Managing Sun JMS IQ Manager Users

This topic explains how to use a file-based realm to manage Sun JMS IQ Manager users. A realm is a collection of users, groups, and roles that are used in enforcing security policies.

For information about how to use a Lightweight Directory Access Protocol (LDAP)-based realm to manage Sun JMS IQ Manager users, see Using LDAP with Java CAPS.

Sun JMS IQ Manager User Names and Roles

By default, Sun JMS IQ Manager stores user information in the user store of Sun Java^TM System Application Server.

The application server includes the following default user. Java CAPS allows you to change the user name and password during installation.

Table 1–3 Default Application Server User

User Name	Default Password
admin	adminadmin

Roles enable you to organize users into groups. Each user name is associated with one or more predefined roles.

The following table describes the predefined roles for Sun JMS IQ Manager users.

Table 1–4 Predefined Roles (Sun JMS IQ Manager)

Role	Tasks Allowed
application	Enables clients to access the JMS IQ Manager.
asadmin	Enables use of the JMS control utility (stcmsctrlutil) or Enterprise Manager, and enables clients to access the JMS IQ Manager.

Disabling and Enabling the File-Based Realm

By default, Sun JMS IQ Manager is configured to use a file-based realm for user management.

You can disable and enable the file-based realm by using the Configuration Agent.

To Log In to the Configuration Agent

1. If the application server is not running, then start the application server.

2. In a browser, enter the following URL:

   http://hostname:portnumber/configagent

   Set the hostname to the TCP/IP host name of the computer where the application server is installed. Set the port number to the administration port number of the application server. For example:

   http://myserver.company.com:4848/configagent

   The Configuration Agent Security Gateway appears.

3. In the User ID field, enter an application server user name.

4. In the Password field, enter the corresponding password.

5. Click Login.

   The Configuration Agent appears.

To Disable the File-Based Realm

1. In the left pane of the Configuration Agent, click the JMS IQ Manager node (for example, IQ_Manager_18007).

2. Click the Access Control tab.

3. Clear the check box to the right of the Enable File Realm label.

4. Ensure that at least one other realm is selected, and that the Default Realm drop-down list is not set to the file-based realm.

5. Click Save.

To Enable the File-Based Realm

1. In the left pane of the Configuration Agent, click the JMS IQ Manager node (for example, IQ_Manager_18007).

2. Click the Access Control tab.

3. Ensure that the check box to the right of the Require Authentication label is selected.

4. Select the check box to the right of the Enable File Realm label.

5. Click Save.

Adding and Deleting Sun JMS IQ Manager Users

If you are using the file-based realm to manage Sun JMS IQ Manager users, then you add and delete users from the Sun Java System Application Server Admin Console.

To Add a Sun JMS IQ Manager User

1. Log in to the Admin Console.

2. In the left pane, expand the Configuration node, the Security node, and the Realms node.

3. In the left pane, select the admin-realm node.

4. Click Manage Users.

5. Click New.

6. In the User ID field, enter a name for the user.

7. In the Group List field, enter one of the Sun JMS IQ Manager roles: asadmin or application.

8. In the New Password and Confirm New Password fields, enter the password.

9. Click OK.

To Delete a Sun JMS IQ Manager User

1. Log in to the Admin Console.

2. In the left pane, expand the Configuration node, the Security node, and the Realms node.

3. In the left pane, select the admin-realm node.

4. Click Manage Users.

5. Select the check box to the left of the user.

6. Click Delete.