Docs.bmc.com will undergo a brief maintenance outage 27 March 2025. The site will be unavailable for ten minutes starting at 6:30 AM CDT/5 PM IST.

  This documentation supports the 20.02 version of BMC CMDB.To view an earlier version, select the version from the Product version menu.

Security policies for BMC Atrium Web Services

You can modify the default security policies. You should change keystores and references to private keys for keystores and keys that fit your security standards.

Also, consider modifying your security policies when your standard client tools and libraries cannot support Web Services Security encryption (for example, gSOAP). In this case, you might want to disable the policy that manages encryption enforcement and the policy that manages incoming and outgoing web services cryptography.

Modifying security configuration for BMC Atrium Web Services

Certain configuration settings, all security policies, and settings for WS-Security and transport-enablement cannot be modified during runtime because these properties are defined in the BMC Atrium Web Service Archive.

To modify these properties, you must use the following procedure:

  1. Modify the security property values with the atriumwsutil utility.
  2. Repackage the service archive with the changes.
  3. Deploy the repackaged service archive into the BMC Atrium Web Application running on Tomcat.

 Atriumwsutil command

To modify, package, and deploy configuration changes, you must use the atriumwsutil command:

  • Windows (batch file): <BMCAtriumCoreInstallationDirectory>\wsc\atriumws90\atriumwsutil.cmd
  • UNIX (shell script):<ATRIUMCORE_HOME>/wsc/atriumws90/atriumwsutil

Note

The Axis2 administration console not available by default. For more information, see Apache Axis2 WAR Distribution modifications.

Execute the utility from the command-line as follows:

atriumwsutil -package -deploy [HTMLUATAtriumCoreWSH:-verbose]

atriumwsutil -restoredefaults

atriumwsutil -listconfig

atriumwsutil <filename>

atriumwsutil -<securityProperty> <value>

You can combine as many of these options on the command line as you need, except for the listconfigrestoredefaults, and <filename> options, each of which must be used by itself. The security settings and modifications are processed first. Then, if those changes pass validation, the -package and -deploy options execute in that order.

For example, the following command changes the transport configuration of the utility's configuration files to HTTPS_PRIMARY. Then it packages and deploys the new BMC Atrium Web Service archive with the new transport setting.

atriumwsutil -transport HTTPS_PRIMARY -package -deploy

The following table describes the command options for the atriumwsutil utility.


atriumwsutil options

Other than those rules, parameter files operate exactly the same as when passing options through the command-line. |

Modifying security properties for BMC Atrium Web Services

To view and modify the security properties, you must use the atriumwsutil utility, which saves the values to an encrypted file (wsc/atriumws90/conf/crypto.xml ).

  1. To view the current security configuration excluding passwords, use the atriumwsutil -listconfig command.

To modify security properties, use the atriumwsutil -<securityProperty> <value> command. 

The following table describes the security properties that you can define. For more information, see Atriumwsutil command.

 Security properties

Packaging and deploying the service archive

After making the wanted modifications, you must package and deploy the modified BMC Atrium Web Services Archive for the BMC Atrium Web Application hosted on Tomcat 6.

To package and deploy the modified service archive

  1. To apply the modified security properties, use the atriumwsutil -<option> command to package and deploy the BMC Atrium Web Services Archive. 

    You can use the -package and -deploy options together, or you can run them separately. 

    Example: atriumwsutil -package -deploy 

    The previous archive is undeployed and replaced by the new archive. The output appears either in the standard output log file for Tomcat 6 or its console window.

    Note

    You can ignore messages that a service was not found in the WSDL because they refer to the abstract WSDL files that are imported by instance WSDL files that do have the necessary service elements.

  2. In the output, confirm that the previous archive is undeployed and that the new archive is deployed. 

    After deploying a package, you should see a message such as the following:

    Deploying service assembly Inspecting services directory C:/a pache-tomcat-6.0.20/webapps/atriumws80/WEB-INF/services Inspecting services list C:/ apache-tomcat-6.0.20/webapps/atriumws80/WEB-INF/services/services.list Replacing service archive in services directory C:/ apache-tomcat-6.0.20/webapps/atriumws80/WEB-INF/services/atriumws80.aar Service assembly filename is already in the services list Finished deploying service assembly

    When the new deployment is available, you should see a message in the Tomcat log files, such as the following:

    [INFO] Deploying Web service: atriumws80.aar - file:/C:/apache-tomcat-6.0.20/webapps/atriumws80/WEB-INF/services/atriumws80.aar

    The new BMC Atrium Web Service Archive is now available for use.