Assigning Administrator
Permissions 
Use
As pointed out in Registering the MBean, you need to have administrator permissions to work with the MBean Server. That is why we have to introduce a security role and map it to the “administrators” group in the J2EE Engine.
Procedure
...
1. Declare the security role “MBeanCreator” and state that the BankServlet and the PropertiesReaderServlet must run in this role:
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app> <display-name>Bank</display-name> <description>Bank</description> <servlet> <servlet-name>com.sap.engine.bank.BankServlet</servlet-name> <servlet-class>com.sap.engine.bank.BankServlet</servlet-class> <run-as> <role-name>MBeanCreator</role-name> </run-as> </servlet> <servlet> <servlet-name>com.sap.engine.bank.PropertiesReaderServlet</servlet-name> <servlet-class>com.sap.engine.bank.PropertiesReaderServlet</servlet-class> <run-as> <role-name>MBeanCreator</role-name> </run-as> </servlet>
<servlet-mapping> <servlet-name> com.sap.engine.bank.BankServlet </servlet-name> <url-pattern> /bank </url-pattern> </servlet-mapping>
<servlet-mapping> <servlet-name> com.sap.engine.bank.PropertiesReaderServlet </servlet-name> <url-pattern> /properties </url-pattern> </servlet-mapping>
<security-role> <description>Creator of MBeans</description> <role-name>MBeanCreator</role-name> </security-role>
</web-app> |
2. In the web-j2ee-engine.xml, map the “MBeanCreator” security role to the J2EE Engine “administrators” group:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE web-j2ee-engine SYSTEM "web-j2ee-engine.dtd">
<web-j2ee-engine> <security-role-map> <role-name> MBeanCreator </role-name> <server-role-name> administrators </server-role-name> </security-role-map> </web-j2ee-engine> |