Security considerations for WebSphere Integration Developer

If you chose to install the integrated test environment when you installed WebSphere® Integration Developer, then security is disabled by default for all test environment servers. However, you can choose to enable basic security for test environment servers using the server configuration editor. Or you can enable advanced security for test environment servers using the administrative console.

Information about enabling or disabling basic security and advanced security is found in the following two sections.

Enabling or disabling basic security for test environment servers

If you want to enable or disable basic security for a test environment server, you generally use the server configuration editor to edit the server configuration and select security preferences.

To enable or disable basic security for a test environment server:

  1. In the Business Integration or Debug perspective, click the Servers tab to open the Servers view.
  2. In the Servers view, right-click your server and select Open. The server configuration editor opens.
  3. In the server configuration editor, expand the Security section.
  4. If you want to enable security for the server, complete the following steps:
    1. Select the Security is enabled on this server check box.
    2. In the User ID field, specify a valid user ID from the local operating system user registry.
    3. In the Password field, type in a valid password for the user ID.
  5. If you want to disable security for the server, clear the Security is enabled on this server check box.
  6. Press Ctrl-S to save your changes and close the server configuration editor.
  7. If the server is already running and you want the server to pick up your changes to the server configuration, right-click the server and select Restart. (Additional information about restarting a server is found in the topic "Restarting servers.")
Note: There are limitations on enabling security for test environment servers. For information about these limitations, you are strongly encouraged to read the topic "Limitations."
Additional information about managing security in the test environment is found in the Rational® Application Developer topic "Enabling security."

Enabling or disabling advanced security for test environment servers

If you want to enable or disable an advanced level of security for a test environment server, you must use the administrative console. For example, if you want to enable an advanced level of security for a WebSphere Process Server test environment server, you would use the WebSphere Process Server administrative console to enable global security and to set the J2C authentication aliases. You might also use the WebSphere Process Server administrative console to set up a Lightweight Directory Access Protocol (LDAP) registry for user authentication or to perform many other tasks related to advanced security.

Information about enabling advanced security is found at the IBM WebSphere Business Process Management Version 6.0 information center. Specific information about enabling security in WebSphere Process Server is found in the topic "Setting up security for a stand-alone WebSphere Process Server". Similarly, specific information about enabling security in WebSphere Enterprise Service Bus is found in the topic "Setting up security for a stand-alone WebSphere ESB".

To enable or disable advanced security for a test environment server:

  1. In the Business Integration or Debug perspective, click the Servers tab to open the Servers view.
  2. In the Servers view, right-click your running server and select Run Administrative Console. The administrative console opens.
  3. In the User ID field, specify a user ID and click Log In.
  4. In the left frame, expand Security and click the Global security link. The Global Security page opens.
  5. If you want to enable global security, select the Enable global security check box.
  6. If you want to use an LDAP registry for user authentication, complete the following steps:
    1. In the Active user registry field, select Lightweight Directory Access Protocol (LDAP) user registry.
    2. Under User registries, click the LDAP link. The LDAP User Registry page opens.
    3. Set up an LDAP registry (if you do not already have one). Information about setting up an LDAP registry is found at the IBM WebSphere Business Process Management Version 6.0 information center. Specific information about setting up an LDAP registry in WebSphere Process Server is found in the topic "Configuring Lightweight Directory Access Protocol (LDAP) as the user registry." Similarly, specific (and more detailed) information about setting up an LDAP registry is found in the WebSphere Enterprise Service Bus topic "Configuring Lightweight Directory Access Protocol user registries".
  7. If you chose to enable global security, you must set the appropriate J2C authentication aliases by completing the following steps:
    1. Under the Authentication section of the Global Security page, expand JAAS Configuration.
    2. Under JAAS Configuration, click the J2C authentication data link. The J2C Authentication Entries page opens.
    3. Set the authentication aliases. Note that if you chose to install the integrated test environment when you installed WebSphere Integration Developer, most of the aliases will already have a default user ID and password of "wid".
  8. If you want to disable global security for the server, clear the Enable global security check box on the Global Security page.
  9. Save your changes in the administrative console and close the console.
  10. If you want your test environment server to pick up your changes, right-click the server and select Restart. (Additional information about restarting a server is found in the topic "Restarting servers.")
For information about managing security, see the documentation at the IBM WebSphere Business Process Management Version 6.0 information center. For example, information about managing security in WebSphere Process Server is found in the topic "Securing applications and their environment" and its many subtopics. Similarly, information about managing security in WebSphere Enterprise Service Bus is found in the topic "Securing the ESB" and its subtopics.

Feedback
(C) Copyright IBM Corporation 2005, 2006. All Rights Reserved.