Setup for J2EE security with EGL LDAP access

Follow these instructions to set up and run the J2EE security with EGL LDAP access sample. To set up the sample, you import the data, configure J2EE security, and run the sample.

Before you begin

To use the J2EE Security with EGL LDAP access sample, you must use an LDAP-compliant server. If you do not have an LDAP-compliant server, you can use an open-source server, such as, ApacheDS, and client, such as, Apache Directory Studio, that provides access to that server. For details, see Configuring LDAP-compliant software

About this task

These setup instructions are specific to ApacheDS and Apache Directory Studio. If you use a different LDAP-compliant server, your configuration might vary, depending upon your server.

Procedure

  1. Import the data:
    1. To import the sample projects into your workspace, on the J2EE Security with EGL LDAP Access page, click Get the sample. Allow the workspace migration tool to perform any migration that is necessary.
    2. In the sample project, open each of the following files, and make sure that the content is appropriate for your server:
      • EGLSource/libraries/LdapLoginLib.egl, in which you might need to change the following providerURL entry:
        providerUrl String = "ldap://localhost:389/o=sample";
      • EGLSource/libraries/UserObjectLib.egl
    3. Import the sample data from SampleCompany.ldif file, which is in your project, to your directory server.
      • If you use an existing LDAP-compliant server, import the sample data from the SampleCompany.ldif file, which is in the following location:
        workspace/SecureLDAPSample/
        Note: workspace is the fully qualified path name of your EGL product workspace; for example, C:/MyWorkspace.
      • If you are use the open-source Apache software for demonstration purposes, import the sample data onto your ApacheDS directory server by following the instructions in Importing sample data using Apache Directory Studio.
  2. Configure J2EE security. For general information about setting up web-based, container-managed J2EE security, see "Using J2EE container-managed security".
    1. Set up WebSphere Application Server for J2EE security:
      1. Create an instance of WebSphere Application Server (for example, version 8.0) and start the server.
      2. Right-click the server and select Administration > Run administrative console.
      3. At the main administrative console, expand Security > Global security and then click Secure administration, applications, and infrastructure.
      4. Select Enable administrative security and Enable application security, but clear Use Java 2 security to restrict application access to local resources.
      5. In the Available realm definition section, select Standalone LDAP registry. Click Set as current.
      6. Access the Standalone LDAP registry properties:
        1. Click Configure.
        2. On the Additional Properties tab of the Standalone LDAP registry properties window, click Advanced Lightweight Directory Access Protocol (LDAP) user registry settings.
        3. For the User filter, enter (&(uid=%v)(objectclass=person)), and click OK.
      7. For the Primary administrative user name, type msmith.
      8. Select Automatically generated server identity.
      9. Enter your LDAP bind criteria, and click OK and Apply. If you use the open source Apache software for demonstration purposes, use the criteria listed in the table. Otherwise, use the defaults.
        Table 1. LDAP bind criteria
        Bind criteria Value
        Type of LDAP server Custom
        Host localhost
        Port 389
        Basic distinguished name (DN) o=sample
        Bind distinguished name uid=msmith,ou=people,o=sample
        Bind password pass
      10. In the message box at the top of the window, click Save directly to the master configuration.
        Important: Because you enabled administrative security, you must log in to WebSphere Application Server by using the user ID msmith and password pass. If you no longer need administrative security, after you run this sample, turn off administrative security.
      11. Exit the administrative console and stop the server.
    2. Set up your instance of WebSphere Application Server:
      1. Right-click your server and select Open.
      2. Specify automatic connection settings or change the server connection type from RMI to SOAP. Use the default port.
      3. Under Security, select Security is enabled on this server. For your user ID, enter msmith; for your password, enter pass. Make sure that Automatically trust server certificate during the SSL handshake is selected.
        Important: To avoid authentication errors and needless looping, make sure that the user ID and password exactly match the credentials entered in the administrative console.
      4. Save your changes.
    3. Download the J2EE security with EGL LDAP access sample.
      The deployment descriptor (WebContent/WEB-INF/web.xml) for the project SecureLDAPSample was configured for J2EE security:
      • On the Security tab, the AllRole security role was added.
      • The Constraint1 Security Constraint was added. A constraint specifies the resources in this project that are secured by J2EE security and the roles that can access those resources. Constraint1 specifies that only people with the All Role security role can access the JSP pages, or resources, in this project that are defined under WebContent (“/*”).
      • On the Pages tab, the Authentication method was set to FORM; this indicates that form-based authentication is used. A Login page and Error page were defined in the project and specified for use with form-based authentication.
      The EarContent/META-INF/application.xml deployment descriptor for the SecureLDAPSampleEAR project was configured for J2EE security:
      • On the Security tab, the AllRole Security Role was added.
      • Under WebSphere Bindings, All authenticated users was selected to map to AllRole. As a result, all user IDs in the SampleCompany directory are mapped to AllRole and can run this web application.
      If you have trouble running administrative security, you can disable it by working at the command line instead of at the administrative console. To disable administrative security, do as follows:
      1. At the command prompt, type the following:
        WebSphere_home\bin\wsadmin.bat -conntype NONE
        Note: WebSphere_home is the fully qualified path name of the install directory for WebSphere Application Server.
      2. When the system prompt is displayed again, type securityoff.
      3. When you are finished, type quit.
      4. Restart the application server.
  3. Run the sample:
    1. Clean the SecureLDAPSample project.
    2. To generate the code, use the SecureLDAPSampleWebBuildOptions build descriptor , which is in SecureLDAPSample.eglbld.
    3. Right-click your instance of WebSphere Application Server. Click Add and Remove Projects.
    4. Add SecureLDAPSampleEAR to the server and click Finish.
    5. Start WebSphere Application Server to complete the security configuration:
      1. Right-click the server and select Administration > Run administrative console.
      2. Expand Applications and click Enterprise applications. The Enterprise Applications page is displayed.
      3. Click SecureLDAPSampleEAR. An application configuration page is displayed.
      4. In the Web Module Properties section, click Session Management. The Session Management page is displayed.
      5. In the General Properties section, click Security Integration.

      You do not need to repeat the security configuration if you run the sample again on the same server instance.

    6. Restart WebSphere Application Server.
    7. In the WebContent folder in SecureLDAPSample, right click welcome.jsp. Select Run As then select Run on Server.
    8. On the login page, authenticate as Sample Company customer by typing the user ID ajones and the password pass; then click OK. The Welcome to Sample Company page opens. You can either display or update the data for ajones.
    9. Click Update.
    10. Change some of the data, and click Update and display. The changes are committed to the directory. The new data is displayed on the page.
    11. Restart the server and the workbench.
    12. On the server, run welcome.jsp and log in as a Sample Company employee by using the user ID msmith and the password pass. You can either display or update the data.

Feedback