Disabling global security in WebSphere Application Server

Technote (troubleshooting)


Problem(Abstract)

If you cannot access the administrative console due to security errors, you may need to disable global security. This technote describes how to disable global security when you cannot get to the administrative console.

Resolving the problem

You can disable security by modifying the security.xml file(s).

***Attention***
Before proceeding further, make a backup copy of the existing security.xml file so that it can be restored if a problem is encountered.


If you are running the based edition of IBM® WebSphere® Application Server only
:

There is only one security.xml file to change if you are running the base Application Server alone.

The security.xml file is located under WSAS_install_root/profile/profile_name/config/cells/cellname. Always store a copy of the security.xml file in a temporary directory before making any changes.

To disable security:

Open the security.xml file and search for the very first occurrence of enabled="true". This is located inside the <security:> tag.

Example:
<security:Security xmi:version="2.0" xmlns:xmi="http://www.omg.org/XMI" xmlns:orb.securityprotocol="http://www.ibm.com/websphere/appserver/schemas/5.0/orb.securityprotocol.xmi" xmlns:security="http://www.ibm.com/websphere/appserver/schemas/5.0/security.xmi" xmi:id="Security_1" useLocalSecurityServer="true" useDomainQualifiedUserNames="false" enabled="true" cacheTimeout="600" issuePermissionWarning="false" activeProtocol="BOTH" enforceJava2Security="false" enforceFineGrainedJCASecurity="false" appEnabled="true" dynamicallyUpdateSSLConfig="true" allowBasicAuth="true" activeAuthMechanism="LTPA_1" activeUserRegistry="WIMUserRegistry_1" defaultSSLSettings="SSLConfig_1">

Change enabled="true" to enabled="false", then save the file.

You must restart the server for the change to take effect.


If you are running a Deployment Manager

There are two security.xml files you need to change:

WSAS_install_root/profiles/node_profile/config/cells/cellname/security.xml

WSAS_install_root/profiles/dmgr_profile/config/cells/cellname/security.xml

Always store a copy of the security.xml file in a temporary directory before making any changes.

Open each security.xml file and search for the very first occurrence of enabled="true". This is located inside the <security:> tag.

Example:
<security:Security xmi:version="2.0" xmlns:xmi="http://www.omg.org/XMI" xmlns:orb.securityprotocol="http://www.ibm.com/websphere/appserver/schemas/5.0/orb.securityprotocol.xmi" xmlns:security="http://www.ibm.com/websphere/appserver/schemas/5.0/security.xmi" xmi:id="Security_1" useLocalSecurityServer="true" useDomainQualifiedUserNames="false" enabled="true" cacheTimeout="600" issuePermissionWarning="false" activeProtocol="BOTH" enforceJava2Security="false" enforceFineGrainedJCASecurity="false" appEnabled="true" dynamicallyUpdateSSLConfig="true" allowBasicAuth="true" activeAuthMechanism="LTPA_1" activeUserRegistry="WIMUserRegistry_1" defaultSSLSettings="SSLConfig_1">

Change enabled="true" to enabled="false", then save the file.

You must restart the Deployment Manager, the nodegent and then the Application Servers, in that order.

If are receiving security errors when trying to stop the WebSphere processes, then you will need to manually stop the Java processes.


Cross reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK

Rate this page:

(0 users)Average rating

Document information


More support for:

WebSphere Application Server
Security

Software version:

5.1, 6.0.2, 6.1, 7.0, 8.0, 8.5, 8.5.5

Operating system(s):

AIX, HP-UX, Linux, Solaris, Windows

Reference #:

1105430

Modified date:

2005-05-20

Translate my page

Machine Translation

Content navigation