• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How to make secure admin console?

 
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I'm a using Websphere 5.0 and I'm new to it.
Currently it is possible for any machine to access my administrative console by typing,
http://myMachineName:9090/admin
This makes it possible for anyone in the LAN to install or uninstall the applications.
How can I prevent this from happening?
Is there a password authentication scheme for this or any other methods???

Thanks in advance,
T.Kingsly
 
Ranch Hand
Posts: 3178
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Doesn't it ask for the username and password, before getting into the admin panel? Could you specify more info so that we can help you as much as we can?
 
Kingsly Theodar Rajasekar
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
Ok, I will explain my doubt in detail.

When logging in to the admin console it shows a single textbox for entering the "User Id:" and below that the following message is displayed, "The User ID does not require a password, and does not need to be a User ID of a user in the local user registry. It is only used to track user-specific changes to configuration data. Security is NOT enabled".

And so it gets any entry for UserID and gets into the console page allowing anyone to access the installed applications,

Now can u help me how I could prevent this.

Hope there should be someway to enable the Security!
 
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

You can enable basic security via security->global security.
The easiest way to get started with this is to use your local OS as your user registry. Enable security here and set your local OS as your Active User Registry. Note: WAS automatically enables J2EE Security as well. If this is checked, you may have to modify your java.policy file to avoid ecxeptions on server startup. You can also define your id as the security admin via Security->User Registry->Local OS.
Another thing you can do is define roles for various users via System Administration->User Roles. Make yourself an Administrator, and resrict access for other ids.
Using the Local OS is the most primitive security approach, but it will get you started. If you have J2EE security turned on, you can enable security roles and constraints in your enterprise applications.
see these links for more info:
http://www-106.ibm.com/developerworks/websphere/library/techarticles/0405_olivieri/0405_olivieri.html
http://www.findarticles.com/p/articles/mi_m0MLX/is_7_2/ai_107140365/pg_2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.wasee.doc/info/ee/ae/tsec_useregistry.html

Cheers!
 
this llama doesn't want your drama, he just wants this tiny ad for his mama
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic