Friday, March 12, 2010

Custom User Registry

To enable security in WebSphere Application Server, you need to logon to WAS admin console. The default URL for accessing WAS admin console would be http://localhost:9060/admin in your local machine. When the security is not enabled WAS would ask you for a username and you can provide any username you want. When enabling security in WAS 6.0 there are three different types of user registries available.
1. Custom User Registry
2. LDAP
3. Local OS.
Here I will be talking about enabling security using Custom User Registry as the Active User Registry. The first step in enabling security using Custom user registry is to create one user file and a group file. The group file will be of the following format.

name:gid:users:display name
For eg:
admins:1:admin,admin1:Administrative group
operators:2:operator,operator1:Operators group
users:3:user1,user2,user3,bobby:

The groups file will be saved with name groups.props in directory D:\IBM\security.
Then create a users file using the following format.

name:passwd:uid:gids:display name
admin:admin:10:1:Admin
admin1:admin1:11:1:Admin 1
user:user:12:2,3:User

The users file will be saved with name users.props in directory D:\IBM\security. (This cane be any directory)
The next fist step is to click on Global Security link under security menu.


 The security configuration page opens up.



Once the security configuration page got opened click on Custom under user registries section. The custom user registry page opens.



Under general properties enter the server admin username and password you want and click on the custom properties link under Additional properties section. Click on new button in the custom properties page.



Enter groupsFile as the name and D:/IBM/security/groups.props as the value. Save the custom property value and create another custom property and enter usersFile as the name D:/IBM/security/users.props as the value. Save the values you will be returned to the custom properties page. Now the custom properties page would look like the one in the below picture.



Save the changes made and return to the security configuration page.
Now select custom user registry under active user registry and select the ‘Enable global security’ checkbox. Uncheck ‘Enforce Java 2 Security’


Save the changes. Restart your server. Once global security is enabled on the WAS server, we need to provide the admin username and password for starting and stopping the server. The command for starting the server once the security is enabled is
startServer.bat server1 -user admin -password admin
where server1 is the name of your server. If your server is integrated with an IDE like RAD, double click on the server from the server perspective and enter the username and password after selecting ’security is enabled on this server’ checkbox under security section in your server configuration window.

#####################################################################

No comments:

Post a Comment