This topic explains how to use a file-based realm to manage Sun JMS IQ Manager users. A realm is a collection of users, groups, and roles that are used in enforcing security policies.
For information about how to use a Lightweight Directory Access Protocol (LDAP)-based realm to manage Sun JMS IQ Manager users, see Using LDAP with Java CAPS.
By default, Sun JMS IQ Manager stores user information in the user store of Sun JavaTM System Application Server.
The application server includes the following default user. Java CAPS allows you to change the user name and password during installation.
Table 1–3 Default Application Server User
User Name |
Default Password |
---|---|
adminadmin |
Roles enable you to organize users into groups. Each user name is associated with one or more predefined roles.
The following table describes the predefined roles for Sun JMS IQ Manager users.
Table 1–4 Predefined Roles (Sun JMS IQ Manager)
Role |
Tasks Allowed |
---|---|
Enables clients to access the JMS IQ Manager. |
|
Enables use of the JMS control utility (stcmsctrlutil) or Enterprise Manager, and enables clients to access the JMS IQ Manager. |
By default, Sun JMS IQ Manager is configured to use a file-based realm for user management.
You can disable and enable the file-based realm by using the Configuration Agent.
If the application server is not running, then start the application server.
In a browser, enter the following URL:
http://hostname:portnumber/configagent
Set the hostname to the TCP/IP host name of the computer where the application server is installed. Set the port number to the administration port number of the application server. For example:
http://myserver.company.com:4848/configagent
The Configuration Agent Security Gateway appears.
In the User ID field, enter an application server user name.
In the Password field, enter the corresponding password.
Click Login.
The Configuration Agent appears.
In the left pane of the Configuration Agent, click the JMS IQ Manager node (for example, IQ_Manager_18007).
Click the Access Control tab.
Clear the check box to the right of the Enable File Realm label.
Ensure that at least one other realm is selected, and that the Default Realm drop-down list is not set to the file-based realm.
Click Save.
In the left pane of the Configuration Agent, click the JMS IQ Manager node (for example, IQ_Manager_18007).
Click the Access Control tab.
Ensure that the check box to the right of the Require Authentication label is selected.
Select the check box to the right of the Enable File Realm label.
Click Save.
If you are using the file-based realm to manage Sun JMS IQ Manager users, then you add and delete users from the Sun Java System Application Server Admin Console.
Log in to the Admin Console.
In the left pane, expand the Configuration node, the Security node, and the Realms node.
In the left pane, select the admin-realm node.
Click Manage Users.
Click New.
In the User ID field, enter a name for the user.
In the Group List field, enter one of the Sun JMS IQ Manager roles: asadmin or application.
In the New Password and Confirm New Password fields, enter the password.
Click OK.