Body

The instructions for enabling security created by my colleague included in the blog entry link below describe the steps necessary to enable application server security including modifications to web.xml files for the associated war modules, updates to system properties,  rebuild/redeployment of the maximo.ear, enabling global security within the WebSphere Administrative Console, and restarting the application servers. 

https://www-01.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/trun_app_hotupgrade.html

The question that arose is, can you hot deploy changes to a web.xml for an associated war module in order to enable application server security on them without the need to rebuild/redeploy the maximo.ear?

The answer to this question is Yes, however it must not be used for production environments.  This process must only be used in development and test enviornments to avoid problems with consistency throughout the enviornment.

While working on an issue recently with a customer, I discovered when using the hot deployment instructions from the WebSphere Application Server knowledge center here - http://www-01.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/trun_app_hotupgrade.html, changes to the web.xml for war modules were not being picked up by the application server after the application server was restarted.  The problem resulted in the following error message when trying to launch the login screen for Maximo.

BMXAA0026E - The action could not be performed because the application server security is enabled. Proper authorization is required to perform this action. Report this error to your system administrator.

After researching this issue, I realized that the changes to web.xml files were not being picked up.  Further, I could see that the web module descriptors within the WAS console were still showing the original web.xml contents.  This is because the web.xml files are read from a different location on the server.  The descriptor contents displayed within the WebSphere console come from the web.xml files stored under the deployment manager.  The web.xml files need to be updated on each node as well as the deployment manager for the changes to be in sync between all nodes and the deployment manager. 

Where many changes to properties files, jsp files, etc will be picked up from this location after a server restart, this location is NOT the correct location to update your web.xml files:

<was-install-root>/profiles/AppSrv01/installedApps/maximo.ear/<application-name>/<war-name>/WEB-INF/web.xml

The locations for the web.xml files are here.  They are not picked up from the location above:

<was-install-root>/profiles/AppSrv01/config/cells/<cellname>/applications/maximo.ear>/deployments/<application-name>/<war-name>/WEB-INF/web.xml

<was-install-root>/profiles/Dmgr01/config/cells/<cellname>/applications/maximo.ear>/deployments/<application-name>/<war-name>/WEB-INF/web.xml

When updating the web.xml files associated with your war applications in the locations to enable application server security or for any other reason, remember to restart both the application server as well as the deployment manager.

So, the good news is, you can enable application server security without performing a rebuild and redeployment of the maximo.ear.