Test security

 

+

Search Tips   |   Advanced Search

 

 

Before you begin

After configuring global security and restarting all of your servers in a secure mode, it is best to validate that security is properly enabled.

There are a few techniques that use to test the various security login types. For example, we can test the Web-based BasicAuth login, Web-based form login, and the Java client BasicAuth login.

There are basic tests that show that the fundamental security components are working properly. Complete the following steps to validate your security configuration:

 

Procedure

  1. Test the Web-based BasicAuth with Snoop, by accessing the following URL...

    http://hostname.domain:9080/snoop

    A login panel appears. If a login panel does not appear, then a problem exists. If the panel appears, type in any valid user ID and password in your configured user registry.

    Note: In a Network Deployment environment, the Snoop servlet is only available in the domain if you included the DefaultApplication option when adding the application server to the cell. The -includeapps option for the addNode command migrates the DefaultApplication option to the cell. Otherwise, skip this step.

  2. Test the Web-based form login by bringing up the administrative console...

    http://hostname.domain:9060/ibm/console

    A form-based login page appears. If a login page does not appear, try accessing the administrative console by typing...

    https://myhost.domain:9043/ibm/console

    Type in the administrative user ID and password used for configuring your user registry when configuring security.

  3. Test Java Client BasicAuth with dumpNameSpace by executing...

    install_root\bin\dumpNameSpace.bat

    A login panel appears. If a login panel does not appear, there is a problem. Type in any valid user ID and password in your configured user registry.

  4. Thoroughly test all of your applications in secure mode.

  5. After enabling security, verify that your system comes up in secure mode.

  6. If all tests pass, proceed with more rigorous testing of your secured applications. If you have any problems, review the output logs in the WAS /logs/nodeagent or WAS /logs/servername directories, respectively. Then check the security troubleshooting article to see if it references any common problems.

 

Result

The results of these tests, if successful, indicate that security is fully enabled and working properly.


 

See Also

Web component security
Enterprise bean component security
Administrative console and naming service authorization

 

See Also


Security: Resources for learning