How to setup basic authentication in Websphere 8.5 console?

Question

How to setup basic authentication in Websphere 8.5 console?

I've setup BASIC authentication on Tomcat.

My WEB.XML looks like this -

<security-constraint>
    <web-resource-collection>
        <web-resource-name>My Manager</web-resource-name>
        <url-pattern>/rest/LoginToPropManager</url-pattern>
        <http-method>GET</http-method>
    </web-resource-collection>
    <auth-constraint>
        <description>Let only Administrator login</description>
        <role-name>propertymanageradmin</role-name>
    </auth-constraint>
</security-constraint>

<security-role>
   <role-name>propertymanageradmin</role-name>
</security-role>

<login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>Admin</realm-name>
</login-config>

In Tomcat, I've the following configuration -

<role rolename="propertymanageradmin"/>
<user username="admin1234" password="XXXX" roles="propertymanageradmin"/>

I am now trying to setup this on Websphere 8.5 and it is too confusing with a lot of screens. I do not find good articles on this. Can anyone please help?

Answer 1

To enable application security, administrative security must be enabled. This is by design. You can have administrative security without application security, but not the other way around.

By default WAS has administrative security enabled, when installed (unless you've changed that). The most basic configuration will use federated repository with file registry configured. You will be able to add users and groups via console. And then map your defined users to roles as you described in the comments.

In most production environments there is LDAP registry included in federtated, in that case you don't add users, as they are taken from LDAP.

For some more info on security check WebSphere Application Server V7.0 Security Guide redbook (its for v7, but most of the information applies to v8.x also, some screens might be a bit different.