Defining Application Roles in the Policy Store
Because Web application security is a role-based access control mechanism with permissions granted to application roles, you must define a set of roles in the policy store that are specific to your application. You eventually map the application roles of your policy store to enterprise roles defined in the deployment environment. This enables a user who is a member of a given enterprise role to access resources that are accessible from the associated application role. Enterprise roles are defined in the identity store of the security provider and are controlled only at an administrator level. This provides a level of abstraction to the enterprise roles and enables development to proceed against functional roles.
During development, the policy store is file-based, with access right grants stored in the jazn-data.xml file in <app-role> elements under <policy-store>. To add a role to the policy store, perform the following steps:
1. Right-click jazn-data.xml and select Properties.
2. In the Edit JPS Identity and Policy Store dialog box:
a. Create the policy store if one does not yet exist: Select Application Policy Store and click New. Enter a Display Name and click OK.
b. Expand the policy store and select Application Roles.
c. Click Add, and in the Add Application Role dialog box, enter a name and click OK.