An Unsecured console

To learn about how Global Security is configured, we will start by creating a WAS profile that is not secured, then we can look at how to set up Global Security step by step.

To create a profile that is unsecured, we can simply use the custom script we use in previous guides. This script is called was8manage.sh (This comes with a purchased course)

Note: If you have not read the guides on installing WAS and creating profiles using the was8manage.sh, then please review them, and read the was8manage.Usage Guide, which explains how the script works. It is worth your while to learn this script as it will save you hours of manual effort and serves as a great starter towards you WAS automation. You can purchase this course from http://www.themiddlewareshop.com/prodcucts from 01-June-2015 (maybe before)

 

First we set up our environment configuration file, and ensure that the variables that contain the Admin Username and Admin Password are null. Below is an example of such a configuration file which we have named appserver_unsecure.conf.

########################################################################
#WEBSPHERE APPLICATION SERVER Configuration Template for was8manage.sh
#This file is used to pass variables to the script
########################################################################
AUDIT_LOG_DIR=/var/log/was

#Type

TYPE=appserver

#WebSphere Application Server (Standalone) properties

 

UNIQUE_CELL_NAME=DV_AppServer01

#ENV is unused at this time, it is just an audit var

ENV=WASDEV_855_DV

HOST=localhostcell01

PROFILE_NAME=DV_AppServer01Prof

NODE_NAME=DV_AppServer01

#Use default ports when START_PORT = null

START_PORT=

DMGR_ADMIN_USER=

DMGR_ADMIN_PASSWORD=

 

# Directories for target install

#Default WAS installation location can be changed

WAS_BINARY_DIR=/opt/IBM/WebSphere/AppServer

WAS_PROFILE_DIR=/opt/IBM/WebSphere/AppServer/profiles

 

# General Installer parameters

SCRIPT_DIR=/var/apps/scripts/was8manage

 

#Variables that can are designed to be customised as required i.e. other than defaults

INSTALL_SHARED_DIR=/var/IM/im-shared

IM_TOOLS_DIR=/opt/IBM/InstallationManager/eclipse/tools

INSTALL_REPOSITORY_DIR=/var/apps/installs/WAS_DEV_8.5.5.0

INSTALL_LOG=~/wadev8.5.5_install_log.xml

INSTALL_FEATURES=”com.ibm.websphere.DEVELOPERSILAN.v85_8.5.5000.20130514_1044,core.feature,com.ibm.sdk.6_64bit”

UNINSTALL_FEATURES=”com.ibm.websphere.DEVELOPERSILAN.v85_8.5.5000.20130514_1044″

 

#Specific Fix Pack variables for UPDATE, are passed as variables via command line to was8admin.sh

#Specific Fix Pack variables for ROLLLBACK are passed as variables via command line to was8admin.sh

 

#The IM_INSTALLER_SRC_DIR variable sets the location of the IBM Installation Manager (IM) installable

IM_INSTALLER_SRC_DIR=/var/apps/installs/IM1.8.1

#if -installationDirectory is not used, then the default is: /var/ibm/InstallationManager

#NOTE: Maybe implement use of -dataLocation flag, as the default location is /opt/IBM/InstallationManager/eclipse

#The IM_DIR is where the IM base binaries will be installed. Note: Use the -installationDirectory directory option to specify a non-default installation directory

IM_DIR=/var/ibm/InstallationManager

#The Agent Data Directory is the directory that contains information about installed packages. This directory is required to update, modify, roll back, or uninstall packages. Stored information includes the state and history of operations.

IM_AGENT_DATA_DIR=/opt/IBM/InstallationManager/eclipse

 

##############################################################################

#The lines below are hardly ever modified! <DO NOT CHANGE UNLESS GOOD REASON>

##############################################################################

#IBM Installation Manager Install/Uninstall

#INSTALL VARIABLES

IM_INSTALLER_SRC_CMD=${IM_INSTALLER_SRC_DIR}/installc

IM_INSTALLER_SRC_LOG=~/im_install_log.xml

IM_INSTALLER_SRC_PARAM=”-log ${IM_INSTALLER_SRC_LOG} -acceptLicense”

 

