Web Administration Interface and File-Based Security: IBM Integration Bus

L10
IBM Integration Bus
Web Administration Interface

and File-based Security
Featuring:
 Deployment of Applications and Libraries from Web UI

 Explore Web UI without security
 Configuring Web UI with role-based security
 Explore Web UI with security
 BAR deploy and BAR override
 Toolkit authorization
 Operational Policy administration
 Resource Statistics
June 2015
Hands-on lab built at product
Version 10.0.0.0
IBM Integration Bus V10 Workshop June 2015
1. INTRODUCTION................................................................................................................................. 3
1.1 RESET IB10NODE SECURITY ................................................................................................... 3

1.2 OUTLINE OF LAB ...................................................................................................................... 4
2. PREPARE THE IB10NODE APPLICATIONS ............................................................................... 5
2.1 APPLICATION DEPLOYMENT IN W EB UI ...................................................................................... 5

2.2 OVERRIDING BAR FILE ........................................................................................................... 11
3. EXPLORE WEB ADMIN INTERFACE (NO SECURITY) ............................................................ 15
3.1 ADMINISTRATION .................................................................................................................... 15

3.2 INTEGRATION NODE AND SERVER PROPERTIES ........................................................................ 18
4. CONFIGURE ROLE-BASED SECURITY FOR WEB USERS .................................................... 21
4.1 ACTIVATE SECURITY FOR IB10NODE ..................................................................................... 22

4.2 DEFINE ADMINISTRATION ROLES AND SET FILE-BASED PERMISSIONS ......................................... 24
4.3 DEFINE THE WEB USERS FOR IB10NODE ............................................................................... 26
5. USING THE WEB ADMIN INTERFACE WITH SECURITY ........................................................ 28
5.1 THE W EB ADMIN INTERFACE FOR A READ-ONLY USER .............................................................. 28

5.2 THE W EB ADMIN INTERFACE FOR A USER WITH WRITE ACCESS ................................................. 32
5.3 THE W EB ADMIN INTERFACE FOR A USER WITH ‘ALL’ ACCESS .................................................... 37
5.4 ADMINISTRATION OF OPERATIONAL POLICY ............................................................................. 42
5.4.1 Handle Configurable Services ......................................................................................... 44
6. INTEGRATION TOOLKIT AUTHORIZATION ............................................................................. 48
7. RESOURCE STATISTICS ........................................................................................................... 52
END OF LAB GUIDE ....................................................................................................................... 56
Page 2 of 56 Version 10.0.0.0

Web Administration and File-based Security
Provided by IBM BetaWorks
1. Introduction
IBM Integration Bus V10 has enhanced the web browser user Interface allowing administration of
Integration Nodes. This has replaced the majority of the admin function that was previously available
in the IB Explorer (IBX). A small amount of function was moved from the IBX to the Integration Toolkit
– Configurable Services, Policy sets.
The Web User Interface (known in this document as the Web UI) provides the following capabilities:
1. Ability to allow defined web users to perform administration at defined level

2. Ability to perform update actions against deployed resources (start, stop, etc.)
3. Ability to view trace and log files through the Web UI
4. Ability to view and update Node policy documents
5. Ability to deploy application BAR files
6. Resource statistics
This lab will demonstrate some of these points, while others are the subject of separate labs.
1.1 Reset IB10NODE security
The first part of this lab assumes that security has not been activated for IB10NODE. If security has
been activated on your system, deactivate it now. To check, run the command below in the Integration
Console:
mqsireportbroker IB10NODE
Ensure that you see the line
Administration security = 'inactive'
To set security off, use the following commands in an Integration Command Console:
mqsistop IB10NODE
mqsichangebroker IB10NODE -s inactive
mqsistart IB10NODE

