Question

我已在Global Security->JAAS -> Application Login下定义了我的登录模块。但是我的服务器和部署的应用程序将如何知道它。当我尝试检查 Golobal Security-＆gt;启用管理安全性时，我收到错误消息：

Validation failed: SECJ7724E: Error in the user registry configuration unable to verify access to the user registry.
You must supply the primary administrative user name on the active registry or realm panels to enable security.

Answer 1

您的应用程序通过ibm-application-bnd.xml了解WAS定义的安全角色。

这是一个绑定与WAS中定义的自定义JDBC注册表（CLIENT角色）和LDAP / AD（其他角色）匹配的角色的示例：

<?xml version="1.0" encoding="UTF-8"?>
<application-bnd xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                 xmlns="http://websphere.ibm.com/xml/ns/javaee"
                 xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee 
                                     http://websphere.ibm.com/xml/ns/javaee/ibm-application-bnd_1_0.xsd" 
                 version="1.0">
     <security-role name="CLIENT">
        <group name="Clients" />
     </security-role>
     <security-role name="STAFF">
        <group name="Contractors" access-id="CN=Contractors,OU=Some Unit,OU=Some Unit,o=StaffLDAP"/>
        <group name="ContractorsNoVPN" access-id="CN=ContractorsNoVPN,OU=Some Unit,OU=Some Unit,o=StaffLDAP"/>
        <group name="ContractorsVPN" access-id="CN=ContractorsVPN,OU=Some Unit,OU=Some Unit,o=StaffLDAP"/>
    </security-role>
    <security-role name="MANAGER">
        <group name="AssistantManagers" access-id="CN=AssistantManagers,OU=Some Unit,OU=Some Unit,OU=Some Unit,o=ManagersLDAP"/>
        <group name="Managers" access-id="CN=Managers,OU=Some Unit,OU=Some Unit,OU=Some Unit,o=ManagersLDAP"/>
        <group name="TestManagers"/>
    </security-role>
    <security-role name="ADMIN">
        <group name="Admin" access-id="group:someRealm/CN=Team,OU=Groups,OU=Divison,OU=Region,o=AdminsLDAP"/>
    </security-role>
</application-bnd>

JAAS不在Websphere Application Server中工作

1 个答案: