DB2 Web Service Provider Security (2)

"Guided reading" in this article, we will explain how to enable security for the DB2 Web service Provider application, which includes enabling authentication, setting up authorization, and ensuring that messages are encrypted. We will also explain how WEB service users are mapped to database users.

Setting Up Database Users

For the complete DADX filegroup, configure the database user. You can set up a database user by entering the user ID and password in the form of plaintext or base64 encoding in a configuration file called Group.properties. But even with coding, this does not provide real security, because passwords are not encrypted. The remedy is to set up a WEB service provider to use a data source (DataSource) and then set the user for that data source in WebSphere. Another advantage of this approach is that you can use connection pooling for multiple data sources.

In the next step, open the group configuration file for the Dxx_sample group, as shown in Figure 5. You can switch to the project Navigator view, located in the middle left of the window, to view all the files in the project. The path to the file is "Securedadx/java resources/groups.dxx_sample/group.properties". Modify the previous two configuration parameters to:

Initialcontextfactory=com.ibm.websphere.naming.wsninitialcontextfactory

Datasourcejndi=jdbc/sampledatasource

The first parameter "Initialcontextfactory" is required to access JNDI (Java naming and directory interfaces) in WebSphere. The second parameter "Datasourcejndi" is the name of the data source in JNDI. Later, we will configure the data source with this name in WebSphere.

Figure 5. Modify Group.properties

In the next step, when we work with the WebSphere Management console, the settings for the data source are completed in WebSphere.

Set authorization

The following steps modify the deployment descriptor for your WEB application. Click the Java hiearchy tab located on the lower left side of the window, and then double-click the Web application Securedadx, as shown in Figure 6. This opens the WEB application Deployment Descriptor editor. Click the Security tab to edit the safety settings.

Figure 6. Open the WEB application deployment descriptor

Next, create a new role. A role is a collection of users, similar to groups in the operating system. In this example, we create a role-"dadxuser" to include all users who are allowed to access DADX. In a real-world application, you might create roles such as "Accounting", "Engineering", and "Administrator," and then allow them to access different DADX files.

Figure 7. Add and name a role