1.2 Outline of Lab

This lab will show you the following functions:
 Deployment of applications and libraries from the Web UI;
 Explore Web UI without security
 Configure Web UI with role-based security:
o Activate file-based security;

o Set administration roles
o Define web users
 Explore Web UI with role-based security:
o Web UI for ‘Read-only’ user

o Web UI for ‘Read/ Write’ user
o Web UI for ‘Read/ Write/ Execute’ user

2. Prepare the IB10NODE applications
2.1 Application Deployment in Web UI
1. One of the first enhancements that you will explore in the new Web UI is the ability to deploy BAR
files. If not already open, open the Web User Interface in your Browser.
From the Integration Toolkit, right-click IB10NODE and select ‘Start Web User Interface’:
2. You may get the ‘untrusted connection error’ when the Browser has opened.
Click on ‘I understand the Risks’, then ‘Add Exception’.
‘Confirm Security Exception’ on the following dialog.

3. We will be using the integration server ‘server1’.
Expand ‘Servers’ and click ‘server1’ to see its details
4. If you have done previous labs, you may already have resources deployed in this server. We want to
deploy fresh copies of the applications to the integration server, so delete any current resources.
Under the ‘server1’ Integration Server, expand ‘Applications’, click to open the context menu available
for the application and select Delete.
5. Respond ‘Yes’ when prompted to confirm the delete of the resource.
Do the same for all deployed resources under ‘server1’.

6. Click open the context menu next to ‘server1’. Click ‘Deploy’.
7. This will open the dialog for BAR deployment.
Click ‘Browse’ as shown and navigate to C:\student10\Integration_service\solution

8. Select ‘EmployeeServiceInterface.V10.bar’ and click open:
9. A message is shown that there are ‘No configurable properties found’ in this shared library. This
means that the shared library that is being deployed does not include any configurable properties.
Click ‘Deploy’ in the ‘Deploy BAR File’ window:

10. Repeat steps 5 and 6. This time select EmployeeService.V10.bar’ file and click ‘Open’.
In the ‘Deploy BAR File’ preview window you will see that the ‘Deploy Preview’ table has been
populated with properties existing in the BAR file. Note that you need to expand
‘EmployeeService.appzip’ to be able to see them.
In the ‘Values’ column some of the properties show <unset>. This means that these properties could
be configured (this will be shown later in the lab).
Once finished reviewing, click the ‘Deploy’ button.

11. Repeat the above step and deploy ‘EmployeeService_JSONClient.V10.bar’ only this time import from
C:\student10\Integration_service_JSONClient\solution folder.
Again, feel free to explore the properties and their values in the deployment table.
Please note that it may take a few seconds to see the updated view while the resources are being
deployed.
You should now have resources on ‘server1’ under ‘Services’, ‘Applications’ and ‘Shared Libraries’
categories:
12. To see which applications or services reference the shared library, expand
‘EmployeeServiceInterface’ then ‘Referenced by’. You will see the service and application that you
imported in the previous steps.

2.2 Overriding BAR file

The Web UI in Integration Bus V10 allows you to override BAR files during the process of
deployment. The ‘override’ uses a file with an extension ‘.properties’., In the file, new values are
specified for the properties that need to be set.
1. The override file for this lab has been created and is provided for you.
Using Windows Explorer, go to C:\student10\Integration_service_JSONClient\solution folder and

right-click Override_JSONClient.properties.
From the menu select ‘Edit with Notepad++’.
2. In the override file, the properties that will be overridden are specified following the message flow name
that they refer to.
For the URL property in addition to the message flow name, the (HTTP) Node name is specified.
The property names can be seen from the ‘Deploy BAR File’ window (step 2.1.9)
No changes will be made here so once finished viewing the file close it.
3. In the Web UI click again on the context menu next to ‘server1’ and then ‘Deploy’.

4. Navigate to C:\student10\Integration_service_JSONClient\solution folder and select

‘EmployeeService_JSONClient.V10.bar.
Click ‘Open’.
5. In the ‘Deploy BAR File’ window you can see again the content of the BAR file expand
EmpServ_JSON_getEmployee.
In the ‘Value’ column you are presented with the properties that can be configured.
<unset> refers to a property that has not been set. You can set the property using an override file.
You will see two of the properties which were present in the override file.

