Configure server security

You can customize security to some extent at the appserver level. You can disable user security on an appserver (administrative security remains enabled when global security is enabled). You can also modify Java 2 Security Manager, CSIv2 or , and some of the other security attributes that are found on the global security (also called cell-level security) panel. You cannot configure a different authentication mechanism or user registry on an individual server basis. This feature is limited to cell-level configuration only. Also, when global security is disabled, you cannot enable application server security.

By default, server security inherits all of the values that are configured in global security (cell-level security). To override the security configuration at the server level, click Servers > Application Servers > server name. Under Additional Properties, click Server Security and click any of the following panels: Server Level Security, CSI Authentication > Inbound, CSI Authentication > Outbound, CSI Transport > Inbound, CSI Transport > Outbound, Transport > Inbound, and Transport > Outbound. After modifying the configuration in any of these panels and clicking OK or Apply, the security configuration for that panel or set of panels now overrides cell-level security. Other panels that are not overridden continue to be inherited at the cell-level. However, you can always revert back to the cell-level configuration at any time. On the Server Security panel, click Use Cell Security, Use Cell CSI, and Use Cell SAS to revert back to the global security configuration on these panels.

  1. Start the administrative console for the deployment manager. To get to the administrative console, go to http://host.domain:9090/admin. If security is disabled, you can enter any ID. If security is enabled, you must enter a valid user ID and password, which is either the administrative ID (configured for the user registry) or a user ID entered as an administrative user. To add a user ID as an administrative user, click System Administration > Console Users.

  2. Configure global security if you have not already done so. Go to the Configure Global Security article for detailed steps. After global security is configured, configure server-level security.

  3. To configure server-level security, click Servers > Application Servers > server name. Under Additional Properties, click Server Security. The status of the security level that is in use for this application server is displayed. By default, you can see that global security, CSI, and have not been overridden at the server level. CSI and are authentication protocols for RMI/IIOP requests. The Server Level Security panel lists attributes that are on the Global Security panel and can be overridden at the server level. Not all of the attributes on the Global Security panel can be overridden at the server level, including Active Authentication Mechanism and Active User Registry.

  4. To disable security for this appserver, go to the Server Level Security panel, clear the Enabled flag and click OK or Apply. Click Save. By modifying the Server Level Security panel, you can see that this is overriding the cell-level security.

  5. To configure CSI at the server level, you can change any panel that starts with CSI. By doing so, all panels that start with CSI will override the CSI settings specified at the Cell-level. This includes all authentication and transport panels for CSI. See the Configuring CSIv2 and SAS authentication protocols article for more detailed steps regarding configuring CSI authentication protocol.

 

Usage Scenario

Once you have modified the configuration for a particular application server, restart the appserver for the changes to become effective. To restart the appserver, go to Servers > Application Servers and click the server name that you recently modified. Then, click the Stop button and then the Start button.

If you disabled security for the appserver, you can typically test a URL which is protected when security is enabled.

 

See Also

Server security settings
Server-level security settings