Configuring WebSphere to Use Anonymous Login

In WebSphere, you can disable security for a published business service, which directs the system to use anonymous login credentials.

Note: If you want to configure Anonymous login for a JAX-WS web service package on IBM WebSphere, see Configuring WebSphere to Use Anonymous Login.

This section provides an example of turning off the security for the CustomerManager reference implementation, which is a fully functional example of a published business service. Use it as an example to help you disable security for a particular published business service so that the system uses anonymous login instead.

To set up anonymous login on IBM WebSphere:

1. Locate ibm-webservices-bnd.xmi and ibm-webservices-ext.xmi, which are in the following two locations:

   • WebSphere Home\AppServer\profiles\profile name\config\cells\Cell Name\applications\Application Name\deployments\Server\Web Module\WEB-INF

   • WebSphere Home\AppServer\profiles\profile name\installedApps\Cell Name\Application Name\Web Module Name\WEB-INF

2. Make a backup of these two files in both locations.

3. Using the following example of the RI_CustomerManager web service, delete the bold text from both the ibm-webservices-bnd.xmi and ibm-webservices-ext.xmi files. You must delete the code from these files in both locations where the files reside:

   • In the ibm-webservices-bnd.xmi file, delete the text shown in bold in this code sample:

      <wsdescBindings xmi:id="WSDescBinding_1185554582312" wsDescNameLink="RI_CustomerManager">
        <pcBindings xmi:id="PCBinding_1185554582312" pcNameLink="RI_CustomerManagerHttpPort" scope="Application">
          
          <securityRequestConsumerBindingConfig xmi:id="SecurityRequestConsumerBindingConfig_1185554610375910436757521891737910436757521891737">
            <tokenConsumer xmi:id="TokenConsumer_1185554610375910436757521891737" classname="com.ibm.wsspi.wssecurity.token.UsernameTokenConsumer" name="UserTokenConsumer">
              <valueType xmi:id="ValueType_1185554610375910436757521891737" localName="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken" name="Username Token"/>
              <jAASConfig xmi:id="JAASConfig_1186013028227" configName="e1BssvLogin"/>
              <partReference xmi:id="PartReference_1185554610375910436757521891737" part="UserToken"/>
            </tokenConsumer>
          </securityRequestConsumerBindingConfig>    
        
        </pcBindings>
      </wsdescBindings>
     

   • In the ibm-webservices-ext.xmi file, delete the text shown in bold in this code sample:

      <wsDescExt wsDescNameLink="RI_CustomerManager" xmi:id="WsDescExt_1185554582328">
        <pcBinding pcNameLink="RI_CustomerManagerHttpPort" xmi:id="PcBinding_1185554582328">
          
          <serverServiceConfig xmi:id="ServerServiceConfig_118555460310966390350416797703696639035041679770369">
            <securityRequestConsumerServiceConfig xmi:id="SecurityRequestConsumerBindingConfig_118555460310966390350416797703696639035041679770369">
              <caller name="basicAuth" part="" uri="" localName="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken"/><requiredSecurityToken xmi:id="RequiredSecurityToken_11855546031096639035041679770369" name="UserToken" uri="" localName="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken" usage="Required"/>
            </securityRequestConsumerServiceConfig>
          </serverServiceConfig>
        
        </pcBinding> 
      </wsDescExt>
     

4. Restart the application server.