IBM Support

Enable MIF Authentication using native security

Troubleshooting


Problem

If you have not enabled Application Server security how can you secure the inbound Web Services and HTTP Servelets.

Cause

Normally Web Services and HTTP Servelets are secured using the MEAWEB Web.xml descriptor to map the maximousers security role in the Application Server to each service. If you are using native security this role has no function as authentication is done at the database level

Resolving The Problem

You can secure these services at the EJB level. Open the file:

<maximo_root>\applications\maximo\mboejb\ejbmodule\META-INF\ejb-jar.xml

You will each service has a section where the security can be configured e.g:


<session id="Session_enterpriseservice">
<ejb-name>enterpriseservice</ejb-name>
<home>psdi.iface.gateway.MEAGatewayHome</home>
<remote>psdi.iface.gateway.MEAGateway</remote>
<local-home>psdi.iface.gateway.MEAGatewayHomeLocal</local-home>
<local>psdi.iface.gateway.MEAGatewayLocal</local>
<ejb-class>psdi.iface.gateway.MEAGatewayBean</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<env-entry>
<env-entry-name>ALLOWDFLTLOGIN</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value>1</env-entry-value>
</env-entry>
<security-role-ref>
<description>
MAXIMO Application Users
</description>
<role-name>maximouser</role-name>
<role-link>maximouser</role-link>
</security-role-ref>
</session>


For each service defined set the ALLOWDFLTLOGIN to 0 like so:

<env-entry>
<env-entry-name>ALLOWDFLTLOGIN</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value>0</env-entry-value>
</env-entry>

Then rebuild and redeploy the Maximo.ear file.

When you send in a transaction now you must specify an HTTP Header MAXAUTH with a value of username:password encoded as a Base64 string, where username:password is a valid Maximo user.

[{"Product":{"code":"SSLKT6","label":"Maximo Asset Management"},"Business Unit":{"code":"BU005","label":"IoT"},"Component":"MEA: Generic","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"7.1;7.1.1;7.5;7.6","Edition":""},{"Product":{"code":"SSLKTY","label":"Tivoli Asset Management for IT"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"7.1.1;7.2.1;7.5","Edition":""},{"Product":{"code":"SSKTXT","label":"Tivoli Change and Configuration Management Database"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"7.1.1;7.2.1;7.2.2;7.5","Edition":""},{"Product":{"code":"SS6HJK","label":"Tivoli Service Request Manager"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"7.1;7.2;7.2.1;7.5","Edition":""},{"Product":{"code":"SSWT9A","label":"Control Desk"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":""}]

Document Information

Modified date:
17 June 2018

UID

swg21575076