Creating a J2EE Security Role for Accessing the Application

Use

In this step, you will create the J2EE security role AccessQuickCarRental. Only users that are assigned to this role will be able to access the quick car rental application.

Prerequisites

The quick car rental application’s Web client project, J2EE_QuickCarRentalWeb, is displayed in the J2EE Explorer.

Procedure

...

       1.      Open or return to the web.xml file.

       2.      Choose the Security Roles tab page.

       3.      To create a role, select the SecurityRoles node and choose Add.

A role with the name DefaultSecurityRole appears.

       4.      Select this role and enter the new name AccessQuickCarRental in the Role Name field.

       5.      Enter a description in the Description field, for example, This role protects access to the quick car rental application..

       6.      Save the data.

Result

The <security-role> element with <description> and <role-name> sub-elements are added to the deployment descriptors for the Web application in the web.xml file.

   <security-role>
      <description>This role protects access to the quick car rental
                   application.
</description>
      <role-name>AccessQuickCarRental</role-name>
   </security-role>

In addition, the <security-role-map> entry is added to the web-j2ee-engine.xml file as shown below:

<web-j2ee-engine>
   <security-role-map>
      <role-name>
AccessQuickCarRental</role-name>
   </security-role-map>
   <security-policy-domain>/QuickCarRental</security-policy-domain>
</web-j2ee-engine>

Next Step:

Creating a Security Constraint