#UNINSTALL VARIABLES

IM_REMOVE_DIR=${IM_DIR}

IM_REMOVE_CMD=${IM_REMOVE_DIR}/uninstall/uninstallc

 

#WAS 8.5.5 ND install/uninstall using IBM Installation Manager

#INSTALL VARIABLES

# Example Syntax

#./imcl install com.ibm.websphere.ND.v85_8.5.5000.20130514_1044,core.feature,com.ibm.sdk.6_64bit

# -installationDirectory /var/apps/was8.5.5

# -sharedResourcesDirectory /var/IM/im-shared

# -repositories /var/apps/installs/WAS_8.5.5

# -acceptLicense

# -showProgress

# -log /var/log/ibm/install/was8.5.5.xml

# -preferences com.ibm.cic.common.core.preferences.keepFetchedFiles=false,com.ibm.cic.common.core.preferences.preserveDownloadedArtifacts=false

 

INSTALL_CMD=”${IM_TOOLS_DIR}/imcl install”

INSTALL_OPTIONS=”-acceptLicense -showProgress”

INSTALL_PREFERENCES=”-preferences com.ibm.cic.common.core.preferences.keepFetchedFiles=false,com.ibm.cic.common.core.preferences.preserveDownloadedArtifacts=false”

 

#UNINSTALL VARIABLES

#./imcl uninstall com.ibm.websphere.ND.v85_8.5.5000.20130514_1044 -installationDirectory /var/apps/was8.5.5

UNINSTALL_CMD=”${IM_TOOLS_DIR}/imcl uninstall”

UNINSTALL_LOG=${WAS_BINARY_DIR}/logs/manageprofiles/deleteAll.log

 

#INSTALL FIXPACK VARIABLES

#./imcl install offering_ID_offering_version,optional_feature_ID

# -repositories source_repository

# -installationDirectory product_installation_location

# -keyring keyring_file -password password

# -acceptLicense

 

#Example: /opt/IBM/InstallationManager/eclipse/tools/imcl install com.ibm.websphere.ND.v85_8.5.5005.20150220_0158,core.feature,com.ibm.sdk.6_64bit -installationDirectory /var/apps/was8.5.5 -repositories /var/apps/installs/WAS_ND_8.5.5.5_Fixpack -acceptLicense

UPDATE_CMD=”${IM_TOOLS_DIR}/imcl install”

UPDATE_OPTIONS=”-acceptLicense”

 

#ROLLBACK FIXPACK VARIABLES

#./imcl rollback offering_ID_offering_version

# -repositories source_repository

# -installationDirectory installation_directory

# -preferences preference_key=value

# -properties property_key=value

# -keyring keyring_file -password password

# -acceptLicense

ROLLBACK_CMD=”${IM_TOOLS_DIR}/imcl rollback”

ROLLBACK_OPTIONS=”-acceptLicense”

 

#INSTALL INTERIM FIX VARIABLES

#./imcl install interim_fix_name

# -installationDirectory product_installation_location

# -repositories repository_URL

# -keyring keyring_file

INTERIM_FIX_CMD=”${IM_TOOLS_DIR}/imcl install”

 

#UNINSTALL INTERIM FIX VARIABLES

#./imcl uninstall <interim_fix_name>

# -installationDirectory <product_installation_location>

UNINSTALL_INTERIM_FIX_CMD=”${IM_TOOLS_DIR}/imcl uninstall”

 

Note: We do not cover the variables used in the file as they are covered in other guides, but please note the fact that the variables DMGR_ADMIN_USERNAME and DMGR_ADMIN_PASSWORD are null.

Before we create this example profile, we presume you have already completed the installation sequence and you have existing WAS binaries.

To create the profile using was8manage.sh issue the following command from the scripts home directory.

