Set J2EE Security Roles¶
When Connections is installed the default application security settings allows some content to be visible to anonymous users – many companies require users to login to view data and unless there is a specific requirement to allow anonymous read access it is recommended to secure the applications.
Note: Applications restart automatically, when you change J2EE Roles – when these are changed via the ISC or script they will restart.
Take care with the case of the user name when on a non-windows system as it can sometimes cause issues.
Change J2EE Roles through ISC¶
Applications > Application Types > WebSphere Enterprise Applications > Security role to user/group mapping
Select the check box in the Select column next to the reader role
Click Map Special Subjects -> All Authenticated in Application's Realm
This is required for each application.
Change J2EE Roles through script¶
Using a script to set the application security can save you at least half an hour within IBM Connections configuration.
Extended version with LDAP Group support and input option, No need to edit the script as it will prompt you for the users required.
There are two versions of the script.
- Each application asks for credentials, no data visible for anonymous Users
When the Restricted script it run it will prompt for the user / group required for the WebSphere admin user, Search admin user, moderator, mobile admin etc.
- Default Settings, some content is visible to Anonymous Users
When the Unrestricted script it run it will prompt for the user / group required for the WebSphere admin user, Search admin user, moderator, mobile admin etc and will reset the application security to the default settings for each application.
J2EE Roles Backup¶
CR and Fix pack Installations pre IBM Connections 4.0 often reset J2EE Roles back to the default settings. Mainly this isn’t an issue anymore – BUT before running an update or making significant changes to the security settings it is wise to back up the application security roles
- Script writes text files as backup to a local folder
Roles of all installed applications (including IBM Docs, Forms Experience Builder, Kudos etc.), not just the connections applications
./wsadmin.sh|bat -lang jython -f cfgJ2EERoleBackup.py
You will be prompted for the directory you will to back up to. Once complete each application has a text file associated with it – listing the security roles.
J2EE Roles Restore¶
Once you have a backup of the application security settings it is possible to restore it if necessary. Advantages to using the script to restore
- You can edit the backup files to add or change users
- Backup of Dev or QA Systems can be restored in production (Admin Users and Groups must exist there)
To run a restore use the cfgJ2EERoleRestore.py script. The script will prompt for the directory where the security text files are stored.
Once complete the roles are restored and visible in the ISC.