The topics listed here provide information about how to manage users in Sun JavaTM Composite Application Platform Suite (Java CAPS).
If you have any questions or problems, see the Java CAPS web site at http://goldstar.stc.com/support.
This category includes the following users:
The admin and Administrator users are responsible for creating these users and for assigning the appropriate roles.
User management changes take effect immediately. You do not need to restart the Repository.
For information about how to use a Lightweight Directory Access Protocol (LDAP) server to manage Repository users, see Using LDAP with Java CAPS.
The Repository includes the following default users.
Table 1–1 Default Repository Users
User Name |
Default Password |
---|---|
adminadmin |
|
STC |
User names can contain alphabetic, numeric, or underscore characters. User names must begin with an alphabetic character. Multibyte characters are not supported. User names are case sensitive.
Roles enable you to organize users into groups. Each user name is associated with one or more predefined roles.
The following table describes the predefined roles for Repository users. The default Repository users have all of these roles. When you create a user, you can limit what the user can do by assigning only the appropriate roles. The all role is mandatory for each user.
Table 1–2 Predefined Roles (Repository)
If a user has more than one role, then the user’s privileges are the combined privileges from all of the user’s roles.
The admin and Administrator users are the only users that can create other users.
You can add and delete Repository users from the NetBeans IDE.
In the NetBeans IDE, choose Tools > CAPS Repository > Maintain Users.
The User Management dialog box appears.
Click Add.
The second User Management dialog box appears.
In the User field, enter a name for the user.
User names can contain alphabetic, numeric, or underscore characters. User names must begin with an alphabetic character. Multibyte characters are not supported. User names are case sensitive.
In the Password field, enter a password for the user.
Multibyte characters are not supported.
In the Confirm Password field, enter the password again.
Each user is automatically assigned to the all role, which is required to connect to the Repository.
Click OK.
The user name is added to the list in the initial User Management dialog box. This user can now log in with the assigned user name and password.
Click Close.
In the NetBeans IDE, choose Tools > CAPS Repository > Maintain Users.
The User Management dialog box appears.
Select the user and click Delete.
The user is removed from the list.
Click Close.
You cannot delete the admin user or the Administrator user.
You can add and delete roles for a Repository user. You perform these procedures in the NetBeans IDE.
You cannot delete the all role for a user.
In the NetBeans IDE, choose Tools > CAPS Repository > Maintain Users.
The User Management dialog box appears.
Select the user and click Modify.
The second User Management dialog box appears.
Click Add Role.
The Add Role dialog box appears.
Select the desired role and click OK.
The new role appears in the list for the selected user.
Click OK.
Click Close.
In the NetBeans IDE, choose Tools > CAPS Repository > Maintain Users.
The User Management dialog box appears.
Select the user and click Modify.
The second User Management dialog box appears.
Select the role that you want to delete and click Delete Role.
The role disappears from the list.
Click OK.
Click Close.
The following procedure describes how users can change their password.
In the NetBeans IDE, choose Tools > CAPS Repository > Maintain Users.
The User Management dialog box appears.
Select the user and click Modify.
The second User Management dialog box appears.
In the Password field, enter the new password for the user.
Multibyte characters are not supported.
In the Confirm Password field, enter the password again.
Click OK.
Click Close.
You can create roles in addition to the predefined roles. This feature provides a means for organizing users into groups.
In the NetBeans IDE, choose Tools > CAPS Repository > Maintain Users.
The User Management dialog box appears.
Select the user and click Modify.
The second User Management dialog box appears.
Click Add Role.
The Add Role dialog box appears.
Click Create Role.
The Role dialog box appears.
In the Role field, type the name of the new role that you are creating.
Multibyte characters are not supported.
Click OK.
The new role has been added to the list.
Select the new role and click OK.
The role is added for the selected user.
Click OK.
Click Close.
This topic explains how to use a file-based realm to manage Sun JMS IQ Manager users. A realm is a collection of users, groups, and roles that are used in enforcing security policies.
For information about how to use a Lightweight Directory Access Protocol (LDAP)-based realm to manage Sun JMS IQ Manager users, see Using LDAP with Java CAPS.
By default, Sun JMS IQ Manager stores user information in the user store of Sun JavaTM System Application Server.
The application server includes the following default user. Java CAPS allows you to change the user name and password during installation.
Table 1–3 Default Application Server User
User Name |
Default Password |
---|---|
adminadmin |
Roles enable you to organize users into groups. Each user name is associated with one or more predefined roles.
The following table describes the predefined roles for Sun JMS IQ Manager users.
