Enabling application security in WebSphere Application Server

Enable WebSphere Application Server application security to secure your CM Server environment from unauthorized access to WebSphere Application Server administrative functions.

About this task

This topic outlines how to enable application security for WebSphere Application Server. By performing the following steps, you disable the use of port 12080 in a URL of the format http://CMServerHost:12080/application. Instead, you can use port 12443 in a secure URL of the format https://CMServerHost:12443/application

The following variables are used in path names in this topic:
admin-user-name
WebSphere Application Server administrative user name
admin-password
WebSphere Application Server administrative password
CMServerHost
CM Server host name
RATIONAL_COMMON
Directory where the Rational common files are installed

Procedure

  1. Start the WebSphere Application Server administrative console. The administrative console is typically located at the following URL: http://localhost:12060/ibm/console
  2. If security is currently disabled, you are prompted for a user name. Log in.
    Attention: Do not use the administrative user name.
  3. Click Security > Secure administration, applications, and infrastructure.
  4. To configure security, use the Security Configuration wizard:
    1. In step 1 of the wizard, select a security level.
      • Enable Application security.
      • Keep Java 2 security disabled.
    2. In step 2, select a user repository. Consider choosing the federated repository or LDAP repository. See the WebSphere Application Server V6.1 Information Center for more information.
    3. In step 3, enter the administrative user name and password. The user name must be different from the user name that is running WebSphere Application Server.
    4. In step 4, confirm your selections and click Finish.
  5. Optional: Configure the user repository in the User account repository area of the Security > Secure administration, applications, and infrastructure page.
  6. Click Apply.
  7. Enable ClearQuest Web for CM Server administrative security.
    1. Edit the file CqServerConn.properties. The file is located in the following directory:
      On Windows:
      %RATIONAL_COMMON%\CM\profiles\cmprofile\installedApps\node-name\TeamEAR.ear\CQWebModule.war\WEB-INF\classes\CqServerConn.properties
      On the UNIX system and Linux:
      $RATIONAL_COMMON/CM/profiles/cmprofile/installedApps/node-name/TeamEAR.ear/CQWebModule.war/WEB-INF/classes/CqServerConn.properties
    2. Add the administrative user name to the following line:
      TEAM_SERVER_ADMIN_AUTHENTICATION_KEY=admin-user-name
    3. Add the administrative password to the following line:
      TEAM_SERVER_ADMIN_AUTHENTICATION_VALUE=admin-password
  8. Stop and restart CM Server for the administrative security changes to take effect.
    1. Stop CM Server.

      Once WebSphere Application Server administrative security is enabled, you must provide the administrative user name and password to log in to the WebSphere Application Server administrative console and stop CM Server.

      • On Windows:
        To stop CM Server by using the stopServer script, you must add the user and password arguments to the stopServer command line:-user admin-user-name -password admin-password
        On the UNIX system and Linux:
        The cmserver_shutdown and cmserver_restart scripts do not accept the -user and -password arguments. Instead, you are prompted for this information. UNIX system and Linux: Securing the administrative user name and password gives instructions on how to avoid passing the administrative user name and password on the command line.
    2. On Windows: Update the WebSphere Application Server service.

      Update the CM Server service in WebSphere Application Server by running the following commands in a command prompt window:

      >  cd %RATIONAL_COMMON%\eWAS\bin
      >  WASService.exe -add "cmprofile" -serverName CMServerHost -profilePath "%RATIONAL_COMMON%\CM\profiles\cmprofile" -stopArgs "-user admin-user-name -password admin-password" -encodeParams

What to do next

See the WebSphere Application Server V6.1 Information Center and the IBM WebSphere Application Server V6.1 Handbook for more information.


Feedback