Securing new application with ejbrole.

Issues and Questions related to running Apache Tomcat on z/OS
Post Reply
joulin
Posts: 3
Joined: Sat May 03, 2014 2:43 am

Securing new application with ejbrole.

Post by joulin » Mon May 05, 2014 2:13 am

Hi,
I am in an Z/OS environment and i want to call SAF for securing my applications. I install the sepcial dovetail jar and do all necessary for implemantation like described in documentation. The manager EJBROLE role is called and all work fine like described.

Now i have an application (istrobe) who doesn't call ejbrole. At the minimum i want that this application will be available for user who have EJBROLE Istrobe. I don't find how to do this (i saw what was written on previous forum but it doesn't work). When i call the istrobe URL the signon screen is not displayed (like an unsecured application).

Thank for your help.
Regards

dovetail
Site Admin
Posts: 1830
Joined: Thu Jul 29, 2004 12:12 pm

Re: Securing new application with ejbrole.

Post by dovetail » Sun May 25, 2014 3:20 pm

suggest you contact Compuware on configuring security for iStrobe

joulin
Posts: 3
Joined: Sat May 03, 2014 2:43 am

Re: Securing new application with ejbrole.

Post by joulin » Mon May 26, 2014 4:42 am

Hi, Thanks for the reply. I ask to compuware to secure the application.
But in general, if the programmer doesn't interface the applet to use ejbrole, i have no security and no signon.
There is no way to force the use of an ejbrole when calling an applet ?

Regards

dovetail
Site Admin
Posts: 1830
Joined: Thu Jul 29, 2004 12:12 pm

Re: Securing new application with ejbrole.

Post by dovetail » Tue May 27, 2014 9:25 am

I would suspect that the problem is that you need to add role based security to the iStrobe web application - to protect certain / all sevlets. This would typically be don in the application's web.xml. See the Tomcat documentation for details.

Post Reply