WebSphere brand IBM WebSphere Sensor Events, Version 6.2

Enabling security

Scripts are provided to enable WebSphere® Application Server security for WebSphere Sensor Events and for Location Awareness Services for WebSphere Sensor Events. You can also use these scripts to disable security at a later time.

The following are a few key concepts that you should understand about WebSphere Application Server security for WebSphere Sensor Events and for Location Awareness Services for WebSphere Sensor Events:

Enabling security for WebSphere Sensor Events

Before you begin

The ws_security script enables WebSphere Application Server security. Before running the ws_security script, ensure the following:

  • A local user exists
  • Or a local user group exists and has users in it

You will set a local user as the WebSphere Application Server administrative user so that after WebSphere Application Server security is enabled, you can sign on to the WebSphere Application Server administrative console as an administrator. If you want your WebSphere Application Server administrative user to have administrator access to the WebSphere Sensor Events Administrative Console as well, then that user must be in the ibmrfid group.

Procedure
  1. Navigate to the security directory:

    Windows IBM_RFID_HOME\premises\install\security\

    Linux IBM_RFID_HOME/premises/install/security/

  2. Run the following command:
    ws_security enable userid password
    • userid = Local OS user ID

      This is the user ID of the WebSphere Application Server administrator. This user must be belong to the group called ibmrfid if you want the user to have administrative access to the WebSphere Sensor Events Administrative Console. The WebSphere Application Server administrator ID cannot be the same as the name of your server because the repository sometimes returns server-specific information when querying a user of the same name. For more information, refer to the Local operating system settings topic in the WebSphere Application Server Information Center.

      If you have installed Location Awareness Services for WebSphere Sensor Events, a WebSphere Application Server administrative user ID also has to be set in atlas.config.bat file under WASADMIN.

    • password = Local OS password.

      This is the password of the WebSphere Application Server administrator.

      If you have installed Location Awareness Services for WebSphere Sensor Events, a WebSphere Application Server administrative password also has to be set in atlas.config.bat file under WASPSWD.

  3. Restart WebSphere Application Server.

Enabling security for Location Awareness Services for WebSphere Sensor Events

Complete the following steps to configure security for WebSphere Application Server when you have Location Awareness Services for WebSphere Sensor Events installed. Enabling security in WebSphere Application Server provides security for the Spatial Management Client and portlets.

About this task
Note: You should not perform the steps if Location Awareness Services for WebSphere Sensor Events is not installed.
Procedure
  1. If you have not already done so, follow the steps to run the ws_security script and enable security for WebSphere Application Server.
  2. Navigate to the root installation directory of Location Awareness Services for WebSphere Sensor Events (such as, C:\LAS).
  3. Edit the las.config.properties file and define the values for the WebSphere Application Server administrator and the message queue user.
    #---------------------------------------------------------------
    # wasadmin      WAS admin.
    # waspswd       Password for WAS admin.
    #---------------------------------------------------------------
    settings.7.name=wasadmin
    settings.7.value=newUser
    
    settings.8.name=waspswd
    settings.8.value=newUser
    
    #---------------------------------------------------------------
    # meuser      Message Queue user.
    # mepswd      Password message queue user.
    #---------------------------------------------------------------
    settings.9.name=meuser
    settings.9.value=newUser
    
    settings.10.name=mepswd
    settings.10.value=newUser

    The script expects that WebSphere Application Server security is already enabled. The values for wasadmin and waspswd should reflect the WebSphere Application Server administrative user ID and password, respectively. These values can match the user ID and password that you used previously with the ws_security script, or they can match the ID and password for another WebSphere Application Server administrative user that you have set.

  4. Open a command prompt and change to the LAS_HOME\WAS\scripts directory.
  5. Type ATLAS_MAIN -security enable at the command-line prompt.
    The script completes the following actions:
    • Creates the following groups on the operating system: lassmcadministergrp, lasmonitorgrp, lasoperategrp, lasadministergrp, laslocategrp, lasregistrategrp, lasconfiguregrp, and lascustomizegrp.
    • Creates the user lasoveradmin with password lasoveradmin. This superuser can run Location Awareness Services for WebSphere Sensor Events functions in the WebSphere Application Server administrative console. Use the lasoveradmin superuser for testing or proof-of-concept environments only. The lasoveradmin user should not be used in production environments.
    • Applies security settings.
  6. Restart WebSphere Application Server.
  7. Edit the LAS_HOME\AtlasIntegrator\Data_Export.properties file to specify the real host name of your server instead of localhost.
  8. Verify that security is running by logging into the WebSphere Application Server administrative console. If security is enabled, you are prompted for your WebSphere Application Server user ID and password. A random user ID is no longer accepted.
What to do next

Follow the steps in Configuring security for the Control Processing portlet.


Library | Support | Terms of use

(c) Copyright IBM Corporation 2004, 2009. All rights reserved.
U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.