6. Scroll down and expand the HTTP Input node properties.
The URLSpecifier is the third property that you will override in the next step.
From the context menu next to ‘Overrides’ click on ‘Select overrides file’.

7. Select ‘Override_JSONClient.properties’ from

C:\student10\Integration_service_JSONClient\solution directory and click ‘Open’.
8. Now the URLSpecifier value has changed to /empServClient_getEmployee_Override
9. Scroll up to see the other two properties that were overridden.
Now they their values have been set accordingly based on the values in the override file.
10. To restore the original property values from the BAR file, click the down arrow beside Overrides and
click Clear overrides file and Cancel the deploy.

3. Explore Web Admin Interface (no security)
3.1 Administration
1. You may have noticed in the top right corner of your web browser that you are logged in as a ‘Default’
user.
2. Click IB10NODE. In ‘Quick View’, you will see that ‘Admin Security’ is ‘Off’.
In this scenario, the default user has full update access to all deployed broker resources.
If you have enabled the web admin http listener, and security is not active for the node, then any user
will be able to access the Web UI.

3. In the Servers section, expand ‘server1’. Expand the deployed Applications and Services. You should
see the applications you just deployed in the previous step.

4. You will see that you can Start and Stop the Services and Applications, as well as any defined server.
Click the server1 context menu – and select Stop.
5. Wait for it to show stopped (red down arrow). Notice that you are not able to view any Services or
Applications (as in the Integration Toolkit when an Integration Server is stopped).
Select the context menu again and select Start. The server will start and show a green “up arrow”.
.
3.2 Integration Node and Server properties
1. Click IB10NODE and then ‘Edit’:
2. This will open a table with various Integration Node properties. You can change any of the properties
by clicking the button in the far right column against each property.
Click to change the ‘Short Description’ of the Integration Node.

3. In the dialog type ‘Workshop Node’ and Click OK.
4. To save any changes that you have made to the Integration Node’s properties, click the ‘Save’ button:
5. Click ‘server1’ and then the ‘Edit’ button on the right, to view/edit properties for the Integration Server:

6. This will open a table with the Integration Server’s properties, which you can edit if required:
Scroll down to view the available Integration Server properties.
Previously, users of IBM Integration Bus were able to change these parameters in Integration Explorer. As
IBM Integration Bus V10 has removed Integration Explorer, all the administration is available in the Web UI
tool.
7. You will not be making any changes here at this time, so when finished exploring click ‘Cancel’

4. Configure role-based security for web users

Administration security controls the rights of users to complete administrative tasks for an integration
node and its resources.
IBM Integration Bus V10 provides the ability to control access to Integration node resources through the
Web user interface and REST application programming interface (API). All the Nodes administration
functions can be viewed and controlled, as well as all the functionality that in previous IIB releases was
available through IBM Integration Explorer. Different web users can have different access rights across
these functions, and access can be granted, denied or revoked quickly.
IBM Integration Bus V10 allows role-based security to be achieved by using one of two options:
 Security functions based on Integration Bus and WebSphere MQ;

 File-based security in IBM Integration Bus.
While the user has the option to choose how to implement the role-based security, based on their
infrastructure, this guide will show the new functionality for IBM Integration Bus V10 - enabling file-based
security.
The access authorities are defined against a set of user definitions which represent the available security
roles. A role is a set of security permissions that control access to an integration node and its resources,
and each web user account is associated with a particular role. The permissions are checked to
determine a web user's authorization to perform tasks in the web user interface or the REST application
programming interface (API). Each web user is then defined to use one or more of these security roles.
For the purposes of this lab, you will create several user roles. Then you will create web users and assign
them to one of the defined roles:
1. iibRole1 (for Node administration access, read-only)

2. iibRole2 (for Node administration access, read, write functions)
3. iibRole3 (for Node administration access, all functionality)

