wood burning stoves 2.0*
The moose likes Websphere and the fly likes How to make secure admin console? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Websphere
Bookmark "How to make secure admin console?" Watch "How to make secure admin console?" New topic
Author

How to make secure admin console?

Kingsly Theodar
Greenhorn

Joined: Feb 21, 2004
Posts: 19
Hi,

I'm a using Websphere 5.0 and I'm new to it.
Currently it is possible for any machine to access my administrative console by typing,
http://myMachineName:9090/admin
This makes it possible for anyone in the LAN to install or uninstall the applications.
How can I prevent this from happening?
Is there a password authentication scheme for this or any other methods???

Thanks in advance,
T.Kingsly
Ko Ko Naing
Ranch Hand

Joined: Jun 08, 2002
Posts: 3178
Doesn't it ask for the username and password, before getting into the admin panel? Could you specify more info so that we can help you as much as we can?


Co-author of SCMAD Exam Guide, Author of JMADPlus
SCJP1.2, CCNA, SCWCD1.4, SCBCD1.3, SCMAD1.0, SCJA1.0, SCJP6.0
Kingsly Theodar
Greenhorn

Joined: Feb 21, 2004
Posts: 19
Hi,
Ok, I will explain my doubt in detail.

When logging in to the admin console it shows a single textbox for entering the "User Id:" and below that the following message is displayed, "The User ID does not require a password, and does not need to be a User ID of a user in the local user registry. It is only used to track user-specific changes to configuration data. Security is NOT enabled".

And so it gets any entry for UserID and gets into the console page allowing anyone to access the installed applications,

Now can u help me how I could prevent this.

Hope there should be someway to enable the Security!
prem lall
Greenhorn

Joined: Jun 21, 2003
Posts: 15
Hi,

You can enable basic security via security->global security.
The easiest way to get started with this is to use your local OS as your user registry. Enable security here and set your local OS as your Active User Registry. Note: WAS automatically enables J2EE Security as well. If this is checked, you may have to modify your java.policy file to avoid ecxeptions on server startup. You can also define your id as the security admin via Security->User Registry->Local OS.
Another thing you can do is define roles for various users via System Administration->User Roles. Make yourself an Administrator, and resrict access for other ids.
Using the Local OS is the most primitive security approach, but it will get you started. If you have J2EE security turned on, you can enable security roles and constraints in your enterprise applications.
see these links for more info:
http://www-106.ibm.com/developerworks/websphere/library/techarticles/0405_olivieri/0405_olivieri.html
http://www.findarticles.com/p/articles/mi_m0MLX/is_7_2/ai_107140365/pg_2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.wasee.doc/info/ee/ae/tsec_useregistry.html

Cheers!
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to make secure admin console?
 
Similar Threads
JORB0080: Port 9000 is in use. Specify a different port number.
db2java.zip + WebSphere
WAR module cannot start
WAS Express 5 Admin Console????
WAS 4.0 web admin :9090 not found error