User revocation from a cache
In WAS, V5.2 and later, revocation of a user from the security cache using an MBean interface is supported. The following Java Command Language (JACL) revokes a user when given the realm and user ID, and cycles through all security administration MBean instances returned for the entire cell when run from the Deployment Manager WSADMIN. The command also purges the user from the cache during each process.
Note that This procedure can be called from another JACL script.
Note that In some of the following lines of code, the lines have been split onto two or more lines.
proc revokeUser {realm userid} { global AdminControl AdminConfig if {[catch {$AdminControl queryNames WebSphere:type=SecurityAdmin,*} result]} { puts stdout "\$AdminControl queryNames WebSphere:type=SecurityAdmin,* caught an exception $result\n" return } else { if {$result != {}} { foreach secBean $result { if {$secBean != {} || $secBean != "null"} { if {[catch {$AdminControl invoke $secBean purgeUserFromAuthCache "$realm $userid"} result]} { puts stdout "\$AdminControl invoke $secBean purgeUserFromAuthCache $realm $userid caught an exception $result\n" return } else { puts stdout "\nUser $userid has been purged from the cache of process $secBean\n" } } else { puts stdout "unable to get securityAdmin Mbean, user $userid not revoked" } } } else { puts stdout "Security Mbean was not found\n" return } } return true }
See Also
Programmatic login