Role-based user authentication
- Last Updated: March 30, 2020
- 1 minute read
- OpenEdge
- Version 12.2
- Documentation
For user authentication, the PAS for OpenEdge comes configured for use with
Tomcat MemoryRealm. The MemoryRealm accesses user authentication information stored in
instance-name/conf/tomcat-users.xml. You should replace
the MemoryRealm with a different type of realm such as JDBC or LDAP in a production
instance. You can have multiple realms of different types configured at the same
time.
PAS for OpenEdge retains the roles defined in the default Tomcat MemoryRealm, but PAS for OpenEdge also includes a new set of roles that include the Tomcat roles. The following table lists the new roles and what existing Tomcat roles they map to, if any:
| PAS for OpenEdge role | Includes Tomcat Manager and Host Manager roles | Description |
|---|---|---|
ROLE_PSCAdmin |
|
Unrestricted administration access.
|
ROLE_PSCOper |
|
Restricted operator administration access. The Tomcat roles allow access to the text interfaces of the Host Manager and Manager applications as well as the status pages in the Manager application. |
ROLE_PSCUser |
none |
Non-priviliged access |
ROLE_PSCNone |
none |
No access, for user account authorization testing |
PAS for OpenEdge comes with three default test accounts configured in instance-name/conf/tomcat-users.xml, as
described in the following table:
| Username | Password | Role(s) |
|---|---|---|
tomcat |
|
ROLE_PSCAdmin, ROLE_PSCOper,
ROLE_PSCUser Note: Replace the
ROLE_PSCUser in production. |
tcuser1 |
|
ROLE_PSCUser
Note: Remove the ROLE_PSCUser in
production. |
tcuser2 |
|
ROLE_PSCNone
Note: Remove the ROLE_PSCNone in
production. |
instance-name/conf/tomcat-users.xml is shown
in the following
example:<user username="tomcat" password="tomcat"
roles="ROLE_PSCAdmin,ROLE_PSCOper,ROLE_PSCUser"/>