I am trying to port a J2EE app from Tomcat to Websphere and I'm not too familiar with Websphere.
The only problem I am having is authorization (I use basic-authentication in my web.xml). In Tomcat I use the tomcat-users.xml file to define my users/passwords and to what roles they belong.
How do I do this "simply" in Websphere? When deploying the EAR to Websphere it also asks me to map my role from web.xml to a user or group.
Do I have to set up some sort of realm? Custom user registry?
Thanks.
UPDATE:
I configured a Standalone custom registry, however I can't get a log-in prompt for username/password. It works just fine in Tomcat, and it doesn't in Websphere.
Code from web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>basic-auth security</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>HELLO_USER</role-name>
</auth-constraint>
<user-data-constraint>NONE</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>HELLO_USER</role-name>
</security-role>
Application security on WAS isn't enabled by default.
In the Admin Console, go to: Security -> Global Security and make sure the Enable application security check-box is checked.
You may need to restart the server after saving changes.