Menu
In Java EE some servers unfortunately require a vendor specific group to role mapping for the security configuration. For these servers, such mapping is mandatory even when there really is nothing to map.
Unfortunately, IBM Liberty is such a server. It requires a mapping in a file called ibm-application-bnd.xml, that one is supposed to put inside an EAR's META-INF/ folder. For example:
<?xml version="1.0" encoding="UTF-8"?>
<application-bnd xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee http://websphere.ibm.com/xml/ns/javaee/ibm-application-bnd_1_2.xsd"
xmlns="http://websphere.ibm.com/xml/ns/javaee"
version="1.2">
<security-role name="architect">
<group name="architect" />
</security-role>
</application-bnd>
Even more unfortunate is that seemingly this file can only be used from an EAR.
How can group to role mapping be specified from within the application archive when using a WAR with Liberty?
(solutions that require me to change anything inside the server, or interact with any kind of console or graphical admin interface are unfortunately not usable for me)
361
This post is a bit dated but here are my finding for anyone else who may be struggling with this issue.
With the latest version of WebSphere Liberty (currently @ 8.5.5.6) you can place your application bindings file (ibm-application-bnd.xml) into the web application's META-INF folder and Liberty will parse the bindings file as if it was packaged in an EAR. I am not sure if this is a documented feature or not.
61
Another update - in the June 2016 delivery (Liberty fix pack 16.0.0.2) we now support default role to group name mapping. If you are happy for your group name to be the same as the role name then you don’t need to provide binding informtaion, the mapping will occur automatically.
To summarise there are now 3 ways in Liberty to map groups to roles:
33
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
