1

我已经在Global Security->JAAS -> Application Login. 但是我的服务器和部署的应用程序将如何知道它。另外,当我尝试检查Golobal Security->Enable Administrative security时,我收到一条错误消息:

Validation failed: SECJ7724E: Error in the user registry configuration unable to verify access to the user registry.
You must supply the primary administrative user name on the active registry or realm panels to enable security.
4

1 回答 1

0

您的应用程序通过 ibm-application-bnd.xml 了解 WAS 定义的安全角色。

这是一个绑定与 WAS 中定义的自定义 JDBC 注册表(CLIENT 角色)和 LDAP/AD(其他角色)匹配的角色的示例:

<?xml version="1.0" encoding="UTF-8"?>
<application-bnd xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                 xmlns="http://websphere.ibm.com/xml/ns/javaee"
                 xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee 
                                     http://websphere.ibm.com/xml/ns/javaee/ibm-application-bnd_1_0.xsd" 
                 version="1.0">
     <security-role name="CLIENT">
        <group name="Clients" />
     </security-role>
     <security-role name="STAFF">
        <group name="Contractors" access-id="CN=Contractors,OU=Some Unit,OU=Some Unit,o=StaffLDAP"/>
        <group name="ContractorsNoVPN" access-id="CN=ContractorsNoVPN,OU=Some Unit,OU=Some Unit,o=StaffLDAP"/>
        <group name="ContractorsVPN" access-id="CN=ContractorsVPN,OU=Some Unit,OU=Some Unit,o=StaffLDAP"/>
    </security-role>
    <security-role name="MANAGER">
        <group name="AssistantManagers" access-id="CN=AssistantManagers,OU=Some Unit,OU=Some Unit,OU=Some Unit,o=ManagersLDAP"/>
        <group name="Managers" access-id="CN=Managers,OU=Some Unit,OU=Some Unit,OU=Some Unit,o=ManagersLDAP"/>
        <group name="TestManagers"/>
    </security-role>
    <security-role name="ADMIN">
        <group name="Admin" access-id="group:someRealm/CN=Team,OU=Groups,OU=Divison,OU=Region,o=AdminsLDAP"/>
    </security-role>
</application-bnd>
于 2015-03-20T10:00:14.307 回答