./was8manage.sh -p create appserver_unsecure

Result:

MAIN ENTRY POINT
ARGS=-p create appserver_unsecure
validating arguments & initialising environment…
$opt=p$, $OPTIND=3, $OPTARG=create
$ENV=appserver_unsecure

initialising environment…

AUDIT_LOG_DIR=/var/log/was

TYPE=appserver

SIMULATE=false

UNIQUE_CELL_NAME=DV_AppServer01

ENV=WASDEV_855_DV

HOST=localhostcell01

PROFILE_NAME=DV_AppServer01Prof

NODE_NAME=DV_AppServer01

START_PORT=

WAS_BINARY_DIR=/opt/IBM/WebSphere/AppServer

INSTALL_SHARED_DIR=/var/IM/im-shared

IM_TOOLS_DIR=/opt/IBM/InstallationManager/eclipse/tools

INSTALL_REPOSITORY_DIR=/var/apps/installs/WAS_DEV_8.5.5.0

INSTALL_LOG=/root/wadev8.5.5_install_log.xml

INSTALL_FEATURES=com.ibm.websphere.DEVELOPERSILAN.v85_8.5.5000.20130514_1044,core.feature,com.ibm.sdk.6_64bit

UNINSTALL_FEATURES=com.ibm.websphere.DEVELOPERSILAN.v85_8.5.5000.20130514_1044

IM_INSTALLER_SRC_DIR=/var/apps/installs/IM1.8.1

IM_DIR=/var/ibm/InstallationManager

IM_AGENT_DATA_DIR=/opt/IBM/InstallationManager/eclipse

IM_INSTALLER_SRC_CMD=/var/apps/installs/IM1.8.1/installc

IM_INSTALLER_SRC_LOG=/root/im_install_log.xml

IM_INSTALLER_SRC_PARAM=-log /root/im_install_log.xml -acceptLicense

IM_REMOVE_DIR=/var/ibm/InstallationManager

IM_REMOVE_CMD=/var/ibm/InstallationManager/uninstall/uninstallc

INSTALL_CMD=/opt/IBM/InstallationManager/eclipse/tools/imcl install

INSTALL_OPTIONS=-acceptLicense -showProgress

INSTALL_PREFERENCES=-preferences com.ibm.cic.common.core.preferences.keepFetchedFiles=false,com.ibm.cic.common.core.preferences.preserveDownloadedArtifacts=false

UNINSTALL_CMD=/opt/IBM/InstallationManager/eclipse/tools/imcl uninstall

UNINSTALL_LOG=/opt/IBM/WebSphere/AppServer/logs/manageprofiles/deleteAll.log

UPDATE_CMD=/opt/IBM/InstallationManager/eclipse/tools/imcl install

UPDATE_OPTIONS=-acceptLicense

UPDATE_REPOSITORY_DIR=

UPDATE_FEATURES=

ROLLBACK_CMD=/opt/IBM/InstallationManager/eclipse/tools/imcl install

ROLLBACK_OPTIONS=-acceptLicense

INTERIM_FIX_CMD=/opt/IBM/InstallationManager/eclipse/tools/imcl install

UNINSTALL_INTERIM_FIX_CMD=/opt/IBM/InstallationManager/eclipse/tools/imcl uninstall

[14/04/15 11:43:19] INFO creating a stand-alone application server profile

[14/04/15 11:43:19] INFO About to run /opt/IBM/WebSphere/AppServer/bin/manageprofiles.sh from /var/apps/scripts/was8manage

[14/04/15 11:43:19] WARNING *** Using calculated ports for Application Server, No Admin Security! ***

[14/04/15 11:43:19] INFO Executing CMD:/opt/IBM/WebSphere/AppServer/bin/manageprofiles.sh -create -profileName DV_AppServer01Prof -profilePath /opt/IBM/WebSphere/AppServer/profiles/DV_AppServer01Prof -templatePath /opt/IBM/WebSphere/AppServer/profileTemplates/default -cellName DV_AppServer01 -hostName localhostcell01 -nodeName DV_AppServer01 -isDefault

INSTCONFSUCCESS: Success: Profile DV_AppServer01Prof now exists. Please consult /opt/IBM/WebSphere/AppServer/profiles/DV_AppServer01Prof/logs/AboutThisProfile.txt for more information about this profile.

