Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.
Share on:

Disable Security in IBM WebSphere Application Server

Untitled-1200-×-385-px-4
Invicti Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

There might be a situation where you need to disable the security to get into WAS DMGR console. This usually happens when: –

  • You forget the credential
  • Someone changed the password
  • Messed up the SSL/Security configuration or security.xml

Are you in a situation where you need to get into WAS Deployment Manager without the credential?

There are two ways to disable the security. So choose the one you like.

First procedure – using wsadmin

  • Go to DMGR Profile path and bin folder
  • Execute wsadmin.sh to get wsadmin prompt
[root@localhost bin]# ./wsadmin.sh
WASX7209I: Connected to process "dmgr" on node localhostCellManager01 using SOAP connector; The type of process is: DeploymentManager
WASX7029I: For help, enter: "$Help help"
wsadmin>
  • Execute securityoff command as shown below
wsadmin>securityoff
LOCAL OS security is off now but you need to restart server1 to make it affected.
wsadmin>
  • Execute exit command to get out from wsadmin utility
  • Restart the DMGR to get this effective

Try to access WAS DMGR Console now, and it shouldn’t prompt for any credential.

Second procedure – modifying security.xml

Take a backup of security.xml, it’s located under DMGR profile/config/cells/CellName. If you are not sure, you can use find command to search security.xml

  • Modify security.xml using the vi editor
  • Search for enabled=true (as shown below)

was-disable-security

  • Change true to false (as shown below)

was-disable-security-config

  • Save the file and restart the DMGR

That’s it. Now you can access WAS DMGR without a password.

Tip: to put the security back, you need to do following….

  • Invoke wsadmin.sh
  • Execute securityon command
  • Restart the DMGR

I hope one of the above procedures help you in disabling security to get into WAS Admin console.

Looking to build skills in Cloud Computing? Check out this beginner guide.

Thanks to our Sponsors
More great readings on WebSphere
Power Your Business
Some of the tools and services to help your business grow.
  • Invicti uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities and generate actionable results within just hours.
    Try Invicti
  • Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.
    Try Brightdata
  • Semrush is an all-in-one digital marketing solution with more than 50 tools in SEO, social media, and content marketing.
    Try Semrush
  • Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.
    Try Intruder