WAS v8.5 > Secure applications > Set up security > Enable security

Enable security for the realm

Use this topic to enable IBM WebSphere Application Server security. You must enable administrative security for all other security settings to function. WAS uses cryptography to protect sensitive data and to ensure confidentiality and integrity of communications between WAS and other components in the network. Cryptography is also used by Web Services Security when certain security constraints are configured for the web services application.

WAS uses Java Secure Sockets Extension (JSSE) and Java Cryptography Extension (JCE) libraries in the SDK to perform this cryptography. The SDK provides strong but limited jurisdiction policy files. Unrestricted policy files provide the ability to perform full strength cryptography and to improve performance.

WAS provides a SDK 6 containing strong, but limited jurisdiction policy files. We can download the unrestricted policy files from the following website: IBM developer kit: Security information.

Fix packs that include updates to the SDK might overwrite unrestricted policy files. Back up unrestricted policy files before you apply a fix pack and reapply these files after the fix pack is applied.

Your country of origin might have restrictions on the import, possession, use, or re-export to another country, of encryption software. Before downloading or using the unrestricted policy files, check the laws of your country, its regulations, and its policies concerning the import, possession, use, and re-export of encryption software, to determine if it is permitted.

To download and install the new policy files:

1. Click Java SE 6
2. Scroll down the page then click IBM SDK Policy files.

   The Unrestricted JCE Policy files for SDK 6 website displays.

3. Click Sign in and provide your IBM.com ID and password.

4. Select Unrestricted JCE Policy files for SDK 6 and click Continue.
5. View the license and click I Agree to continue.

6. Click Download Now.
7. Extract the unlimited jurisdiction policy files that are packaged in the compressed file. The compressed file contains a US_export_policy.jar file and a local_policy.jar file.
8. In a WAS installation, go to the $JAVA_HOME/jre/lib/security directory and back up your US_export_policy.jar and local_policy.jar files.
9. Replace your US_export_policy.jar and local_policy.jar files with the two files that we downloaded from the IBM.com website.

To enable security for the realm:

1. Enable security in the WAS. Make sure that all node agents within the cell are active beforehand.

   For more information, see Enable security. Click Security > Global security. Select an available realm definition from the list, and then click Set as current so that security is enabled upon a server restart.

   In previous releases of WAS, the Set as current option is known as the Enable global security option.

2. Before restarting the server, log off the dmgr console. We can log off by clicking Logout at the top menu bar.
3. Stop the server by going to the command line in the WAS app_server_root/bin directory and issue a stopServer server_name command.

4. Restart the server in secure mode by issuing the command startServer server_name. Once the server is secure, we cannot stop the server again without specifying an administrative user name and password. To stop the server once security is enabled, issue the command, stopServer server_name -username user_id -password password. Alternatively, we can edit the soap.client.props file in the profile_root/properties directory, and edit the com.ibm.SOAP.loginUserid or com.ibm.SOAP.loginPassword properties to contain these administrative IDs.

   If we have any problems restarting the server, review the output logs in the profile_root/logs/server_name directory. Check the Troubleshooting security configurations article for any common problems.

Subtopics

• Global security settings
  Use this panel to configure administration and the default application security policy. This security configuration applies to the security policy for all administrative functions and is used as a default security policy for user applications. Security domains can be defined to override and customize the security policies for user applications.
• Specify extent of protection wizard settings
  Use this security wizard page to determine whether to enable application security and restrict access to local resources. When we use the wizard, admin security is enabled by default.
• Security custom properties
  Use this page to understand the psecurity.allowCustomHTTPMethodsredefined custom properties related to security.
• Security custom property page
  Use this page to view and manage arbitrary name-value pairs of data, where the name is a property key and the value is a string value that can be used to set internal system configuration properties.
• Security custom property settings
  Use this page to configure arbitrary name-value pairs of data, where the name is a property key and the value is a string value that can be used to set internal system configuration properties. Defining a new property enables you to configure a setting beyond that which is available in the dmgr console.
• Global security settings
  Use this panel to configure administration and the default application security policy. This security configuration applies to the security policy for all administrative functions and is used as a default security policy for user applications. Security domains can be defined to override and customize the security policies for user applications.
• Specify extent of protection wizard settings
  Use this security wizard page to determine whether to enable application security and restrict access to local resources. When we use the wizard, admin security is enabled by default.
• Security custom properties
  Use this page to understand the psecurity.allowCustomHTTPMethodsredefined custom properties related to security.
• Security custom property page
  Use this page to view and manage arbitrary name-value pairs of data, where the name is a property key and the value is a string value that can be used to set internal system configuration properties.
• Security custom property settings
  Use this page to configure arbitrary name-value pairs of data, where the name is a property key and the value is a string value that can be used to set internal system configuration properties. Defining a new property enables you to configure a setting beyond that which is available in the dmgr console.

Related concepts:

Java 2 security

Related

Enable security
Select a registry or repository
Configure the LTPA mechanism

Reference:

Java 2 security policy files

+

Search Tips   |   Advanced Search