Enabling security on the server

Before you can implement basic authentication in your application, you need to enable security on the server. This primarily entails setting up a user registry ID and password, as well as enabling global security.

Generally, setting up a user registry for a production environment takes some time. In this topic, you learn how to set up a sample custom user registry that is appropriate for use in a development and testing environment.

To enable security on the server:

  1. In the file system, change to the following directory (where installDir is the install path of WebSphere Integration Developer): installDir\pf\wps
  2. In the wps directory, create the following subdirectory: file_registry_sample
  3. In the new file_registry_sample directory, complete the following tasks to add the sample custom user registry data to the file system (which contains wid as a user ID and password):
    • Using a text editor, create a file named groups.props and then copy and paste the following text into the new file:
      # 5639-D57, 5630-A36, 5630-A37, 5724-D18 
      # (C) COPYRIGHT International Business Machines Corp. 1997, 2007
      # All Rights Reserved * Licensed Materials - Property of IBM
      #
      # Format:
      # name:gid:users:display name
      # where name   = groupId of the group
      #       gid    = uniqueId of the group
      #       users  = list of all the userIds that the group contains
      #       display name = a (optional) display name for the group.
      admins:567:bob,wid:Administrative group
      operators:678:jay,ted,dave:Operators group
      users:789:jay,jeff,vikas,bobby:
    • Using a text editor, create a file named users.props and then copy and paste the following text into the file:
      # 5639-D57, 5630-A36, 5630-A37, 5724-D18 
      # (C) COPYRIGHT International Business Machines Corp. 1997, 2007
      # All Rights Reserved * Licensed Materials - Property of IBM
      #
      # Format:
      # name:passwd:uid:gids:display name
      # where name   = userId/userName of the user
      #       passwd = password of the user
      #       uid    = uniqueId of the user
      #       gid    = groupIds of the groups that the user belongs to
      #       display name = a (optional) display name for the user.
      bob:bob1:123:567:bob
      dave:dave1:234:678:
      jay:jay1:345:678,789:Jay-Jay
      ted:ted1:456:678:Teddy G
      jeff:jeff1:222:789:Jeff
      vikas:vikas1:333:789:vikas
      bobby:bobby1:444:789:
      wid:wid:555:567:wid
  4. Save the two files and then close the text editor.
  5. In the Business Integration perspective, click the Servers tab to open the Servers view.
  6. In the Servers view, right-click your running WebSphere Process Server and then select Run administrative console. The administrative console opens.
  7. In the User ID field, specify a user ID and click Log In. Since security is not yet enabled, you can use any ID to log in.
  8. In the left frame, expand Security and click the Global security link. The Global Security page opens.
  9. In the User registries section, click the Custom link. The Custom User Registry page opens.
  10. In the Server user ID field, type wid.
  11. In the Server user password field, type wid.
  12. In the Custom registry class name field, type com.ibm.websphere.security.FileRegistrySample. The Custom User Registry page should now resemble the following figure:
    Picture of the Custom User Registry page
  13. Click Apply.
  14. In the Additional Properties section, click the Custom properties link. The Custom Properties page opens.
  15. Click New. The New page opens.
  16. In the Name field, type groupsFile.
  17. In the Value field, type ${USER_INSTALL_ROOT}/file_registry_sample/groups.props. The New page should resemble the following figure:
    Picture of the New page
  18. Click OK to return to the Custom Properties page.
  19. Click New again. The New page opens.
  20. In the Name field, type usersFile.
  21. In the Value field, type ${USER_INSTALL_ROOT}/file_registry_sample/users.props. The New page should resemble the following figure:
    Picture of the New page
  22. Click OK to return to the Custom Properties page, which should now resemble the following figure:
    Picture of the Custom Properties page
  23. Click the Global Security link to return to the Global Security page.
  24. Select the Enable global security check box.
  25. If the Enforce Java 2 security check box is selected, clear it.
  26. In the Active user registry drop-down list, select Custom user registry. The Global Security page should resemble the following figure:
    Picture of the Global Security page
  27. Click Apply.
  28. In the Authentication section, expand JAAS Configuration.
  29. Under JAAS Configuration, click the J2C Authentication data link. The J2C Authentication Data Entries page opens.
  30. If you chose to add WebSphere Process Server as an integrated test environment when you installed WebSphere Integration Developer and if you did not modify any of the J2C authentication data entries on the J2C Authentication Data Entries page, then all of the J2C authentication data entries (with the exception of the Cloudscape J2C authentication data entry) should use wid as the default user ID and password. In this case, you do not need to modify anything now. However, if you did not choose to add WebSphere Process Server as an integrated test environment when you installed WebSphere Integration Developer, or if you added WebSphere Process Server as an integrated test environment but you later modified one or more of the J2C authentication data entries on the J2C Authentication Data Entries page, then you need to change the user ID and password of the modified J2C authentication data entries to wid (with the exception of the Cloudscape J2C authentication data entry) by completing the following steps:
    1. In the list of J2C authentication data entries, click the link of one of the entries. For example, SCA_Auth_Alias. The page for the selected J2C authentication data entry opens.
    2. In the User ID field, type wid.
    3. In the Password field, type wid.
    4. Click OK.
    5. Repeat these steps for each of the remaining J2C authentication data entries (except for the Cloudscape entry). When you have finished, the J2C Authentication Data Entries page should resemble the following figure:
      Picture of the J2C Authentication Data Entries page
  31. At the top of the J2C Authentication Data Entries page, click the Save link.
  32. Click the Save button.
  33. At the top of the administrative console, click Logout.
  34. Close the administrative console.
  35. Open a command window and change to the following directory (where installDir is the install path of WebSphere Integration Developer): installDir\runtimes\bi_v6\bin
  36. Run the following command: wsadmin -profile redeployFileTransfer.jacl -c "fileTransferAuthenticationOn widCell widNode server1"
  37. In the Servers view, right-click your server and select Stop.
  38. In the Servers view, right-click your server and select Open. The server configuration editor opens.
  39. In the Server section, select the SOAP (More firewall compatible) radio button.
  40. Expand the Security section.
  41. Select the Security is enabled on this server check box.
  42. In the User ID field, type wid. This is the user ID specified in the custom user registry.
  43. In the Password field, type wid.
  44. Press Ctrl-S to save your changes and then close the server configuration editor.
  45. In the Servers view, start your server.
If you run into problems after enabling security on the server, you can disable security and then investigate the source of the problems by following the instructions in the topic "Disabling security on the server."
Related tasks
Creating a security token for the request message
Creating a token generator for the request message
Creating a required security token for the request message
Creating a caller part for the request message
Creating a token consumer for the request message
Testing authentication using the integration test client
Disabling security on the server

Feedback
(C) Copyright IBM Corporation 2005, 2006. All Rights Reserved.