Before you begin
Before you can enable global security you must select both an authentication mechanism and a user registry.Why and when to perform this task
You need to start the administrative console by specifying the following Web site: http://server_hostname:9090/admin.
Perform the following steps to enable global security
Steps for this task
When Java 2 Security is enabled and if an application requires more Java 2 security permissions than are granted in the default policy, then the application might fail to run properly until the required permissions are granted in either the app.policy file or the was.policy file of the application. AccessControl exceptions are generated by applications that do not have all the required permissions. Review the Java 2 Security and Dynamic Policy documentation if you are unfamiliar with Java 2 security.
This release includes an Object Management Group (OMG) protocol called CSIv2, which supports increased vendor interoperability and additional features. If all servers in your entire security domain are Version 5 servers, it is best to specify CSI as your protocol. If some servers are 3.x or 4.x servers, specify CSI and z/SAS. The default is both CSI and z/SAS.
This panel performs a final validation of the security configuration. When you click OK or Apply from this panel, the security validation routine is performed and any problems are reported at the top of the page. When you complete all of the fields, click OK or Apply to accept the selected settings. Click Save (at the top of the panel) to persist these settings out to a file. If you see any informational messages in red text color, then there is a problem with the security validation. Typically, the message indicates the problem. So, review your configuration to verify that the user registry settings are accurate and the correct registry is selected. In some cases, the LTPA configuration may not be fully specified. See Global security settings for detailed information.
Results
Configuration is successful when error messages do not display at the top of the panel.Why and when to perform this task
Global security activates a number of WebSphere security settings. Most of the settings receive their default value from the installation scripts, run during server installation. The following is a checklist for enabling global security on a base application server node, using the SAF-based (LocalOS) user registry and LTPA authentication:
Why and when to perform this task
To disable global security, log on to the administrative console and select Security > Global Security. Uncheck the Enabled check box. Restart the server and global security is off.
If global security is not working properly, it can cause the server to not start, or start without providing you with the ability to log on. To disable global security in this case, Go to your $install_root/bin directory and execute the wsadmin -conntype NONE command. At the wsadmin> prompt, entersecurityoff and then type exit to return to a command prompt. Restart the server with security disabled to check any incorrect settings through the administrative console
An optional way to disable global security is to edit the server security.xml file. The security.xml file can be found in the <mountpoint>/AppServer/config/cells/ directory. The security.xml file must be translated to EBCDIC before editing and translated back to ASCII after editing.
To disable global security, edit the security.xml. Search for the line that begins with the following tag: <security:Security. In that line search for enabled. The word following enabled is true. Change it to false. Save the file. Restart the server. Global security is now disabled.