Configuring WebSphere to Use Anonymous Login
In WebSphere, you can disable security for a published business service, which directs the system to use anonymous login credentials.
This section provides an example of turning off the security for the CustomerManager reference implementation, which is a fully functional example of a published business service. Use it as an example to help you disable security for a particular published business service so that the system uses anonymous login instead.
To set up anonymous login on IBM WebSphere:
Locate ibm-webservices-bnd.xmi and ibm-webservices-ext.xmi, which are in the following two locations:
WebSphere Home\AppServer\profiles\profile name\config\cells\Cell Name\applications\Application Name\deployments\Server\Web Module\WEB-INF
WebSphere Home\AppServer\profiles\profile name\installedApps\Cell Name\Application Name\Web Module Name\WEB-INF
Make a backup of these two files in both locations.
Using the following example of the RI_CustomerManager web service, delete the bold text from both the ibm-webservices-bnd.xmi and ibm-webservices-ext.xmi files. You must delete the code from these files in both locations where the files reside:
In the ibm-webservices-bnd.xmi file, delete the text shown in bold in this code sample:
<wsdescBindings xmi:id="WSDescBinding_1185554582312" wsDescNameLink="RI_CustomerManager"> <pcBindings xmi:id="PCBinding_1185554582312" pcNameLink="RI_CustomerManagerHttpPort" scope="Application"> <securityRequestConsumerBindingConfig xmi:id="SecurityRequestConsumerBindingConfig_1185554610375910436757521891737910436757521891737"> <tokenConsumer xmi:id="TokenConsumer_1185554610375910436757521891737" classname="com.ibm.wsspi.wssecurity.token.UsernameTokenConsumer" name="UserTokenConsumer"> <valueType xmi:id="ValueType_1185554610375910436757521891737" localName="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken" name="Username Token"/> <jAASConfig xmi:id="JAASConfig_1186013028227" configName="e1BssvLogin"/> <partReference xmi:id="PartReference_1185554610375910436757521891737" part="UserToken"/> </tokenConsumer> </securityRequestConsumerBindingConfig> </pcBindings> </wsdescBindings>
In the ibm-webservices-ext.xmi file, delete the text shown in bold in this code sample:
<wsDescExt wsDescNameLink="RI_CustomerManager" xmi:id="WsDescExt_1185554582328"> <pcBinding pcNameLink="RI_CustomerManagerHttpPort" xmi:id="PcBinding_1185554582328"> <serverServiceConfig xmi:id="ServerServiceConfig_118555460310966390350416797703696639035041679770369"> <securityRequestConsumerServiceConfig xmi:id="SecurityRequestConsumerBindingConfig_118555460310966390350416797703696639035041679770369"> <caller name="basicAuth" part="" uri="" localName="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken"/><requiredSecurityToken xmi:id="RequiredSecurityToken_11855546031096639035041679770369" name="UserToken" uri="" localName="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken" usage="Required"/> </securityRequestConsumerServiceConfig> </serverServiceConfig> </pcBinding> </wsDescExt>
Restart the application server.