The first step in securing your WebSphere® ESB environment
and your applications is to enable administrative security.
Before you begin
Install
WebSphere ESB and
verify the installation before commencing these tasks.
Open the
administrative console for the profile that you want to secure. Log
in to the console using any user identity; until the profile is secure,
any user name will be accepted.
About this task
For information about administrative security,
application security, and Java™ 2
security, see the information listed under
Subtopics.
Procedure
- Open the administrative security panel in the administrative
console.
Expand Security and
click Secure administration, applications, and infrastructure.
- Enable administrative security.
Select Enable
administrative security.
- Enable application security.
Select Enable
application security.
- Optional: Enforce Java 2
security, if required.
Select Use Java 2
security to restrict application access to local resources to
enforce Java 2 security permission
checking.
When you enable Java 2
security, an application that requires more Java 2 security permissions than are granted
in the default policy might fail to run properly until the required
permissions are granted in either the app.policy file
or the was.policy file of the application. Access
Control exceptions are generated by applications that do not have
all the required permissions. For more information about Java 2 security, see the topic on Configuring Java 2 security policy files in
the WebSphere Application Server Information
Center.
Note: Updates to the app.policy file
apply only to the enterprise applications on the node to which the app.policy file
belongs.
- Optional: Select Warn if applications
are granted custom permissions. The filter.policy file
contains a list of permissions that an application should not have
according to the J2EE 1.3 Specification. If an application is installed
with a permission specified in this policy file and this option is
enabled, a warning is issued. The default is enabled.
- Optional: Select Restrict access
to resource authentication data. Enable this
option if you need to restrict application access to sensitive Java Connector Architecture (JCA)
mapping authentication data.
- Apply these changes.
Click the Apply button
at the bottom of the panel.
- Save the changes to the local configuration.
Click Save in
the message pane.
- If necessary, stop and restart the server.
If
the server needs to be restarted, a message will appear in the administrative
console to this effect.
What to do next
You must turn on administrative security for each profile
that you create.