Granting access to the administrative console

Define users in Tomcat or WebSphere® Application Server for access to the administrative console.

About this task

You grant access to the administrative console for Tomcat users or WebSphere Application Server users. For Tomcat, you can define more users as the installation created an initial user with the “administrator” role in your application's server. You must define the first user for WebSphere Application Server.

Procedure

Grant access to Tomcat users. Skip to the next section to grant access to WebSphere Application Server users.

  1. To enable access to the administrative console web application, do either of these actions:
    • Create a username and password combination and associate the role name SAPConnectorAdmin with it.
    • Add the SAPConnectorAdmin role to an existing username and password combination.
  2. Where the action is done depends on the Realm implementation that you are using.
    1. For MemoryRealm:
      1. Locate the XML file that stores the user information. By default, it is the $CATALINA_HOME/conf/tomcat-users.xml file.
        Tip: To see which file stores the user information, see the $CATALINA_HOME/conf/server.xml file
      2. Open the user information file with any text editor and locate the user that you want to assign the administrator role to.
      3. Add the SAPConnectorAdmin role to the comma-delimited roles attribute for the user, and save the file.
        Tip: You can also create users and assign them the administrator role.
        Here is an example code snippet:
        <user name="craigmcc" password="secret"
        roles= "standard, SAPConnectorAdmin" />
    2. For JDBCRealm

      The user and role information is stored in a directory server that is accessed by using LDAP. Add the SAPConnectorAdmin role to existing users, or create users with this role assigned, by following the standard procedures for your environment.

    3. For JNDIRealm

      The user and role information is stored in a directory server accessed by using LDAP. Add the SAPConnectorAdmin role to existing users, or create users with this role assigned, by following the standard procedures for your environment.

  3. Tomcat provides account lockout security to lock access after repeated login failures. The default setting is to lock the user for 300 seconds (5 minutes) after five login failures. These settings can be changed to enhance security. You can change the settings by editing the $CATALINA_HOME/conf/server.xml file.
    1. Locate <Realm className="org.apache.catalina.realm.LockOutRealm" in the server.xml file.
    2. Set the failureCount and lockOutTime attributes to the values that you want.
      The Realm element is as follows for a 300-second lock out after five failures:
      <Realm className="org.apache.catalina.realm.LockOutRealm"
            	failureCount="5" lockOutTime="300">
    3. After you change the failureCount or lockOutTime, the server must be restarted for the changes to take effect.

Grant access to WebSphere Application Server users

  1. For information about how to assign users and groups to roles, see Assigning users and groups to roles.

Feedback