Enable WAS Security in WAS 6



Please Note: You can find the files (users.props and groups.props ) referenced here can be found you can find them here: /ram/ewas/properties>

Enable WAS Security in WAS 6.0.2.x

Note: - If the server environment is clustered, use the “Websphere Administrative Console” on the DM (Domain Manager) for all WebSphere Application Server (WAS) onsole steps.

1. Its highly recommended to backup the WAS profile before making any of the following changes by executing “backupConfig.bat“in the WAS install path “…WebSphere\AppServer\bin”.

2. In path \profiles\\properties> create a new directory “security” that will be used for userid’s and password’s in the absence of using LDAP.

3. In the zip with this document there should be a folder labeled “security.” Inside there are two files “groups.props and users.props.” Copy both files to \profiles\\properties\security.>

4. Note the “users.props” is for WAS userid’s and passwords and the “groups.props” is for groupings of ID’s and Passwords for WAS.

a. In a Clustered environment you must add both these files to the DM (Domain Manager) machine as well as each WAS machine in the cluster

5. Start the “Websphere Administrative Console”.

6. Open the “Security Tab” then click “Global Security”.

7. Open “User Registries” click “Custom”.

8. Enter the following variables and click “Apply.” Critical Note – The UserID and password must be in the groupsFile that is defined in the following step to ensure that WAS allows users to login into the console.

a. Server Userid: “admin”

b. Server User Password: “admin”

9. Click “Custom Properties”

10. Select New to create an authentication property file to define the Rational Asset Manager groups.

a. The Name for the groups must be “groupsFile”

b. The Value is the full path file name to the groups.props file (e.g. D:\IBM\WebSphere\AppServer\profiles\\properties\security\groups.props).

c. Click “Apply”

d. Click “OK”

11. Select “New” to create an authentication property file to define the Rational Asset Manager userids.

a. The Name for the groups must be “usersFile”

b. The Value is the full path file name to the users.props file as defined above (e.g. D:\IBM\WebSphere\AppServer\profiles\\properties\security\userid.props).

c. Click “Apply”

d. Click “OK”

[pic] [pic]

Your Custom Properties should resemble the following:

[pic]

12. Select the link to get back to Global Security [pic]

13. Enable WAS Security:

a. Select “Enable global security”

b. Then deselect “Enforce Java 2 security”

c. In the “Active user registry” drop-down list and select “Custom user registry”.

d. Select “Apply”

e. Select “OK”

[pic]

14. After the Apply, verify that the following messages open at the top of the Global security page.

15. Select Save and then Save again on the prompt page. This will apply the changes.

[pic]

16. Logout of the administrative console by selecting Logout at the top of the main page [pic]

17. Restart WAS or reboot the machine to have changes take affect. In a Clustered environment, the DM (Domain Manager) needs to be rebooted unless a way to restart the WAS on that machine is found.

Enable WAS Security in WAS 6.1.0.x

Create a directory in your /properties directory and copy users.props and groups.props into this directory. . ( is the path to the WAS profile you are using.)

Start the server and open the Admin console.

1. Start the server from the command line, by going to your /bin directory. Once there, run the “startServer.bat server1” command. After the server has started, open a web browser and go to . The port number will most likely be different than the standard 9060. To check, you can go to /properties and look for WC_adminhost in portdef.props. For future reference, when security is enabled, you should use . 9043 is the default value, and will likely be different, so check the value of WC_adminhost_secure in portdef.props and use that if necessary.

2. Click on Security( Secure administration, applications, and infrastructure.

[pic]

2. At the bottom of the page select Standalone custom registry from the Available realm definitions and click Configure.

3. Then click on Custom Properties-> and create the properties files needed for security.

4. Click New, for groups, the name is groupsFile.

a. For users, the name is usersFile. For the value, specify the location of the properties files.

5. Click Ok for each definition.

[pic]

6. Click on the breadcrumb Standalone custom registry and click Save.

7. Enter admin as the Primary administrative user name and the Server user ID/password and

8. Click OK.

[pic]

9. On the Configuration page, select Enable administrative security and disable Use Java 2 security…

a. Ensure the Available realm definitions is set to Standalone custom registry.

[pic]

10. Click Apply and Save.

11. Logout and restart the server.

1. From the command prompt you used earlier to start the server, issue the “stopServer.bat server1” command. Then do a “startServer.bat server1”

a. Note: from this point on, issuing a stopServer command will require a user and password. stopServer will accept username and password as parameters, but you don’t have to do this on the command line. By default, eWAS will display a prompt for you if you have not supplied credentials.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download