Configure the server: Set up security (optional)
The WebSphere Application Server security server controls access to application server resources (servlets, JSPs, HTML files and EJBs). It also controls access to the administrative console and to some administrative tools. The security system is not responsible for protecting native OS/400 resources (such as database files and program objects).
When you install WebSphere Application Server for iSeries, the product creates a default application server instance. This instance is named default. Security is initially disabled in the default application server instance and any other application server instance you create. Unless you believe your iSeries server is adequately protected by a firewall or some other mechanism, immediately enable security after creating an instance.
This step enables local operating system security, which uses an OS/400 user profile and password to secure the application server. For more information on WebSphere Application Server security, including security configuration options other than those for the local operating system, see the WebSphere Application Server security topic.
Perform the following steps to enable security:
Start the WebSphere Application Server administrative console. To start the console, open this URL in your browser:
http://your.server.name:port/adminwhere your.server.name is the hostname of your iSeries server and port is your administrative port number. See the The administrative console topic for more information.
- Expand Security.
- Expand User Registries.
- Click Local OS.
- In the Server User ID field, specify a valid OS/400 user profile name.
Note: A user profile that is a part of a group profile cannot be used to configure the LocalOS user registry. A group profile is assigned a unique group ID number, which is not assigned to a regular user profile. Run the Display User Profile (DSPUSRPRF) command to determine if the user profile you want to use as the Server User ID has a defined group ID number. If the Group ID field is set to *NONE, the user profile can be used as the administrative user ID.
- In the Server User Password field, specify the password for the user profile you specified.
- Click OK.
- In the topology tree, click Global Security.
- On the General Properties page, check Enabled. Accept the remaining default property values.
- Click OK.
- Click Save on the toolbar to save the configuration.
- Click Save again to update the master repository with your changes.
- Click Logout on the toolbar.
Restart your application server instance.
- Enter the Start Qshell (STRQSH) command on an OS/400 command line.
On the Qshell command line, enter this command:
stopServer -instance mdbconfig serverNamewhere mdbconfig is the name of the instance you want to stop and serverName is the name of the server you want stop.
On the Qshell command line, enter this command:
startServer -instance mdbconfig serverNamewhere mdbconfig is the name of the instance you want to start and serverName is the name of the server you want start.
The next time you start the administrative console, use the iSeries user profile that you specified when you enabled security to log into the console.