File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Websphere and the fly likes How to make secure admin console? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Websphere
Bookmark "How to make secure admin console?" Watch "How to make secure admin console?" New topic

How to make secure admin console?

Kingsly Theodar

Joined: Feb 21, 2004
Posts: 19

I'm a using Websphere 5.0 and I'm new to it.
Currently it is possible for any machine to access my administrative console by typing,
This makes it possible for anyone in the LAN to install or uninstall the applications.
How can I prevent this from happening?
Is there a password authentication scheme for this or any other methods???

Thanks in advance,
Ko Ko Naing
Ranch Hand

Joined: Jun 08, 2002
Posts: 3178
Doesn't it ask for the username and password, before getting into the admin panel? Could you specify more info so that we can help you as much as we can?

Co-author of SCMAD Exam Guide, Author of JMADPlus
Kingsly Theodar

Joined: Feb 21, 2004
Posts: 19
Ok, I will explain my doubt in detail.

When logging in to the admin console it shows a single textbox for entering the "User Id:" and below that the following message is displayed, "The User ID does not require a password, and does not need to be a User ID of a user in the local user registry. It is only used to track user-specific changes to configuration data. Security is NOT enabled".

And so it gets any entry for UserID and gets into the console page allowing anyone to access the installed applications,

Now can u help me how I could prevent this.

Hope there should be someway to enable the Security!
prem lall

Joined: Jun 21, 2003
Posts: 15

You can enable basic security via security->global security.
The easiest way to get started with this is to use your local OS as your user registry. Enable security here and set your local OS as your Active User Registry. Note: WAS automatically enables J2EE Security as well. If this is checked, you may have to modify your java.policy file to avoid ecxeptions on server startup. You can also define your id as the security admin via Security->User Registry->Local OS.
Another thing you can do is define roles for various users via System Administration->User Roles. Make yourself an Administrator, and resrict access for other ids.
Using the Local OS is the most primitive security approach, but it will get you started. If you have J2EE security turned on, you can enable security roles and constraints in your enterprise applications.
see these links for more info:

I agree. Here's the link:
subject: How to make secure admin console?
jQuery in Action, 3rd edition