4.1 Activate security for IB10NODE

1. Open an Integration Console by double-clicking the desktop shortcut or from the Windows start menu.
Security can only be activated whilst the integration node is shutdown, so issue the following
commands
mqsistop IB10NODE
When you issue the mqsistop, you will see that the Browser page is greyed with a message
indicating that “Real-time updates are disabled”.
2. To view in the Integration Console if the administration security is active and the authorization mode
with the following command:
mqsireportauthmode IB10NODE
You will receive the response:
BIP8930I: Integration node name 'IB10NODE'

Administration security = 'inactive'
Authorization mode = 'mq'
As expected the administration security is returned as ‘ inactive’.
Since our Integration Node has been created using a Queue Manager, its default authorization mode
is ‘mq ’.

3. Turn on the administration security and change the authorization mode with the command:
mqsichangeauthmode IB10NODE -s active -m file
You should see the response:
BIP8071I: Successful command completion.
Restart the Node with the following command:
mqsistart IB10NODE
4. After a short while, reload the browser page by clicking the indicator in the address page.
5. You are now presented with a sign-on screen since security has been activated.
Before you can continue, we must configure security so you are able to sign in, so continue with the
next step.

4.2 Define administration roles and set file-based permissions

You will now create administration roles and grant administration authorities to these roles. These
will be referenced by the Integration Bus web user definitions.
Three levels of authorization are supported for IBM Integration Bus administration security: read,
write, and execute. You can assign permissions to a role (user) by specifying the type of
permission followed by a plus (+) to grant permissions, or a minus (-) to revoke permissions.
The following table shows the file-based authorities that are required for different types of users in
this lab guide:
Role Authority
--------- ------------
iibRole1 read
iibRole2 read, write
iibRole3 read, write, execute (all)
These authorities are related to actions as follows:
 read – view resources

 write – view resources, create Integration Servers and modify their settings
 execute – start, stop, deploy and modifying resources
1. Check if there are any roles defined on the Integration Node by running the command:
mqsireportfileauth IB10NODE -l
You should see the response:
No defined roles have been returned.
2. Create iibRole1 by running the command:
mqsichangefileauth IB10NODE
-r iibRole1
-p read+
Response:

-r iibRole2
-p read+,write+
Response: BIP8071I: Successful command completion.
-r iibRole3
-p all+
5. Re-run the command for displaying any defined roles:
mqsireportfileauth IB10NODE -l
The returned response should be as below:
BIP8931I: Role = 'iibRole1', Resource = '', Permissions = 'read+,write-,execute-

'
BIP8931I: Role = 'iibRole2', Resource = '', Permissions = 'read+,write+,execute-
'
BIP8931I: Role = 'iibRole3', Resource = '', Permissions = 'read+,write+,execute+
'

4.3 Define the web users for IB10NODE

1. Define an Integration Bus web user for read-only access. This user will be able to see what
applications are deployed, but will not be able to control the status of these applications.
In an Integration Bus Command Console, run the command
mqsiwebuseradmin IB10NODE
-c
-u admin1
-a passw0rd
-r iibRole1
This command will define a new web user, admin1. The user will have the security profile
defined by the associated role, which in this case will mean that the user can only view the
broker and any deployed applications.
2. Define an Integration Bus web user for read/write access. This user will be able to see what
applications are deployed, and will have administration privileges to change properties on the
Integration Node and Integration Server.
In a Integration Console, run the command
-c
-u admin2
-a passw0rd
-r iibRole2
defined by the associated role, which in this case will mean that the user will be able to view
the broker and execution groups, and edit their properties. Also, the user will be able to view
the deployed resources.

3. Define an Integration Bus web user for all access. This user will be able to see what
applications are deployed, and will be able to control completely the resources (start/stop,
etc).
In a Integration Console, run the command
-c
-u admin3
-a passw0rd
-r iibRole3
defined by the associated role, which in this case will mean that the user will be able to view
the broker and execution groups, and any deployed applications, as well as control their
status.
4. Display the newly-defined web users by running the command
mqsiwebuseradmin IB10NODE - l
The response received should be as below:
BIP2837I: Web user 'admin1' is defined as having a role of 'iibRole1'.


