WebSphere Application Server - Express, Version 6.0.x     Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Enabling global security

Why and when to perform this task

You can decide whether to enable IBM WebSphere Application Server security. You must enable global security for all other security settings to function.

WebSphere Application Server uses cryptography to protect sensitive data and to ensure confidentiality and integrity of communications between WebSphere Application Server and other components in the network. Cryptography is also used by Web services security when certain security constraints are configured for the Web Services application.

WebSphere Application Server uses Java Secure Sockets Extension (JSSE) and Java Cryptography Extension (JCE) libraries in the Software Development Kit (SDK) to perform this cryptography. The SDK provides strong but limited jurisdiction policy files. Unrestricted policy files provide the ability to perform full strength cryptography and to improve performance.

WebSphere Application Server provides a SDK that contains strong, but limited jurisdiction policy files. You can download the unrestricted policy files for the Windows, Linux, HP-UX, Solaris, AIX, and z/OS platforms from the following Web site: IBM developer kit: Security information. Complete the following steps to download and install the new policy files:
  1. Click Java 1.4.2
  2. Click IBM SDK Policy files.

    The Unrestricted JCE Policy files for SDK 1.4 Web site is displayed.

  3. Click Sign in and provide your IBM.com ID and password.
  4. Select Unrestricted JCE Policy files for SDK 1.4.2 and click Continue.
  5. View the license and click I Agree to continue.
  6. Click Download Now.
  7. Extract the unlimited jurisdiction policy files that are packaged in the ZIP file. The ZIP file contains a US_export_policy.jar file and a local_policy.jar file.
  8. In your WebSphere Application Server installation, go to the $JAVA_HOME/jre/lib/security directory and back up your US_export_policy.jar and local_policy.jar files.
  9. Replace your US_export_policy.jar and local_policy.jar files with the two files that you downloaded from the IBM.com Web site.

Steps for this task

  1. Enable global security in the WebSphere Application Server. Make sure that all node agents within the cell are active beforehand. For more information, see Configuring global security. It is important to click Security > Global Security and select the Enable global security option so that security is enabled upon a server restart.
  2. Before restarting the server, log off the administrative console. You can log off by clicking Logout at the top menu bar.
  3. Stop the server by going to the command line in the WebSphere Application Server /bin directory and issue a stopServer server_name command.
  4. Restart the server in secure mode by issuing the command startServer server_name. Once the server is secure, you cannot stop the server again without specifying an administrative user name and password. To stop the server once security is enabled, issue the command, stopServer server_name -username user_id -password password. Alternatively, you can edit the soap.client.props file in the install_root/properties directory and edit the com.ibm.SOAP.loginUserid or com.ibm.SOAP.loginPassword properties to contain these administrative IDs.

    If you have any problems restarting the server, review the output logs in the install_root/logs/server_name directory. Check the Troubleshooting security configurations article for any common problems.




Sub-topics
Global security settings

Related concepts
Java 2 security policy files

Related tasks
Configuring user registries
Configuring Lightweight Third Party Authentication
Configuring global security

Related reference
Java 2 security

Related information
z/OS MVS System Commands, SA22-7627

Task topic    

Terms of Use | Feedback

Last updated: Jun 8, 2005 12:45:23 PM EDT
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/tsec_egs.html

© Copyright IBM Corporation 2002, 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)