[14/04/15 11:44:31] INFO WebSphere Installation Success

[14/04/15 11:44:31] INFO The profile [DV_AppServer01Prof] was successfully installed

Application server environment to create: Application server

Location: /opt/IBM/WebSphere/AppServer/profiles/DV_AppServer01Prof

Disk space required: 200 MB

Profile name: DV_AppServer01Prof

Make this profile the default: True

Node name: DV_AppServer01

Host name: localhostcell01

Enable administrative security (recommended): False

Administrative console port: 9060

Administrative console secure port: 9043

HTTP transport port: 9080

HTTPS transport port: 9443

Bootstrap port: 2809

SOAP connector port: 8880

Run application server as a service: False

Create a Web server definition: False

Performance tuning setting: Standard

*** Listing profiles ***

[DV_AppServer01Prof]

************************

The actual manageprofiles.sh command that was executed is as follows:

/opt/IBM/WebSphere/AppServer/profiles/DV_AppServer01Prof -templatePath /opt/IBM/WebSphere/AppServer/profileTemplates/default -cellName DV_AppServer01 -hostName localhostcell01 -nodeName DV_AppServer01 -isDefault

We now have an Application Server profile that is not secured.

When we start the server using <was_profile_root>/bin/startServer.sh server1 we can then log in to the console. We used default ports so unless there is another profile on your system then the console URL will the same as depicted below.

We can log in using any ID we want. I have logged in as admin. All this will do is log that the user admin logged in, but we do not know who this is.

When we navigate to Users and Group/Manage Users we see the following message

 

You must enable administrative security to manage users and groups using the federated repositories feature.

 

This is because there is no user/group registry configured. Global Administrative Security is not enabled.

 


INTRODUCTION
JEE SECURITY
GLOBAL SECURITY
UNSECURE CONSOLE
TURNING ON GLOBAL SECURITY
Security Configuration Wizard
Virtual Member Manager
ROLE MANAGEMENT
Administrative roles
DISABLING GLOBAL SECURITY
SETTING THE INTERNAL REPOSITORY USING SCRIPTING
APACHEDS
Installing ApacheDS
Adding a new partition
ADDING LDAP TO A FEDERATED REPOSITORY
FEDERATED REPOSITORIES RECAP
Security settings
Wimconfig.xml

CHANGING THE OU FOR LDAP BIND
Looking at User Groups

STANDALONE LDAP
CONFIGURING THE STANDALONE LDAP SERVER
TESTING THE CONNECTION
REVIEW OF SECURITY.XML

SUMMARY

To learn more about the courses available from The Middleware Shop, please go to http://www.themiddlewareshop.com/products to see a full list of the current courses available.

Consulting

If you or your organization require support in architecture, performance tuning, automation or simply advice, then please contact me via my support site and request a conversation, where we can discuss your requirement.

About Steve

Steve is a seasoned passionate technology professional, strategist and leader.

An expert in technical communications, and adept in almost all forms of Internet and mobile related technology, Steve has time and time again proven his tenacity to improve systems around him and deliver.

Steve has worn many hats during his career such as Chief Technical Officer, Founding Member of several business ventures, Programmer, Systems Administrator, Architect, Blogger and Published Author to name a few.

Due to 20 years Industry experience in Middleware, Programming, Networks and Internet Technologies, He combines systems knowledge with efficient working methods and inter personal skills required to build effective relationship with clients and colleagues alike. Exceeding typical expectations in any role undertaken, Steve is certain to become a valuable asset within any organisation He joins.

Key Skills

• Leadership (Team, Project, Business, People).

• Architecture (Solutions, Information, Technical, Applications).

Simply, I help you deal with CANETI: Constant And Never Ending Technological Innovation

Specific IBM WebSphere skills:

WebSphere Application Server (WAS Base, WAS ND & Liberty Profile & Liberty Runtime)

  • Automation
  • Security, SSL
  • Dev Ops
  • Architecture
  • Performance Tuning

Middleware Integration Skills:

  • .NET programming, and Architecture
  • Java Programming, and Architecture
  • SOA, SOAP and XML messaging
  • JBoss Fuse, WMQ, IIB, Mule

Integration Skills:

  • SOA
  • Process Improvement
  • ICD’s
  • Messaging Architecture
  • Governance

General Digital Architecture & Governance

  • Lightweight Architectures
  • Digital Strategy, platform stacks for example IAAS, PAAS, SAAS
  • PCI DSS

Industry Qualifications & Recognition

  • TOGAF 9.1
  • IBM Champion 2013
Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply