Before you can implement basic authentication in your application,
you need to enable security on the server. This primarily entails setting
up a user registry ID and password, as well as enabling global security.
Generally, setting up a user registry for a production environment
takes some time. In this topic, you learn how to set up a sample custom user
registry that is appropriate for use in a development and testing environment.
To
enable security on the server:
- In the file system, change to the following directory (where installDir is
the install path of WebSphere Integration Developer): installDir\pf\wps
- In the wps directory, create the following
subdirectory: file_registry_sample
- In the new file_registry_sample directory, complete the
following tasks to add the sample custom user registry data to the file system
(which contains wid as a user ID and password):
- Using a text editor, create a file named groups.props and
then copy and paste the following text into the new file:
# 5639-D57, 5630-A36, 5630-A37, 5724-D18
# (C) COPYRIGHT International Business Machines Corp. 1997, 2007
# All Rights Reserved * Licensed Materials - Property of IBM
#
# Format:
# name:gid:users:display name
# where name = groupId of the group
# gid = uniqueId of the group
# users = list of all the userIds that the group contains
# display name = a (optional) display name for the group.
admins:567:bob,wid:Administrative group
operators:678:jay,ted,dave:Operators group
users:789:jay,jeff,vikas,bobby:
- Using a text editor, create a file named users.props and
then copy and paste the following text into the file:
# 5639-D57, 5630-A36, 5630-A37, 5724-D18
# (C) COPYRIGHT International Business Machines Corp. 1997, 2007
# All Rights Reserved * Licensed Materials - Property of IBM
#
# Format:
# name:passwd:uid:gids:display name
# where name = userId/userName of the user
# passwd = password of the user
# uid = uniqueId of the user
# gid = groupIds of the groups that the user belongs to
# display name = a (optional) display name for the user.
bob:bob1:123:567:bob
dave:dave1:234:678:
jay:jay1:345:678,789:Jay-Jay
ted:ted1:456:678:Teddy G
jeff:jeff1:222:789:Jeff
vikas:vikas1:333:789:vikas
bobby:bobby1:444:789:
wid:wid:555:567:wid
- Save the two files and then close the text editor.
- In the Business Integration perspective, click the Servers tab
to open the Servers view.
- In the Servers view, right-click your running WebSphere
Process Server and then select Run administrative console.
The administrative console opens.
- In the User ID field, specify a user ID
and click Log In. Since security is not yet enabled,
you can use any ID to log in.
- In the left frame, expand Security and click
the Global security link. The Global Security page
opens.
- In the User registries section, click the Custom link.
The Custom User Registry page opens.
- In the Server user ID field, type wid.
- In the Server user password field, type wid.
- In the Custom registry class name field,
type com.ibm.websphere.security.FileRegistrySample.
The Custom User Registry page should now resemble the following figure:

- Click Apply.
- In the Additional Properties section, click
the Custom properties link. The Custom Properties page
opens.
- Click New. The New page opens.
- In the Name field, type groupsFile.
- In the Value field, type ${USER_INSTALL_ROOT}/file_registry_sample/groups.props.
The New page should resemble the following figure:

- Click OK to return to the Custom Properties
page.
- Click New again. The New page opens.
- In the Name field, type usersFile.
- In the Value field, type ${USER_INSTALL_ROOT}/file_registry_sample/users.props.
The New page should resemble the following figure:

- Click OK to return to the Custom Properties
page, which should now resemble the following figure:

- Click the Global Security link to return
to the Global Security page.
- Select the Enable global security check
box.
- If the Enforce Java 2 security check box
is selected, clear it.
- In the Active user registry drop-down list,
select Custom user registry. The Global Security page
should resemble the following figure:

- Click Apply.
- In the Authentication section, expand JAAS Configuration.
- Under JAAS Configuration, click the J2C Authentication
data link. The J2C Authentication Data Entries page opens.
- If you chose to add WebSphere Process Server as an integrated test
environment when you installed WebSphere Integration Developer and if
you did not modify any of the J2C authentication data entries on the J2C Authentication
Data Entries page, then all of the J2C authentication data entries (with the
exception of the Cloudscape J2C authentication data entry) should use wid as
the default user ID and password. In this case, you do not need to modify
anything now. However, if you did not choose to add WebSphere Process Server
as an integrated test environment when you installed WebSphere Integration
Developer, or if you added WebSphere Process Server as an integrated
test environment but you later modified one or more of the J2C authentication
data entries on the J2C Authentication Data Entries page, then you need to
change the user ID and password of the modified J2C authentication data entries
to wid (with the exception of the Cloudscape J2C authentication
data entry) by completing the following steps:
- In the list of J2C authentication data entries, click the link
of one of the entries. For example, SCA_Auth_Alias.
The page for the selected J2C authentication data entry opens.
- In the User ID field, type wid.
- In the Password field, type wid.
- Click OK.
- Repeat these steps for each of the remaining J2C authentication
data entries (except for the Cloudscape entry). When you have finished, the
J2C Authentication Data Entries page should resemble the following figure:

- At the top of the J2C Authentication Data Entries page, click the Save link.
- Click the Save button.
- At the top of the administrative console, click Logout.
- Close the administrative console.
- Open a command window and change to the following directory (where installDir is
the install path of WebSphere Integration Developer): installDir\runtimes\bi_v6\bin
- Run the following command: wsadmin -profile redeployFileTransfer.jacl
-c "fileTransferAuthenticationOn widCell widNode server1"
- In the Servers view, right-click your server
and select Stop.
- In the Servers view, right-click your server
and select Open. The server configuration editor opens.
- In the Server section, select the SOAP
(More firewall compatible) radio button.
- Expand the Security section.
- Select the Security is enabled on this server check
box.
- In the User ID field, type wid.
This is the user ID specified in the custom user registry.
- In the Password field, type wid.
- Press Ctrl-S to save your changes and then
close the server configuration editor.
- In the Servers view, start your server.
If you run into problems after enabling security on the server, you
can disable security and then investigate the source of the problems by following
the instructions in the topic "Disabling security on the server."