Security in your WebSphere® ESB environment
is controlled from the administrative console. A user with sufficient
privileges can turn on or off all application security from the administrative
console. It is therefore critical that you secure the environment
before deploying secured applications.
Before you begin
You should install
WebSphere ESB and
verify the installation before commencing these tasks.
About this task
Your
WebSphere ESB environment
is defined within a profile. Open the administrative console for the
profile that you want to secure. Log in to the console using any user
identity; until the profile is secure, any user name will be accepted.
The following steps provide a roadmap of the tasks
you perform to enable security. More specific details on these tasks
are provided in the topics that follow.
Procedure
- Ensure that administrative security is turned on. Enabling security.
- Ensure that application security is turned on. Securing applications in WebSphere ESB.
- Add users or groups to the administrative role. You
can give administrative rights to individual users or to a group of
users by following the Administrative User Roles or Administrative
Group Roles, respectively.
- Select the user account repository that you want to use.
The following table describes the choices of user registry
and the actions required to select and configure a user registry.
- Make sure you have set the selected registry
as your current registry.
If you have not already done
so, click Set as current at the bottom of the Secure
administration, applications, and infrastructure page.
- Make sure you have applied the changes
after you select the user registry
If you have not already
done so, click Apply at the bottom of the Secure
administration, applications, and infrastructure page.
- Go to the Business Integration Security panel. Expand Security and
click Business Integration Security.
- Supply appropriate user identities for the listed authentication
aliases. The credential you provide must exist in the user
account repository that you are employing.
- Apply these changes.
Click the Apply button
at the bottom of the panel.
- Save the changes to the local configuration.
Click Save in
the message pane.
- If necessary, stop and restart the server.
If
the server needs to be restarted, a message will appear in the administrative
console to this effect.
Results
The next time you log in to the administrative console, you
must provide a valid user name and password.
What to do next
Each node that you create
must be secured in this way. The system administrator user identity
might have been used in multiple places during installation and configuration
of the environment. It is advisable to replace this identity with
appropriate user credentials from the user account repository for
all but the core security functions. Use the
Business Integration
Security panel in the administrative console to administer
these identities and aliases.