A french developper blog

Archive de la catégorie ‘websphere

The probleme

Connexion without user identification
During his installation Websphere is configure to accep all the users identification (wihout passwords) to accede to the administration console.
You can type anything it goes perfectly, there is no verification.
This is of course unacceptable and in the recent versions, a ‘wizard” lead you to activate the global security. But it activates all the J2EE security what is most of the time useless.

The goal of this little article is to explain you (I hope in a clear way) how to securate the access to the WAS administration console without activating the whole J2EE security.
Connexion without verification

  • Filed under: websphere
  • Description

    A few days ago I had a little problem when I tried to deploy in WAS 6.0 (Websphere Application Serveur 6) an application including a PDF signature.
    During the execution of the servlet’s signature, I had the following problem :

    java.lang.Exception: java.lang.Exception:
    Error in loading the keystore: Private key decryption error:
    (java.lang.SecurityException: Unsupported keysize or algorithm parameters)


    This error is caused by the JCE libraries used by the virtual java’s machine executing WAS. This JVM is the standard version and it had a limited support of cryptographie’s algorithme. To correct this you just have to substitute two jar files in teh configuration of the JVM IBM (local_policy.jar et US_export_policy.jar).
    This files are in the index $JAVA_HOME/jre/lib/security (for exemple /usr/lib/jvm/jre-ibm/lib/security or /opt/IBM/WebSphere/AppServer/java/jre/lib/security).
    You can download this non limited librairies (file

    When the file is download you had to:

    • Decompress the downloaded file
    • Verify that this file contains local_policy.jar et US_export_policy.jar
    • Stop Websphere
    • Save the old files
    • Substitute the two files
    • Take off again WAS
  • Filed under: websphere
  • Run Websphere on other user than root

    For his installation Websphere need to use root account. The installation’s script don’t propose the creation or utilisation of an other user account. This is disturbing because all the objets created by Webphere belong to root.

    But it’s easy to correct this problem.

    Modifications to do

    I take in account that you have created the user and the group that you wanted. After that you just have to connect yourself to the Websphere’s administration console to change some parametres in this page : Execution process parameters.

    You can go to this page thanks to the menu Servers > Applications server > name_of_your_server and (in the options of this page) Server Infrastructure > Gestion des processus and Java > Processus Execution.

    So you can change the user and group wich is going to run the principal process of Websphere ( java ). With that, all objects created by websphere (images, files, …) are accessible even to other user than root.

    Warning : after this you must change the owner of all files and directorys read by Websphere ( $WAS_HOME/ and your WebApp and all other required files)

  • 1 Comment
  • Filed under: websphere


    Recent Comments

    View Berthou Raymond's profile on LinkedIn Add to Technorati Favorites
    Web Developement Blogs - Blog Catalog Blog Directory tlmeb