5. Using the Web Admin interface with security

5.1 The Web Admin interface for a read-only user
Now that security has been configured for Web Admin users, we will login as the admin1 user, which is
read-only, and see what the browser interface offers for someone who can only view the Integration
Node.
1. You should have your Firefox web browser window still open with the ‘IBM Integration’ log in page.
Login with the userid ‘admin1’ (password is passw0rd).
2. This user has read-only access to the node.
Note that the Quick View will now show you that Admin Security is active.
Expand the ‘Servers’ category, by clicking the twisty.

3. You will see that you are presented with the available servers but you are not able to view any of the
resources.
Yes, you have guessed correctly – although we gave the role iibRole1 ‘read’ authorities, we
specified this at a Node level. This allows more ‘granular’ approach by authorization for individual
servers completed with a separate command (shown in the next step).
4. The IIB file-based authorization allows you to change the roles’ permissions without a restart of the
Integration Node – the changes are picked up dynamically
In the Integration Console, run the command:
-e server1
-r iibRole1
-p read+
The Integration Server has been specified with the parameter -e server1, which means that
now you are applying the permissions at the integration server’s level.
5. Back in the Browser, refresh the page and log in again as user ‘admin1’
You will now see that to the left of ‘server1’ now there is a twisty, allowing you to view the resources
in ‘server1’.
Expand server1.

6. You can now view the resources on the Integration Server. Notice that although you are able to
expand the server1 resources folders you do not have permission to start, stop or other actions to
the deployed artefacts.
7. Click on the arrow to the right of ‘Servers’ and then ‘Create’:

8. In the opened dialog type ‘admin1server’ and click ‘OK’:
9. You will see a message is shown above the ‘Overview’ tab that the Integration Server cannot be
created. Hover with your mouse over the notification and you will notice that this is a hyperlink, so
click on it.
10. You will see a detailed message, explaining why the attempt has failed:

5.2 The Web Admin interface for a user with write access
Now that security has been configured for Web Admin users, we will login as the admin2 user which is
the ‘read/write’ user. This user has functionality for viewing resources, editing properties for Integration
Node and Integration Server and for creating Integration servers.
1. After exploring the facilities for admin1, logout admin1.
Click the pull-down beside the Welcome, admin1 banner and select Log Out.
2. Log in as admin2 (password is passw0rd).
3. Expand ‘Servers’ and you will see that although you can view the available servers, the role to which
admin2 is associated is not authorized for ‘server1’.
This is because admin2 has read/write access for IB10NODE, but not for any servers.

4. In the Integration Console, run the command:
-e server1
-r iibRole2
-p read+,write+
This will allow this role to view the resources on server1, create and modify integration server.
5. In the Web UI, refresh the login for admin2 (F5 or refresh button).
You are now able to view the server resources as admin1 but again you are not able to do any
administration on the resources.
Highlight ‘server1’ server. You will see there is an ‘Edit’ button (which was not available for ‘admin1’).
Click the button.

6. The table with the server1’s properties is opened and the user ‘admin2’ has authorities to change its
settings.
You will not make any changes here, so when finished reviewing, click ‘Cancel’.
The user admin2 has the same permissions for changing setting on the IB10NODE.

7. Click the arrow on the right of ‘Servers’ and then ‘Create’:
8. In the dialog enter ‘admin2server’ and click ‘OK’:
9. Shortly, you will see that a new Integration server has been created. The user ‘admin2’ has ‘write’
authorities, which allows creating a new server on the Integration Node.
However, even though this user has created the Integration Server, the administrator has to authorize the
role to which ‘admin2’ is associated to perform any actions on the new server such us start/stop.

