Troubleshooting
Problem
In a WebSphere Application Server cell where Global Security is enabled, you may want to disable security for individual application servers, for example, when you run some applications that can be accessed anonymously, while others require authentication. This can be done either from the Application Server Administrative Console or using wsadmin.
Resolving The Problem
Solution using Administrative Console:
For WAS v6.0:
- Go to "Application Servers"
- Select the appropriate server
- Select "Server security"
- Select "Server level security"
- Uncheck the "Enable global security" checkbox
- Save the settings and synchronize
For WAS v6.1
- Go to "Application Servers"
- Select the appropriate server
- Select "Server security"
- Check "Security settings for this server override the cell settings"
- Uncheck the "Enable application security" checkbox
- Save the settings and synchronize
For WAS v7.0 and later:
Create a separate security domain for the server to set different security settings on a server scope:
http://www-01.ibm.com/support/knowledgecenter/SSAW57_7.0.0/com.ibm.websphere.nd.doc/info/ae/ae/csec_sec_multiple_domains.html
Solution using wsadmin for WAS v6.0 and v6.1:
(assume you want to disable security for server1 on node WASI02Base.)
- start wsadmin in Deploymentmanager/bin directory
wsadmin>$AdminConfig list Security
(cells/WASICELL:security.xml#Security_1106748574007) - wsadmin>$AdminConfig list Server
dmgr(cells/WASICELL/nodes/WASI02DMGR/servers/dmgr:server.xml#Server_1)
nodeagent(cells/WASICELL/nodes/WASI02Base/servers/nodeagent:server.xml# Server_1)
server1(cells/WASICELL/nodes/WASI02Base/servers/server1:server.xml#Server_1)
wsadmin>set server [$AdminConfig getid /Cell:WASICELL/Node:WASI02Base/Server:server1]
server1(cells/WASICELL/nodes/WASI02Base/servers/server1:server.xml#Server_1) - wsadmin>$AdminConfig list Security $server
- wsadmin>$AdminConfig create Security $server {{enabled false}}
(cells/WASICELL/nodes/WASI02Base/servers/server1:security.xml#Security_1151410503621) - wsadmin>$AdminConfig save
For WAS v7.0 and later, configuring security domains using wsadmin is also described in the Knowledge Center:
http://www-01.ibm.com/support/knowledgecenter/SSAW57_7.0.0/com.ibm.websphere.nd.doc/info/ae/ae/txml_7sdconfig.html
After restarting server1, its applications (For example, Snoop) can be accessed without being
prompted for userid and password as it was before, while security for the other servers in the cell is still active.
Remark:
It does not work the other direction. You cannot enable Server Level Security, when the cell-wide Global Security is disabled.
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21245098