You can customize security to some extent at the application
server level. You can disable administrative
security on an application server.
Before you begin
Deprecated feature: Server level security has been deprecated in this
release of
WebSphere® Application Server. Multiple security domain
support has been added in its place. You can create different security
configurations and assign them to different applications in
WebSphere Application Server processes.
By creating multiple security domains, you can configure different
security attributes for both administrative and user applications
within a cell environment. You can configure different applications
to use different security configurations by assigning the servers
or clusters or SIBuses that host these applications to the security
domains. Read about
Multiple security domains for more detailed information.
depfeat
You
can also modify Java™ 2 Security and some of the
other security attributes that are found on the Global security panel.
This panel provides access to the cell-level security settings. You
cannot configure a different authentication mechanism or user registry
on an individual server basis. This feature is limited to cell-level
configuration only.
By default,
server security inherits all of the values that are configured for
cell-level security. To override the cell-level security configuration
at the server level, click Servers > Application Servers > server_name.
Under Security, click Server Security and click any of the
following links:
- CSIv2 inbound authentication
- CSIv2 outbound authentication
- CSIv2 inbound transport
- CSIv2 outbound transport
- z/SAS authentication
- Server-level security
Note: z/SAS is supported only between Version 6.0.x and previous version servers that have been federated in a Version 6.1 cell.
After
modifying the configuration in any of these panels and clicking
OK or
Apply,
the security configuration for that panel or set of panels now overrides
cell-level security. Other panels that are not overridden continue
to be inherited at the cell-level. However, you can always revert
back to the cell-level configuration at any time. You can revert back
to the cell-level security configuration by clearing the check box
next to any of the following options on the Server security panel:
- Security settings for this server override cell settings
- RMI/IIOP security for this server overrides cell settings
- SAS security for this server overrides cell settings
A
number of additional Secure Authentication Services for z/OS
® (z/SAS)
attributes can be considered for security at a server level, such
as:
- Local identity
- Remote identity
- Sync to thread allowed
What to do next
Typically, server-level security is used to disable user
security for a specific application server. However, this can also
be used to disable or enable the Java 2
security manager, and to configure the authentication requirements
for RMI/IIOP requests both incoming and outgoing from this application
server.
After you modify the configuration for a particular application
server, you must restart the application server for the changes to
become effective. To restart the application server, go to Servers >
Application servers and click the server name that you recently
modified. Click Stop and then Start.
If you disabled
security for the application server, you can typically test a Web
address that is protected when security is enabled.