Test security after enabling it

 

+

Search Tips   |   Advanced Search

 

Basic tests are available that show whether the fundamental security components are working properly. Use this task to validate your security configuration.

After configuring administrative security and restarting all of your servers in a secure mode, validate that security is properly enabled.

There are a few techniques used to to test the various security login types. For example, you can test...

Basic tests are available that show whether the fundamental security components are working properly. Complete the following steps to validate your security configuration:

 

Procedure

  1. After enabling security, verify that your system comes up in secure mode.

    Test the Web-based BasicAuth with Snoop,...

    http://hostname.domain:9080/snoop

    A login panel is displayed. If a login panel does not display, then a problem exists. If the panel appears, type in any valid user ID and password in your configured user registry.

    Note that the Snoop servlet is only available in the domain if you included the DefaultApplication option when adding the appserver to the cell.

    The -includeapps option for the addNode command migrates the DefaultApplication option to the cell. Otherwise, skip this step.

  2. Test the Web-based form login by starting the console...

    http://hostname.domain:port_number/ibm/console

    A form-based login page is displayed. If a login page does not appear, try accessing the console by typing...

    https://myhost.domain:9043/ibm/console

    Type in the administrative user ID and password that are used for configuring your user registry when configuring security.

  3. Test Java Client BasicAuth with dumpNameSpace.

    Use...

    app_server_root/bin/dumpNameSpace.bat

    A login panel appears. If a login panel does not appear, there is a problem. Type in any valid user ID and password in your configured user registry.

  4. Test all of your applications in secure mode.

  5. If all the tests pass, proceed with more rigorous testing of your secured applications.

    If you have any problems, review the output logs in the directories...

    • /logs/nodeagent
    • /logs/server_name

 

Results

The results of these tests, if successful, indicate that security is fully enabled and working properly.

 

Example

To test the Snoop application...

  1. Enable security while installing the Base Application Server.

  2. Log onto the console with a wsadmin user ID and password.

  3. Navigate to...

    Applications | Enterprise Applications | DefaultApplication | Security role to user/group mapping

  4. Add a user. Select the role All Role, and click Lookup User.

  5. Map one of the users (for example, TESTER1) with the role All Role.

  6. Save the configuration.

  7. Run Resource Access Control Facility (RACF) commands for the role All Role to find those that are associated with the TESTER1 user ID.

    In the RACF command, enter All Role as All#Role, as in the following example:

    > RDEFINE EJBROLE S30CSA1.All#Role UACC(NONE) APPLDATA('TESTER1') PERMIT S30CSA1.All#Role CLASS(EJBROLE) ID(TESTER1) ACCESS(READ)
    SETROPTS RACLIST(EJBROLE)
    REFRESH PE S30CSA1 CLASS(APPL) ID(TESTER1) ACCESS(READ)
    >

  8. Access the application with the user ID TESTER1 at http://localhost:port/snoop.


Web component security
Administrative roles and naming service authorization

 

Related tasks

Secure enterprise bean applications

 

Related Reference

Security: Resources for learning