WAS v8.5 > Secure applications > Set up security

Migrating, coexisting, and interoperating – Security considerations

Use this topic to migrate the security configuration of previous WebSphere Application Server releases and its applications to the new installation of WAS.

This information addresses the need to migrate your security configurations from a previous release of IBM WAS to WAS 8.0. To migrate your security configurations:

• If security is enabled in the previous release, obtain the administrative server ID and password of the previous release. This information is needed in order to run certain migration jobs.
• We can optionally disable security in the previous release before migrating the installation. No logon is required during the installation.

In WAS v8.0, be aware of the following additional migration requirements for security:

• When migrating from WAS v7.x to v8.0, if we have a business need to preserve security audit logs from the older release first archive the security audit log files in v7.x. WAS does not support the migration of security audit log files from the older release to v8.0.

• If your WAS v7.x environment is enabled for Kerberos, and you are migrating to version 8.0 on a different machine, the keytab and configuration files for Kerberos must be at the same location on the v8.0 machine as on the v7.x machine or the configuration will not work.

Use the First steps console to access the WebSphere Customization Toolbox, and run the Migration Management Tool.

1. Start the First steps console by launching the firststeps.bat or the firststeps.sh file. The firststeps command is located in the following directory:
   • ./app_server_root/profiles/profile_name/firststeps/firststeps.sh
   • app_server_root\profiles\profile_name\firststeps\firststeps.bat

2. On the First steps console panel, click WebSphere Customization Toolbox.
3. Open the Migration Management Tool.
4. Follow the instructions provided to complete the migration.

Results

The security configuration of previous WAS releases and its applications are migrated to the new installation of WAS v8.5.

You must migrate any custom class files that are not migrated.

Subtopics

• Interoperate with previous product versions
  IBM WAS inter-operates with the previous product versions. Use this topic to configure this behavior.
• Interoperate with a C++ common object request broker architecture client
  WAS supports security in the CORBA C++ client to access-protected enterprise beans. If configured, C++ CORBA clients can access protected enterprise bean methods using a client certificate to achieve mutual authentication on WAS applications.
• Migrating trust association interceptors
  Use this topic to manually migrate trust associations.
• Migrating Common Object Request Broker Architecture programmatic login to Java Authentication and Authorization Service (CORBA and JAAS)
  Use this topic as an example of how to perform programmatic login using the CORBA-based programmatic login APIs.
• Migrating from the CustomLoginServlet class to servlet filters
  Use this topic to allow migration in an application that uses form-based login and servlet filters without the use of the CustomLoginServlet class.
• Migrating Java 2 security policy
  Use this topic for guidance pertaining to migrating Java 2 security policy.
• Migrating with Tivoli Access Manager for authentication enabled
  When Tivoli Access Manager security is configured for the existing environment and security is enabled, we can migrate to WAS, v8.5.
• Migrating unrestricted jurisdiction policy files, local_policy.jar and US_export_policy.jar
  We can migrate the unrestricted jurisdiction policy files, local_policy.jar and US_export_policy.jar.
• Interoperate with previous product versions
  IBM WAS inter-operates with the previous product versions. Use this topic to configure this behavior.
• Interoperate with a C++ common object request broker architecture client
  WAS supports security in the CORBA C++ client to access-protected enterprise beans. If configured, C++ CORBA clients can access protected enterprise bean methods using a client certificate to achieve mutual authentication on WAS applications.
• Migrating trust association interceptors
  Use this topic to manually migrate trust associations.
• Migrating Common Object Request Broker Architecture programmatic login to Java Authentication and Authorization Service (CORBA and JAAS)
  Use this topic as an example of how to perform programmatic login using the CORBA-based programmatic login APIs.
• Migrating from the CustomLoginServlet class to servlet filters
  Use this topic to allow migration in an application that uses form-based login and servlet filters without the use of the CustomLoginServlet class.
• Migrating Java 2 security policy
  Use this topic for guidance pertaining to migrating Java 2 security policy.
• Migrating with Tivoli Access Manager for authentication enabled
  When Tivoli Access Manager security is configured for the existing environment and security is enabled, we can migrate to WAS, v8.5.
• Migrating unrestricted jurisdiction policy files, local_policy.jar and US_export_policy.jar
  We can migrate the unrestricted jurisdiction policy files, local_policy.jar and US_export_policy.jar.

Related concepts:

Java Authentication and Authorization Service
Web component security
Java EE connector security

Related

Configure inbound identity mapping

+

Search Tips   |   Advanced Search