Security considerations for WebSphere Integration Developer

If you chose to install the integrated test environment when you installed WebSphere® Integration Developer, then security is disabled by default for all test environment servers. However, you can choose to enable basic security for test environment servers using the server configuration editor. Or you can enable advanced security for test environment servers using the administrative console.

Information about enabling or disabling basic security and advanced security is found in the following two sections.

Enabling or disabling basic security for test environment servers

If you want to enable or disable basic security for a test environment server, you generally use the server configuration editor to edit the server configuration and select security preferences.

To enable or disable basic security for a test environment server:

  1. In the Business Integration or Debug perspective, click the Servers tab to open the Servers view.
  2. In the Servers view, right-click your server and select Open. The server configuration editor opens.
  3. In the server configuration editor, expand the Security section.
  4. If you want to enable security for the server, complete the following steps:
    1. Select the Security is enabled on this server check box.
    2. In the User ID field, specify a valid user ID from the local operating system user registry.
    3. In the Password field, type in a valid password for the user ID.
  5. If you want to disable security for the server, clear the Security is enabled on this server check box.
  6. Press Ctrl-S to save your changes and close the server configuration editor.
  7. If the server is already running and you want the server to pick up your changes to the server configuration, right-click the server and select Restart. (Additional information about restarting a server is found in the topic "Restarting servers.")
Note: There are limitations on enabling security for test environment servers. For information about these limitations, you are strongly encouraged to read the topic "Limitations."
Additional information about managing security in the test environment is found in the Rational® Application Developer topic "Enabling security."

Enabling or disabling advanced security for test environment servers

If you want to enable or disable an advanced level of security for a test environment server in WebSphere Integration Developer, you must use the administrative console. For example, if you want to enable an advanced level of security for a WebSphere Process Server test environment server, you would use the WebSphere Process Server administrative console to enable global security and to set the J2C authentication aliases. You might also use the WebSphere Process Server administrative console to set up a Lightweight Directory Access Protocol (LDAP) registry for user authentication or to perform many other tasks related to advanced security.

To enable or disable advanced security for a WebSphere Process Server test environment server:

  1. In the Business Integration or Debug perspective, click the Servers tab to open the Servers view.
  2. In the Servers view, right-click your running server and select Run Administrative Console. The administrative console opens.
  3. In the User ID field, specify a user ID and click Log In.
  4. In the left frame, expand Security and click the Global security link. The Global Security page opens.
  5. If you want to enable global security, select the Enable global security check box.
  6. If you want to set up an LDAP registry for user authentication, select the appropriate LDAP features that are accessible from the Global Security page. Information about setting up an LDAP registry is found in the topic "Configuring Lightweight Directory Access Protocol (LDAP) as the user registry" at the WebSphere Process Server information center.
  7. If you chose to enable global security, you must set the appropriate J2C authentication aliases by completing the following steps:
    1. Under the Authentication section of the Global Security page, expand JAAS Configuration.
    2. Under JAAS Configuration, click the J2C authentication data link. The J2C Authentication Entries page opens.
    3. Set the authentication aliases. Note that if you chose to install the integrated test environment when you installed WebSphere Integration Developer, most of the aliases will already have a default user ID and password of "wid".
  8. If you want to disable global security for the server, clear the Enable global security check box on the Global Security page.
  9. Save your changes in the administrative console and close the console.
  10. If you want your test environment server to pick up your changes, right-click the server and select Restart. (Additional information about restarting a server is found in the topic "Restarting servers.")
For information about managing security, see the documentation at the IBM WebSphere Business Process Management Version 6.0 information center. For example, information about managing security in WebSphere Process Server is found in the topic "Securing applications and their environment: Overview."

Feedback
(C) Copyright IBM Corporation 2005, 2006. All Rights Reserved.