Skip to content

Set J2EE Security Roles

When Connections is installed the default application security settings allows some content to be visible to anonymous users – many companies require users to login to view data and unless there is a specific requirement to allow anonymous read access it is recommended to secure the applications.

Note: Applications restart automatically, when you change J2EE Roles – when these are changed via the ISC or script they will restart.

Take care with the case of the user name when on a non-windows system as it can sometimes cause issues.

Change J2EE Roles through ISC

  • Applications > Application Types > WebSphere Enterprise Applications > Security role to user/group mapping

  • Select the check box in the Select column next to the reader role

  • Click Map Special Subjects -> All Authenticated in Application's Realm

bild18

This is required for each application.

Refer to Roles description in the official IBM Connections documentation

Change J2EE Roles through script

Using a script to set the application security can save you at least half an hour within IBM Connections configuration.

Extended version with LDAP Group support and input option, No need to edit the script as it will prompt you for the users required.

There are two versions of the script.

Restricted (cfgJ2EERolesRestricted.py)

  • Each application asks for credentials, no data visible for anonymous Users

When the Restricted script it run it will prompt for the user / group required for the WebSphere admin user, Search admin user, moderator, mobile admin etc.

bild19

Unrestricted (cfgJ2EERolesUnrestricted.py)

  • Default Settings, some content is visible to Anonymous Users

When the Unrestricted script it run it will prompt for the user / group required for the WebSphere admin user, Search admin user, moderator, mobile admin etc and will reset the application security to the default settings for each application.

J2EE Roles Backup

CR and Fix pack Installations pre IBM Connections 4.0 often reset J2EE Roles back to the default settings. Mainly this isn’t an issue anymore – BUT before running an update or making significant changes to the security settings it is wise to back up the application security roles

  • Script writes text files as backup to a local folder

  • Roles of all installed applications (including IBM Docs, Forms Experience Builder, Kudos etc.), not just the connections applications

    ./wsadmin.sh|bat -lang jython -f cfgJ2EERoleBackup.py

bild20

You will be prompted for the directory you will to back up to. Once complete each application has a text file associated with it – listing the security roles.

bild21

J2EE Roles Restore

Once you have a backup of the application security settings it is possible to restore it if necessary. Advantages to using the script to restore

  • You can edit the backup files to add or change users
  • Backup of Dev or QA Systems can be restored in production (Admin Users and Groups must exist there)

To run a restore use the cfgJ2EERoleRestore.py script. The script will prompt for the directory where the security text files are stored.

Text Only
./wsadmin.sh|bat -lang jython -f cfgJ2EERoleRestore.py

bild22

Once complete the roles are restored and visible in the ISC.

bild23