Basic tests are available that show whether the fundamental security
components are working properly. Use this task to validate your security configuration.
Before you begin
After configuring global security and
restarting all of your servers in a secure mode, validate that security is
properly enabled.
There
are a few techniques that you can use to test the various security login types.
For example, you can test the Web-based BasicAuth login,
Web-based form login, and the Java client BasicAuth login.
Basic
tests are available that show whether the fundamental security components
are working properly. Complete the following steps to validate your security
configuration:
Procedure
- After enabling security, verify that your system comes up in secure
mode.
-
Test the Web-based BasicAuth with Snoop,
by accessing the following URL: http://hostname.domain:9080/snoop. A
login panel is displayed. If a login panel does not display, then a problem
exists. If the panel appears, type in any valid user ID and password in your
configured user registry.
Note: The Snoop servlet is only available in
the domain if you included the DefaultApplication option when adding
the application server to the cell. The -includeapps option
for the addNode command migrates the DefaultApplication option
to the cell. Otherwise, skip this step.
- Test the Web-based form login by starting the administrative console: http://hostname.domain:port_number/ibm/console.
A form-based login page is displayed. If a login page does not appear,
try accessing the administrative console by typing https://myhost.domain:9043/ibm/console.
Type
in the administrative user ID and password that are used for configuring your
user registry when configuring security.
- Test Java Client BasicAuth with dumpNameSpace.
Use the app_server_root/bin/dumpNameSpace.bat file.
A login panel appears. If a login panel does not appear, there is a problem.
Type in any valid user ID and password in your configured user registry.
- Test all of your applications in secure mode.
- If all the tests pass, proceed with more rigorous testing of your
secured applications. If you have any problems, review the output
logs in the WebSphere Application Server /logs/nodeagent or
WebSphere Application Server /logs/server_name directories,
respectively. For more information on common problems, see Troubleshooting security configurations
.
Results
The results of these tests, if successful, indicate that security
is fully enabled and working properly.