10. In the Integration Console run the command;
-e admin2server
-r iibRole2
-p read+,write+
This sets the permissions for this role on the ‘admin2server’ server as read and write.
11. Refresh the Browser window and log in as ‘admin2’ again (you may be automatically logged in after the
refresh).
Now, the web user is able to view the newly created server and its resources (although no resources
have been deployed at this point).
12. Log out the user admin2.

5.3 The Web Admin interface for a user with ‘all’ access
We will now login as the admin3 web user which has full authorities. This user has full functionality for the
resources including stop/ start deployment of applications and start/stop statistics.
1. Although admin3 has full authorities for the resources on the node, the administrator still has to give
permissions to the role, to which the web user is aligned for a particular Integration Server.
Run the command:
-e server1
-r iibRole3
-p all+
2. Log in as ‘admin3’ (password is ‘passw0rd’):
3. Expand the ‘Servers’ group, then ‘server1’.
You may have noticed that now, on the right side of ‘server1’ there is an arrow, which was not there
for admin1 and admin2 web users. Click on it.

4. You will see that a new drop-down menu has opened showing all the administration tasks that web
user admin3 can perform. Click on ‘Stop’ to stop the Integration Server.
5. After a few seconds you will see that the integration server has stopped, shown with a little red arrow
pointing down.

6. Expand the menu again and click on ‘Start’ to start the Integration Server again. As expected, most of
the available actions have been greyed out because the server is stopped.
7. When the Integration Server starts, expand the ‘Applications’ group and then click on the twisty next to
the ‘EmployeeService_JSONClient’ application. From the pull-down menu, click on ‘Stop’:

8. The application and all its flows have been stopped, shown with red arrows pointing down:
9. Expand the pull-down menu and start the application again

10. Once the application has been started, click on ‘EmployeeService_JSONClient’. On the right, expand
‘Advanced Properties’ and ‘Deployed Properties’
The Quick View panel displays important information about the application such as its name, UUID,
Run Mode.
Advanced Properties and Deployed Properties show more detailed information.
11. Log out user admin3.

5.4 Administration of Operational Policy

In this part of the lab you will explore the administration of MQEndpoint Policy from users with
different permissions based on the roles they have been assigned to.
1. In the Integration Console, navigate to c:\student10\webadmin\Install and type the following

command:
mqsicreatepolicy IB10NODE
-t MQEndpoint
–l WebAdminPolicy
-f MQEndpointSample.xml
The command references a provided MQEndpoint configuration policy file MQEndpointSample.xml,

which has been provided for you.
The result you see should be as below:
2. Log in to the Web UI as admin1 (passw0rd).
Under IB10NODE, expand Operational Policy  MQEndpoint and click on the newly created policy.
This user has ‘read-only’ permission and is only able to view the defined values.
The values specified have been taken from the policy configuration file.

3. Log in to the Web UI as admin3 (passw0rd).
Navigate to the newly created policy and click on it..
This user has ‘all’ permissions and is able to re-configure the policy details and to delete it.
4. In the Integration console run the command from step 1, but this time use the flag –i to specify a user,
their password and hostname.
mqsicreatepolicy IB10NODE
-t MQEndpoint
-i tcp:\\admin3:passw0rd@betaworks-esb10
–l admin3_policy
-f MQEndpointSample.xml

5. In the command console a message will be returned (BIP1921S) notifying you that the node cannot
be reached (if you are using the workshop VMware image supplied).
The reason this message is returned is because on the IB10NODE the SSL has been enabled. If you
would like multiple users to connect to a remote integration node that has SSL enabled on its web
administration port to execute a command, you will need to use .broker file.
This is not subject of this lab. Please refer to IBM Knowledge Center for more information.
5.4.1 Handle Configurable Services
1. In the Web UI log in as admin1 (passw0rd)
Expand ‘Operational Policy’ -> ‘Configurable Services’ -> ‘ActivityLog’.
Click ‘ActivityLogTemplate’:
You remember that web user ‘admin1’ was assigned to a role that has only ‘read’ permissions.
Therefore admin1 can only view the Configurable Services but not their details.

