Problem(Abstract)
In a WebSphere Application Server cell where Global Security is enabled, you may want to disable security for individual application servers, for example, when you run some applications that can be accessed anonymously, while others require authentication.
This can be done either from the Application Server Administrative Console or using wsadmin.
Resolving the problem
Solution using Administrative Console:
- Go to “Application Servers”
- Select the appropriate server
- Select “Server security”
- Select “Server level security”
- Disable the “Enable global security” checkbox
- Save the settings and synchronize
Solution using wsadmin:
(assume you want to disable security for server1 on node WASI02Base.)
- start wsadmin in Deploymentmanager/bin directory
wsadmin>$AdminConfig list Security
(cells/WASICELL:security.xml#Security_1106748574007) - wsadmin>$AdminConfig list Server
dmgr(cells/WASICELL/nodes/WASI02DMGR/servers/dmgr:server.xml#Server_1)
jmsserver(cells/WASICELL/nodes/wasi01base/servers/jmsserver:server.xml# Server_1106748571434)
nodeagent(cells/WASICELL/nodes/WASI02Base/servers/nodeagent:server.xml# Server_1)
nodeagent(cells/WASICELL/nodes/wasi01base/servers/nodeagent:server.xml# Server_1106748571153)
server1(cells/WASICELL/nodes/WASI02Base/servers/server1:server.xml#Server_1)
server1(cells/WASICELL/nodes/wasi01base/servers/server1:server.xml#Server_1) - wsadmin>set server [$AdminConfig getid /Cell:WASICELL/Node:WASI02Base/Server:server1]
server1(cells/WASICELL/nodes/WASI02Base/servers/server1:server.xml#Server_1) - wsadmin>$AdminConfig list Security $server
- wsadmin>$AdminConfig create Security $server {{enabled false}}
(cells/WASICELL/nodes/WASI02Base/servers/server1:security.xml#Security_1151410503621) - wsadmin>$AdminConfig save
The result of both solutions described above (Administrative Console and wsadmin), is a separate security.xml file for server1 containing security enabled=’false’.
After restarting server1, its applications (For example, Snoop) can be accessed without being
prompted for userid and password as it was before, while security for the other servers in the cell is still active.
Remark:
It does not work the other direction. You cannot enable Server Level Security, when the cell-wide Global Security is disabled.
WebSphere Global Security OFF
I changed a setting to do with SSL – I knew that was a bad idea! Server won’t let me back in the console, time to turn off security.
To disable global security either edit the security.xml file or use the wsadmin tool.
$WAS_HOME\config\cells\cellname\security.xml
Using WAS command-line client wsadmin (run with was user or root privileges):
1. Open a connection to local WAS in offline mode
wsadmin -conntype NONE
2. Turn off global security
wsadmin> securityoff
3. Save
wsadmin> $AdminConfig save
| WebSphere Administrative (WAS) Console: turn off global security | |
| Article ID:558727 | |
| Description: | |
| I am locked out of the WebSphere Administrative (WAS) console and have forgotten the password. I want to turn off the WebSphere Application Server global security from outside the WAS console so I can login to the WebSphere Administrative console. How do I do this? | |
| Resolution: | |
|
To do this you can either modify the security.xml file in WAS or use the ./wsadmin tool to make this change:
|
|
Recent Comments