Table 1–4 Predefined Roles (Sun JMS IQ Manager)
Role |
Tasks Allowed |
---|---|
Enables clients to access the JMS IQ Manager. |
|
Enables use of the JMS control utility (stcmsctrlutil) or Enterprise Manager, and enables clients to access the JMS IQ Manager. |
By default, Sun JMS IQ Manager is configured to use a file-based realm for user management.
You can disable and enable the file-based realm by using the Configuration Agent.
If the application server is not running, then start the application server.
In a browser, enter the following URL:
http://hostname:portnumber/configagent
Set the hostname to the TCP/IP host name of the computer where the application server is installed. Set the port number to the administration port number of the application server. For example:
http://myserver.company.com:4848/configagent
The Configuration Agent Security Gateway appears.
In the User ID field, enter an application server user name.
In the Password field, enter the corresponding password.
Click Login.
The Configuration Agent appears.
In the left pane of the Configuration Agent, click the JMS IQ Manager node (for example, IQ_Manager_18007).
Click the Access Control tab.
Clear the check box to the right of the Enable File Realm label.
Ensure that at least one other realm is selected, and that the Default Realm drop-down list is not set to the file-based realm.
Click Save.
In the left pane of the Configuration Agent, click the JMS IQ Manager node (for example, IQ_Manager_18007).
Click the Access Control tab.
Ensure that the check box to the right of the Require Authentication label is selected.
Select the check box to the right of the Enable File Realm label.
Click Save.
If you are using the file-based realm to manage Sun JMS IQ Manager users, then you add and delete users from the Sun Java System Application Server Admin Console.
Log in to the Admin Console.
In the left pane, expand the Configuration node, the Security node, and the Realms node.
In the left pane, select the admin-realm node.
Click Manage Users.
Click New.
In the User ID field, enter a name for the user.
In the Group List field, enter one of the Sun JMS IQ Manager roles: asadmin or application.
In the New Password and Confirm New Password fields, enter the password.
Click OK.
Log in to the Admin Console.
In the left pane, expand the Configuration node, the Security node, and the Realms node.
In the left pane, select the admin-realm node.
Click Manage Users.
Select the check box to the left of the user.
Click Delete.
This category of user management refers to users who log in to Enterprise Manager to manage running Java CAPS applications.
For information about how to use a Lightweight Directory Access Protocol (LDAP) server to manage Enterprise Manager users, see Using LDAP with Java CAPS.
Enterprise Manager includes the following default users.
Table 1–5 Default Enterprise Manager Users
User Name |
Default Password |
---|---|
adminadmin |
|
STC |
Roles enable you to organize users into groups. Each user name is associated with one or more predefined roles.
The following table describes the predefined roles for Enterprise Manager users. The default Enterprise Manager users have all of these roles. When you create a user, you can limit what the user can do by assigning only the appropriate roles.
Table 1–6 Predefined Roles (Enterprise Manager)
Role |
Tasks Allowed |
---|---|
Deploy and undeploy applications, manage servers, and monitor deployments. |
|
Manage users of Enterprise Manager. |
|
View information about Project components (not including Java Message Service components). |
|
Start, stop, and restart Project components (not including JMS components) and servers. |
|
View information about JMS components and messages. |
|
Create, edit, and delete JMS messages and destinations. |
|
Manage the management applications and view application routing information. |
Enterprise Manager relies on a security gateway for centralized authentication.
When a user tries to access Enterprise Manager, the gateway displays a login page. The user must enter a user name and password. If the user name and password are valid, then the home page of Enterprise Manager appears.
Enterprise Manager is composed of various management applications. All of the management applications rely on the security gateway for authentication. After a user is authenticated during the login procedure, the user can access each management application without needing to reenter the user name and password. This feature is called single sign-on.
When a user exits Enterprise Manager and then attempts to log in at a later time, the gateway once again displays the login screen.
You can add and delete Enterprise Manager users. To perform these tasks, you must have the User Management role.
The following screen capture shows the Users List page.
In order for the JMS Read-Only Monitor and JMS Read-Write Monitor roles to function correctly, the Read-Only Monitor role must be checked. If you select either role without checking the Read-Only Monitor role, then Enterprise Manager automatically checks the Read-Only Monitor role.
In the Explorer panel of Enterprise Manager, click User Management.
The Users List page appears.
Click Add New User.
The Add/Edit User window appears.
In the User Name field, enter a name for the user.
The user name is case sensitive.
In the Password field, enter a password for the user.
In the Confirm Password field, enter the password again.
(Optional) In the Description field, enter a description for the user.
Select one or more predefined roles.
Click Submit.
In the Explorer panel of Enterprise Manager, click User Management.
The Users List page appears.
In the Available Actions column, click Remove.
You cannot delete the admin user or the Administrator user.
You can edit Enterprise Manager users. For example, you can change the password of an existing user.
To perform this task, you must have the User Management role.