2. Log in as user ‘admin2’ and again expand ‘Activity Log:
Since admin2 web user has ‘read’ and ‘write’ permissions (assigned to the iibRole2), the user is able
to view the Configurable Service template and edit using the ‘Edit’ button.
In addition, you can see that next to Configurable Services and ActivityLogTemplate there are arrows.
Click the arrow next to ‘Configurable Services’.
3. In the drop-down menu, select ‘Create’:

4. Name the new Configurable Service ‘NewConfigService’.
As a type, leave ‘ActivityLog’.
Note that from the drop-down menu you are able to select and create any Configurable service. The
selected type will update its corresponding ‘Properties’ template.
Save the new Configurable Service without making any other changes.
5. You are now able to see the new Configurable Service that you created. Click the arrow next to it. You
will see that admin2 user has permissions to delete and export the configurable service. Click ‘Export
*.configurableservice’.

6. Click ‘Save File’ and then ‘OK’.
7. Navigate to c:/student10/webadmin and click ‘Save’.
Now you have the Configurable Service saved on your file system.
8. Log out admin2.

6. Integration Toolkit Authorization

The defined Web users’ authorities also apply for a remote connection of an Integration Toolkit to
existing Integration Node.
1. Create a remote connection to IB10NODE from the Integration Toolkit.
2. Connect as ‘admin3’, providing the connection details as below:
Host: betaworks-esb10
Port: 4421
Integration Node: IB10NODE
Use SSL: ticked

3. Click ‘Finish’.
You may see a progress information window to which you may have to respond before continuing.
4. You will be presented with a dialog, where you will need to confirm the Trust certificate.
Click on ‘Trust Certificate’ to continue.
5. Expand server1 under the ‘remote’ connection and you will see all the deployed resources
User admin3 will also have the permissions to deploy resources from the Integration Tookit, which
will not be explored at this time.

6. Click on the newly created connection and then ‘Remove Connection’.
7. Once the previous step has been completed, create a new connection repeating step 6.1 and 6.2,
only this time user will be admin1. Click ‘Finish’.

8. You will receive an error message, pointing that the role to which the user is assigned does not have
the required permissions.
Click OK.
9. In the Integration Nodes view you will see that the remote connection has been created.
However, even though you have connected as a user with ‘Read’ permissions, you are not able to
see the resources deployed to server1.
The reason for this restriction is that the Integration Toolkit is designed to ‘develop and deploy’.
Therefore, the user is not allowed to view resources on a node to which they do not have permission
to deploy.
Please note that you may be able to open Policy Sets editor and make edits, but you will not be
able to save them as admin1 does not have the permission for that.

7. Resource Statistics
In this part of the lab, you will explore the IBM Integration Bus Resource Statistics available in the
Web UI.
1. Log in to the Web UI log in as admin3 (passw0rd).
Once logged in, click the arrow next to ‘server1’ and from the menu select ‘Resource statistics on’.

2. A message will appear once the resource statistics have been turned on.
Click the ‘Resource Statistics’ tab.
3. The data has started being collected and shortly you will see values for the three default parameters –
Initial memory, Used Memory and Committed Memory.

4. To the right of the graphs there are tables with data about the resource. This is where you can change
the resource shown on the graph.
Click the arrow to view the available resources. Currently displayed resource is highlighted.
Do not change the selection at this time.
5. Scroll down to see ‘server1 resource statistic’ table.
Click to the left of each resource and you will see that a different colour is assigned to each resource.
Along with that, the selected resources are added colour coded to the graphs above so you can easily
identify the resource and compare it with others.

6. Hover over any of the graphs with the mouse. You will see that the graphs are highlighted and the
values used to draw them are shown as dots. Placing the mouse over any of the dots will show its
value.
7. From the Start menu, open SoapUI.
Expand ‘EmployeeService’ completely and double-click on the saved test ‘Employee 000010’.
Run the test a few times by click on the green button.

