Configure security properties
- Last Updated: February 11, 2026
- 3 minute read
- OpenEdge
- Version 13.0
- Documentation
Per the description in the oeablSecurity.properties.README file, PAS for OpenEdge resolves properties by loading multiple .properties files and using the last declared value found by it. The minimum requirement is that PAS for OpenEdge must find an oeablSecurity.properties file in one of the following locations:
- CATALINA_HOME/conf/oeablSecurity.properties
- CATALINA_BASE/conf/oeablSecurity.properties
- CATALINA_BASE/ablapps/abl-appname/conf/oeablSecurity.properties
- CATALINA_BASE/webapps/web-appname/WEB-INF/oeablSecurity.properties
The remainder of the README file is quite informative and worth reviewing in detail. Though to
summarize this process, security options should be applied broadly at first (at the PAS
for OpenEdge instance level) and then with narrower definitions until reaching a
specific WebApp. Note that the contents of these files are additive, which means
you may declare a property in a file early in the list of locations above, and then
utilize that value through the property notation (for example,
${my.prop.name}) in subsequent files.
properties-loader.xml file in the
WEB-INF/spring/ directory of each WebApp is responsible for the
ordered file-search behavior. Until you observe the chain of inclusion above, you may
use this hierarchy of properties to your own ends, as demonstrated in the following
example.Usage Example
The following scenario may help illustrate deployment of instance-specific values in a single properties file, while generic webapp-specific properties simply refer to these using the replacement notation.
Scenario: A customer offers a SaaS application using a dedicated PAS for
OpenEdge instance for each of their tenants. All application business logic is
common to every tenant, therefore any .war files generated for
deployment should remain consistent, yet be dynamic enough to accommodate tailoring
per tenant.
Problem: Since all code and generated artifacts are common to each tenant, how do you provide per-tenant tailoring at deployment without altering properties in the original project code or generated artifacts?
Solution: As the .war files produced by project code for deployment
must remain generic, any configuration files should be designed to utilize
properties from elsewhere in the PAS for OpenEdge instance. For example, if a webapp
uses OERealm authentication and a specific domain to identify tenants, the following
property in the webapps's oeablSecurity.properties may use a
generic assignment:
|
Meanwhile, when the PAS for OpenEdge instance is created for the customer, you must define the
new property customer.domain.name somewhere in the new instance,
leaving two likely options:
- Define the property only for a specific ABLApp.
- Define the property for the overall PAS for OpenEdge instance.
In either case, simply replace the original contents of either properties file with only the
relevant properties. For this example, if you intend to use a single property across
the entire PAS for OpenEdge instance, edit the
CATALINA_BASE/conf/oeablSecurity.properties file. Entering the
following line will define the property at that PAS for OpenEdge instance level, and
the properties-loader behavior will add it to the cumulative list of properties for
use:
|
Summary: With this solution, you do not need to rely on hard-coded values within configuration files in the WebApp (the oeablSecurity.properties in the project). Instead, you can utilize custom properties as placeholders and rely on the configuration of the PAS for OpenEdge instance itself to set those necessary values. This solution keeps the artifacts for deployments generic and reusable.