When security is enabled for a WebSphere Application
Server cell, users of wsadmin need to specify authentication information
to be able to connect to servers. User and password information can be
specified on the command line using the -user and -password options:
- For an RMI Connection:
wsadmin -conntype RMI -port 2809 -user u1 -password
secret1
- For a SOAP Connection:
wsadmin -conntype SOAP -port 2809 -user u1 -password
secret1
Unlike other wsadmin command line options (conntype and port, for example)
user and password information cannot be specified in the
wsadmin.properties file. The user and password information can be
specified in sas.client.props and soap.client.props files.
Use the -p option to specify the different wsadmin properties other than
those found in the install_root\bin\wsadmin.properties file.
For an RMI connection, edit the sas.client.props file:
- Find the following two lines and add the appropriate user ID and
password:
com.ibm.CORBA.loginUserid=
com.ibm.CORBA.loginPassword=
- Find the following line and change the default value from
prompt to properties:
com.ibm.CORBA.loginSource=properties
Note: If this value is left as prompt, wsadmin script
invocation causes a window to display with a password prompt. If the
script is running unattended, it will seem to hang.
- Ensure the default value of true is set for the following line:
com.ibm.CORBA.securityEnabled=true
For a SOAP connection, edit the soap.client.props file:
There is no corresponding loginSource property for SOAP
connections.
- Find the following two lines and add the appropriate user ID and
password:
com.ibm.SOAP.loginUserid=
com.ibm.SOAP.loginPassword=
- Ensure that the default value of true is set for the following
line:
com.ibm.SOAP.securityEnabled=true
Notes:
- Use the command line options -user and -password to overwrite the user
ID and password that is defined in the soap.client.props or the
sas.client.props file.
- You can use the PropFilePasswordEncoder utility to encode passwords in
the two above-mentioned properties files. To edit an encoded password,
replace the whole password string (including the encoding tag {...}) with
the new password, then encode the password with the
PropFilePasswordEncoder utility. This utility file is located at
install_root \bin\PropFilePasswordEncoder.bat/sh.
- Enabling security through soap.client.props or the sas.client.props
will not enable WebSphere global security.
Setting up wsadmin to use a specific sas.client.props or
soap.client.props file
To do this, you must edit the wsadmin.bat/sh file and set the CLIENTSAS or
CLIENTSOAP to the correct value for your wsadmin instance.
Example: Setting loginUserid and loginPassword in the
soap.client.props or the sas.client.props file. If another user wants to
connect to this particular port, he or she must use the same user ID and
password.
1. Make a backup copy of the wsadmin.bat/sh
file.
2. Edit the wsadmin.bat/sh file and locate this line:
SET USER_INSTALL_ROOT=%WAS_HOME%
then:
For RMI add as the next line:
SET CLIENTSAS=-Dcom.ibm.CORBA.ConfigURL=file:/%WAS_HOME%/
properties/wsadminsas.client.props
For SOAP add as the next line:
SET CLIENTSOAP=-Dcom.ibm.SOAP.ConfigURL=file:/%WAS_HOME%/
properties/wsadminsoap.client.props
Setting up multiple wsadmin clients with multiple user IDs
- Make a copy of the wsadmin.bat/sh for each user.
- Follow the steps above to create a different sas.client.props or
soap.client.props file. Each user has their own copy of the
sas.client.props or soap.client.props file.
- Specify a different user ID and password for each of the
sas.client.props or soap.client.props files. Each user has their own user
IS and password in their own copy of the sas.client.props or
soap.client.props file.
Note: If WebSphere global security is enabled, the user ID
specified in the sas.client.props or soap.client.props file must be valid
within the user registry.
Additional Information Sources
|