为了在配置批量基于角色的身份验证时从 servlet 执行批量操作,您需要向 servlet 添加身份验证质询,以便它在特定用户而不是UNAUTHENTICATED下运行。
您可以像这样将其添加到示例中:
import javax.servlet.annotation.HttpConstraint;
import javax.servlet.annotation.HttpMethodConstraint;
import javax.servlet.annotation.ServletSecurity;
import javax.servlet.annotation.WebServlet;
// ...
@ServletSecurity(value = @HttpConstraint(transportGuarantee = ServletSecurity.TransportGuarantee.CONFIDENTIAL),
httpMethodConstraints = { @HttpMethodConstraint(value = "POST", emptyRoleSemantic = ServletSecurity.EmptyRoleSemantic.PERMIT),
@HttpMethodConstraint(value = "GET", emptyRoleSemantic = ServletSecurity.EmptyRoleSemantic.PERMIT),
@HttpMethodConstraint(value = "PUT", emptyRoleSemantic = ServletSecurity.EmptyRoleSemantic.PERMIT) })
@WebServlet(urlPatterns = { "/joboperator" })
public class JobOperatorServlet extends HttpServlet {
除了定义用户注册表和用户,并授予他们访问您引用的文档中的批处理角色的权限之外,这是其中的一个片段:
<httpEndpoint httpPort="9080" httpsPort="9443" id="defaultHttpEndpoint"/>
<keyStore id="defaultKeyStore" password="Liberty"/>
<basicRegistry id="basic" realm="ibm/api">
<user name="bob" password="bobpwd"/>
<user name="jane" password="janepwd"/>
</basicRegistry>
<authorization-roles id="com.ibm.ws.batch">
<security-role name="batchSubmitter">
<user name="bob"/>
</security-role>
<security-role name="batchAdmin">
<user name="jane"/>
</security-role>
</authorization-roles>
现在,有一个单独但相关的问题,即如何配置批处理安全性,即哪些功能将批处理安全性纳入画面。但我将把它留给后续问题,并认为它的存在是理所当然的。