Troubleshooting
Problem
If you have not enabled Application Server security how can you secure the inbound Web Services and HTTP Servelets.
Cause
Normally Web Services and HTTP Servelets are secured using the MEAWEB Web.xml descriptor to map the maximousers security role in the Application Server to each service. If you are using native security this role has no function as authentication is done at the database level
Resolving The Problem
You can secure these services at the EJB level. Open the file:
<maximo_root>\applications\maximo\mboejb\ejbmodule\META-INF\ejb-jar.xml
You will each service has a section where the security can be configured e.g:
<session id="Session_enterpriseservice">
<ejb-name>enterpriseservice</ejb-name>
<home>psdi.iface.gateway.MEAGatewayHome</home>
<remote>psdi.iface.gateway.MEAGateway</remote>
<local-home>psdi.iface.gateway.MEAGatewayHomeLocal</local-home>
<local>psdi.iface.gateway.MEAGatewayLocal</local>
<ejb-class>psdi.iface.gateway.MEAGatewayBean</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<env-entry>
<env-entry-name>ALLOWDFLTLOGIN</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value>1</env-entry-value>
</env-entry>
<security-role-ref>
<description>
MAXIMO Application Users
</description>
<role-name>maximouser</role-name>
<role-link>maximouser</role-link>
</security-role-ref>
</session>
For each service defined set the ALLOWDFLTLOGIN to 0 like so:
<env-entry>
<env-entry-name>ALLOWDFLTLOGIN</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value>0</env-entry-value>
</env-entry>
Then rebuild and redeploy the Maximo.ear file.
When you send in a transaction now you must specify an HTTP Header MAXAUTH with a value of username:password encoded as a Base64 string, where username:password is a valid Maximo user.
[{"Product":{"code":"SSLKT6","label":"Maximo Asset Management"},"Business Unit":{"code":"BU005","label":"IoT"},"Component":"MEA: Generic","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"7.1;7.1.1;7.5;7.6","Edition":""},{"Product":{"code":"SSLKTY","label":"Tivoli Asset Management for IT"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"7.1.1;7.2.1;7.5","Edition":""},{"Product":{"code":"SSKTXT","label":"Tivoli Change and Configuration Management Database"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"7.1.1;7.2.1;7.2.2;7.5","Edition":""},{"Product":{"code":"SS6HJK","label":"Tivoli Service Request Manager"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"7.1;7.2;7.2.1;7.5","Edition":""},{"Product":{"code":"SSWT9A","label":"Control Desk"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":""}]
Document Information
Modified date:
17 June 2018
UID
swg21575076