8. Back in the resource statistics view in the Browser you will see that this has reflected in the captured
resource statistics.
As a final step stop the integration node and turn off the administration security:
mqsistop IB10NODE
mqsichangebroker IB10NODE –s inactive
This concludes the Web Admin lab. Web users with the required authorization can administer services,
applications and other resources on the Integration Node.
END OF LAB GUIDE


Web Administration Interface and File-Based Security: IBM Integration Bus

Uploaded by

Copyright:

Available Formats

Web Administration Interface and File-Based Security: IBM Integration Bus

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Web Administration Interface and File-Based Security: IBM Integration Bus

Uploaded by

Copyright:

Available Formats

L10

IBM Integration Bus

Web Administration Interface

 Deployment of Applications and Libraries from Web UI

1.1 RESET IB10NODE SECURITY ................................................................................................... 3

2. PREPARE THE IB10NODE APPLICATIONS ............................................................................... 5

2.1 APPLICATION DEPLOYMENT IN W EB UI ...................................................................................... 5

3. EXPLORE WEB ADMIN INTERFACE (NO SECURITY) ............................................................ 15

3.1 ADMINISTRATION .................................................................................................................... 15

4. CONFIGURE ROLE-BASED SECURITY FOR WEB USERS .................................................... 21

4.1 ACTIVATE SECURITY FOR IB10NODE ..................................................................................... 22

5. USING THE WEB ADMIN INTERFACE WITH SECURITY ........................................................ 28

5.1 THE W EB ADMIN INTERFACE FOR A READ-ONLY USER .............................................................. 28

6. INTEGRATION TOOLKIT AUTHORIZATION ............................................................................. 48

7. RESOURCE STATISTICS ........................................................................................................... 52

END OF LAB GUIDE ....................................................................................................................... 56

Page 2 of 56 Version 10.0.0.0

1. Ability to allow defined web users to perform administration at defined level

1.1 Reset IB10NODE security

Ensure that you see the line

Administration security = 'inactive'

mqsichangebroker IB10NODE -s inactive

Page 3 of 56 Version 10.0.0.0

1.2 Outline of Lab

 Deployment of applications and libraries from the Web UI;

 Explore Web UI without security

 Configure Web UI with role-based security:

o Activate file-based security;

 Explore Web UI with role-based security:

o Web UI for ‘Read-only’ user

Page 4 of 56 Version 10.0.0.0

2. Prepare the IB10NODE applications

2.1 Application Deployment in Web UI

Click on ‘I understand the Risks’, then ‘Add Exception’.

‘Confirm Security Exception’ on the following dialog.

Page 5 of 56 Version 10.0.0.0

3. We will be using the integration server ‘server1’.

Expand ‘Servers’ and click ‘server1’ to see its details

5. Respond ‘Yes’ when prompted to confirm the delete of the resource.

Do the same for all deployed resources under ‘server1’.

Page 6 of 56 Version 10.0.0.0

6. Click open the context menu next to ‘server1’. Click ‘Deploy’.

7. This will open the dialog for BAR deployment.

Click ‘Browse’ as shown and navigate to C:\student10\Integration_service\solution

Page 7 of 56 Version 10.0.0.0

8. Select ‘EmployeeServiceInterface.V10.bar’ and click open:

Click ‘Deploy’ in the ‘Deploy BAR File’ window:

Page 8 of 56 Version 10.0.0.0

Once finished reviewing, click the ‘Deploy’ button.

Page 9 of 56 Version 10.0.0.0

Page 10 of 56 Version 10.0.0.0

2.2 Overriding BAR file

Using Windows Explorer, go to C:\student10\Integration_service_JSONClient\solution folder and

From the menu select ‘Edit with Notepad++’.

Page 11 of 56 Version 10.0.0.0

4. Navigate to C:\student10\Integration_service_JSONClient\solution folder and select

Page 12 of 56 Version 10.0.0.0

6. Scroll down and expand the HTTP Input node properties.

Page 13 of 56 Version 10.0.0.0