Before you begin
You can customize security to some extent at the application server level. You can disable user security on an application server (administrative security remains enabled when global security is enabled). You can also modify Java 2 Security Manager, CSIv2 or Secure Authentication Service (SAS), and some of the other security attributes that are found on the global security (also called cell-level security) panel. You cannot configure a different authentication mechanism or user registry on an individual server basis. This feature is limited to cell-level configuration only. Also, when global security is disabled, you cannot enable application server security.
Steps for this task
By default, you can see that global security, CSI, and SAS have not been overridden at the server level. CSI and SAS are authentication protocols for RMI/IIOP requests. The Server Level Security panel lists attributes that are on the Global Security panel and can be overridden at the server level. Not all of the attributes on the Global Security panel can be overridden at the server level, including Active Authentication Mechanism and Active User Registry.
What to do next
Typically server-level security is used to disable user security for a specific application server. However, this can also be used to disable (or enable) the Java 2 security manager, and to configure the authentication requirements for RMI/IIOP requests both incoming and outgoing from this application server.After you modify the configuration for a particular application server, you must restart the application server for the changes to become effective. To restart the application server, go to Servers > Application servers and click the server name that you recently modified. Click Stop and then Start.
If you disabled security for the application server, you can typically test a web address that is protected when security is enabled.