
or update the data.