Before you begin
You can customize security to some extent at the application server level. You can disable user security on an application server (administrative security remains enabled when global security is enabled).You can also modify Java 2 Security Manager, CSIv2 or Secure Authentication Service (SAS), and some of the other security attributes that are found on the global security (also called cell-level security) panel.
Note: User Registry properties include SAF properties such as com.ibm.security.SAF.authorization and com.ibm.security.SAF.unauthenticated identities.
You cannot configure a different authentication mechanism or user registry on an individual server basis. This feature is limited to cell-level configuration only. Also, when global security is disabled, you cannot enable application server security.
By default, server security inherits all of the values that are configured in global security (cell-level security). To override the security configuration at the server level, click Servers > Application Servers > server name. Under Additional Properties, click Server Security and click any of the following panels: Server Level Security, CSI Authentication > Inbound, CSI Authentication > Outbound, CSI Transport > Inbound, CSI Transport > Outbound, SAS Transport > Inbound, and SAS Transport > Outbound. After modifying the configuration in any of these panels and clicking OK or Apply, the security configuration for that panel or set of panels now overrides cell-level security. Other panels that are not overridden continue to be inherited at the cell-level. However, you can always revert back to the cell-level configuration at any time. On the Server Security panel, click Use Cell Security, Use Cell CSI, and Use Cell SAS to revert back to the global security configuration on these panels.
For more information, review Global security and server security.
Steps for this task
By default, you can see that global security, CSI, and SAS have not been overridden at the server level. CSI and SAS are authentication protocols for RMI/IIOP requests.
The Server Level Security panel lists attributes that are on the Global Security panel and can be overridden at the server level. Not all of the attributes on the Global Security panel can be overridden at the server level, including Active Authentication Mechanism and Active User Registry.
Example
What to do next
Once you have modified the configuration for a particular application server, you must restart the application server for the changes to become effective. To restart the application server, go to Servers > Application Servers and click the server name that you recently modified. Then, click the Stop button and then the Start button.If you disabled security for the application server, you can typically test a URL which is protected when security is enabled.
One URL that usually is installed when the DefaultApplication is install is the snoop application. If the DefaultApplication is installed on the application server, test that security is disabled by going to the following URL: http://host.domain:9080/snoop. If you have disabled security, you should not get prompted. This is just one method of validating the configuration. You should validate that the configuration is appropriate for your applications.