Testing security after enabling it

Basic tests are available that show whether the fundamental security components are working properly. Use this task to validate your security configuration.

Before you begin

After configuring administrative security and restarting all of your servers in a secure mode, validate that security is properly enabled.

Basic tests are available that show whether the fundamental security components are working properly. Complete the following steps to validate your security configuration:

Procedure

  1. After enabling security, verify that your system comes up in secure mode.
  2. Test the Web-based form login by starting the administrative console: http://hostname.domain:port_number/ibm/console. A form-based login page is displayed. If a login page does not appear, try accessing the administrative console by typing https://myhost.domain:9043/ibm/console.
  3. Test Java™ Client BasicAuth with dumpNameSpace.

    [AIX Solaris HP-UX Linux Windows] Use the app_server_root/bin/dumpNameSpace.bat file. A login panel appears. If a login panel does not appear, there is a problem. Type in any valid user ID and password in your configured user registry.

    [z/OS] Use the app_server_root/bin/dumpNameSpace.sh file. A login panel appears. If a login panel does not appear, there is a problem. Type in any valid user ID and password (or password phrase) in your configured user registry.

  4. Test all of your applications in secure mode.
  5. If all the tests pass, proceed with more rigorous testing of your secured applications. If you have any problems, review the SYSOUT and SYSPRINT logs.

Results

The results of these tests, if successful, indicate that security is fully enabled and working properly.

Example [z/OS]

To test the Snoop application, do the following:
  1. Enable security while installing the Base Application Server.
  2. Log onto the administrative console with a wsadmin user ID and password.
  3. Navigate to Applications > Enterprise Applications > DefaultApplication > Security role to user/group mapping.
  4. Add a user. Select the role All Role, and click Lookup User.
  5. Map one of the users (for example, TESTER1) with the role All Role. For more information on mapping, see Look up users.
  6. Save the configuration.
  7. [z/OS] Run Resource Access Control Facility (RACF®) commands for the role All Role to find those that are associated with the TESTER1 user ID.
    [z/OS] Note: In the RACF command, enter All Role as All#Role, as in the following example:
    RDEFINE EJBROLE S30CSA1.All#Role UACC(NONE) APPLDATA('TESTER1') 
    PERMIT S30CSA1.All#Role CLASS(EJBROLE) ID(TESTER1) ACCESS(READ) 
    SETROPTS RACLIST(EJBROLE) REFRESH
    PE S30CSA1 CLASS(APPL) ID(TESTER1) ACCESS(READ)
    
  8. Access the application with the user ID TESTER1 at http://localhost:port/snoop.



In this information ...


Related concepts

IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic    

Terms of Use | Feedback

Last updated: Oct 22, 2010 3:02:28 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=v700osgijpa&product=was-nd-mp&topic=tsecmthejb
File name: tsec_mthejb.html