Server-level security settings

Use this page to enable server-level security and specify other server-level security configurations. To view this console page, complete the following steps:

1. Click Servers > Application Servers > server.

2. Click Server security.

 

Configuration tab

Security settings for this server override cell settings

Specify that the settings on this panel override the settings on the Security > Security applications, administration, and infrastructure panel.

Enable application security

Specify that server security is disabled, by default, when application security is enabled. Administrative (console and wsadmin) and naming security remain enabled while application security is enabled, regardless of the status of this flag.

Default

Disabled

Use Java 2 security to restrict application access to local resources

Specify that the server enforces Java 2 security permission checking at the server level. When cleared, the Java 2 server-level security manager is not installed and all of the Java 2 security permission checking is disabled at the server level.

If your application policy file is not set up correctly, see Configure the was.policy file in the information center.

Default

Disabled

Warn if applications are granted custom permissions

Specify whether a warning is issued during application installation when an application requires a Java 2 permission that is normally not granted to an application.

The appserver provides support for policy file management. A number of policy files are included in the appserver. Some of these policy files are static and some of them are dynamic. Dynamic policy is a template of permissions for a particular type of resource. In dynamic policy files, the code bases are evaluated at runtime using the configuration data. You can add or remove permissions, as needed, for each code base.

However, do not add, remove, or modify the existing code bases. The real code base is dynamically created from the configuration and run-time data. The filter.policy file contains a list of permissions that an application does not have, according to the J2EE 1.4 Specification. For more information on permissions, see the documentation on the Java 2 security policy files.

Default

Enabled

Restrict access to resource authentication data

Enable this option to restrict application access to sensitive Java Connector Architecture (JCA) mapping authentication data.

Default

Disabled

Use domain-qualified user names

Specify whether user IDs that are returned by getUserPrincipal() are qualified with the server level security domain within which they reside.

Default

Disabled

Authentication cache timeout

Timeime period in which a LTPA token expires.

Data type	Integer
Units	Minutes and seconds
Default	10 minutes and 0 seconds
Range	Greater than 30 seconds. Avoid setting Authentication cache timeout value to 30 seconds or less.

Active protocol

Specify the active server level security authentication protocol when server level security is enabled.

You can use an Object Management Group (OMG) protocol called Common Secure Interoperability Version 2 (CSIv2) for more vendor interoperability and additional features. If all of the servers in your entire security domain are V5.0 servers, it is best to specify CSI as your protocol.

Specifying CSI and SAS causes you to have two interceptors invoking each request.

SAS is supported only between V6.0.x and previous version servers federated in a V6.1 cell.

This field displays if a version 6.0.x server exists in your environment.

Data type	String
Default	CSI and SAS
Range	CSI, CSI and SAS

RMI/IIOP security for this server overrides cell settings

Specify that the Remote Method Invocation over Internet InterORB Protocol (RMI/IIOP) settings on this panel override the settings on the Security > Security applications, administration, and infrastructure panel.

Default

Enabled

---

 

Related tasks

Configure the was.policy file
Securing specific appservers

 

Reference topic