Enabling security for the realm
Use this topic to enable IBM® WebSphere® Application Server security. You must enable administrative security for all other security settings to function.
About this task
WebSphere Application Server uses cryptography to protect sensitive data and to ensure confidentiality and integrity of communications between WebSphere Application Server and other components in the network. Cryptography is also used by Web Services Security when certain security constraints are configured for the web services application.
WebSphere Application Server uses Java™ Secure Sockets Extension (JSSE) and Java Cryptography Extension (JCE) libraries in the Software Development Kit (SDK) to perform this cryptography. The SDK provides strong but limited jurisdiction policy files. Unrestricted policy files provide the ability to perform full strength cryptography and to improve performance.
WebSphere Application Server provides an SDK 6 that contains strong, but limited jurisdiction policy files. You can download the unrestricted policy files from the following website: IBM developer kit: Security information.
- Click Java SE 6
- Scroll down the page then click IBM SDK
Policy files.
The Unrestricted JCE Policy files for SDK 6 website displays.
- Click Sign in and provide your IBM.com ID and password.
- Select Unrestricted JCE Policy files for SDK 6 and click Continue.
- View the license and click I Agree to continue.
- Click Download Now.
- Extract the unlimited jurisdiction policy files that are packaged in the compressed file. The compressed file contains a US_export_policy.jar file and a local_policy.jar file.
- In your WebSphere Application Server installation, go to the $JAVA_HOME/jre/lib/security directory and back up your US_export_policy.jar and local_policy.jar files.
- In your WebSphere Application Server installation, mount your product HFS read/write. Go to the $JAVA_HOME/jre/lib/security directory and back up your US_export_policy.jar and local_policy.jar files.
- Replace your US_export_policy.jar and local_policy.jar files with the two files that you downloaded from the IBM.com website.
- Re-mount your product HFS as read/only.
# Export the paths. You can find the values of the following
# variables in the joblog by searching for was.install.root,
# java.home, and so on:
export was.install.root=<was.install.root>
export java.home=<java.home>
# The previous paths apply to both 31- and 64-bit configurations
# of WebSphere Application Server for z/OS. For a 64-bit
# configuration, the java.home path points to the 64-bit embedded
# Java virtual machine (JVM).
# Delete the original policy .jar files. Because a backup is
# automatically present in the smpe.home HFS, an explicit
# backup is not needed:
cd $java.home/lib/security
rm US_export_policy.jar
rm local_policy.jar
# Issue the following commands on separate lines to create
# the symbolic links to the unrestricted policy files:
ln -s $java.home/demo/jce/policy-files/unrestricted/US_export_po licy.jar US_export_policy.jar
ln -s $java.home/demo/jce/policy-files/unrestricted/local_policy .jar local_policy.jar
To
remove the symbolic links to the unrestricted policy files in the demo directory and link to the
original files, use the following UNIX based
commands:# Export the paths. You can find the values of the following
# variables in the joblog by searching for was.install.root,
# java.home, and so on:
export was.install.root=<was.install.root>
export java.home=<java.home>
export smpe.install.root=<smpe.install.root>
# The previous paths apply to both 31- and 64-bit configurations
# of WebSphere Application Server for z/OS. For a 64-bit
# configuration, the java.home path points to the 64-bit embedded
# Java virtual machine (JVM).
# Delete the current policy .jar files. You might want
# to back up the following files:
cd $java.home/lib/security
rm US_export_policy.jar
rm local_policy.jar
# Issue the following commands on separate lines to create
# symbolic links to the smpe HFS where the original files
# are kept:
ln -s $smpe.install.root/java/lib/security/US_export_policy.jar US_export_policy.jar
ln -s $smpe.install.root/java/lib/security/local_policy.jar local_policy.jar
Complete the following steps to enable security for the realm: