WebSphere Enterprise Service Bus, Version 6.2.0 Operating Systems: AIX, HP-UX, i5/OS, Linux, Solaris, Windows


Securing a stand-alone WebSphere ESB installation

Security in your WebSphere® ESB environment is controlled from the administrative console. A user with sufficient privileges can turn on or off all application security from the administrative console. It is therefore critical that you secure the environment before deploying secured applications.

Before you begin

You should install WebSphere ESB and verify the installation before commencing these tasks.

About this task

Your WebSphere ESB environment is defined within a profile. Open the administrative console for the profile that you want to secure. Log in to the console using any user identity; until the profile is secure, any user name will be accepted.

The following steps provide a roadmap of the tasks you perform to enable security. More specific details on these tasks are provided in the topics that follow.

Procedure
  1. Ensure that administrative security is turned on. Enabling security.
  2. Ensure that application security is turned on. Securing applications in WebSphere ESB.
  3. Add users or groups to the administrative role. You can give administrative rights to individual users or to a group of users by following the Administrative User Roles or Administrative Group Roles, respectively.
  4. Select the user account repository that you want to use.

    The following table describes the choices of user registry and the actions required to select and configure a user registry.

    User registry Action
    Federated repositories Specify this setting to manage profiles in multiple repositories under a single realm. The realm can consist of identities in:
    • The file-based repository that is built into the system
    • One or more external repositories
    • Both the built-in, file-based repository and in one or more external repositories
    Note: Only a user with administrator privileges can view the federated repositories configuration.
    For more information, see Managing the realm in a federated repository configuration.
    Local Operating System The default user registry. See Configuring the local operating system or standalone custom user account repositoryfor details of how to configure the user account registry,
    Standalone LDAP registry Follow the instructions in Configuring Lightweight Directory Access Protocol (LDAP) as the user registry to configure LDAP as your user account registry.
    Standalone custom registry See Configuring the local operating system or standalone custom user account repositoryfor details of how to configure the user account registry.
  5. Make sure you have set the selected registry as your current registry.

    If you have not already done so, click Set as current at the bottom of the Secure administration, applications, and infrastructure page.

  6. Make sure you have applied the changes after you select the user registry

    If you have not already done so, click Apply at the bottom of the Secure administration, applications, and infrastructure page.

  7. Go to the Business Integration Security panel. Expand Security and click Business Integration Security.
  8. Supply appropriate user identities for the listed authentication aliases. The credential you provide must exist in the user account repository that you are employing.
  9. Apply these changes.

    Click the Apply button at the bottom of the panel.

  10. Save the changes to the local configuration.

    Click Save in the message pane.

  11. If necessary, stop and restart the server.

    If the server needs to be restarted, a message will appear in the administrative console to this effect.

Results

The next time you log in to the administrative console, you must provide a valid user name and password.

What to do next

Each profile that you create must be secured in this way. The system administrator user identity might have been used in multiple places during installation and configuration of the environment. It is advisable to replace this identity with appropriate user credentials from the user account repository for all but the core security functions. Use the Business Integration Security panel in the administrative console to administer these identities and aliases.

task Task topic

Terms of use | Feedback


Timestamp icon Last updated: 21 June 2010


http://publib.boulder.ibm.com/infocenter/dmndhelp/v6r2mx/topic//com.ibm.websphere.wesb620.doc/doc/tsec_adminroadmap.html
Copyright IBM Corporation 2005, 2010. All Rights Reserved.
This information center is powered by Eclipse technology (http://www.eclipse.org).