Define users in Tomcat or WebSphere® Application Server for access
to the administrative console.
About this task
You grant access to the administrative console for Tomcat
users or WebSphere Application
Server users. For Tomcat, you can define more users as the installation
created an initial user with the “administrator” role in your application's
server. You must define the first user for WebSphere Application Server.
Procedure
Grant access to Tomcat users. Skip to the next section
to grant access to WebSphere Application
Server users.
- To enable access to the administrative console web application,
do either of these actions:
- Create a username and password combination and associate the
role name SAPConnectorAdmin with it.
- Add the SAPConnectorAdmin role to an existing username and
password combination.
- Where the action is done depends on the Realm implementation
that you are using.
- For MemoryRealm:
- Locate the XML file that stores the user information. By default,
it is the $CATALINA_HOME/conf/tomcat-users.xml file.
Tip: To see which file stores the user information, see the $CATALINA_HOME/conf/server.xml file
- Open the user information file with any text editor and locate
the user that you want to assign the administrator role to.
- Add the SAPConnectorAdmin role to the comma-delimited roles attribute
for the user, and save the file.
Tip: You can also create
users and assign them the administrator role.
Here is an example
code snippet:<user name="craigmcc" password="secret"
roles= "standard, SAPConnectorAdmin" />
- For JDBCRealm
The user and role information
is stored in a directory server that is accessed by using LDAP. Add
the SAPConnectorAdmin role to existing users, or create users with
this role assigned, by following the standard procedures for your
environment.
- For JNDIRealm
The user and role information
is stored in a directory server accessed by using LDAP. Add the SAPConnectorAdmin
role to existing users, or create users with this role assigned, by
following the standard procedures for your environment.
- Tomcat provides account lockout security to lock access
after repeated login failures. The default setting is to lock the
user for 300 seconds (5 minutes) after five login failures. These
settings can be changed to enhance security. You can change the settings
by editing the $CATALINA_HOME/conf/server.xml file.
- Locate <Realm className="org.apache.catalina.realm.LockOutRealm" in
the server.xml file.
- Set the failureCount and lockOutTime attributes
to the values that you want.
The Realm element is as
follows for a 300-second lock out after five failures:
<Realm className="org.apache.catalina.realm.LockOutRealm"
failureCount="5" lockOutTime="300">
- After you change the failureCount or lockOutTime,
the server must be restarted for the changes to take effect.
Grant access to WebSphere Application
Server users
- For information about how to assign users and groups to
roles, see Assigning users and groups to roles.