Enable authentication in the file transfer service using scripting

Enabling authentication in the file transfer service using scripting

We can enable authentication in the file transfer service using scripting and the wsadmin tool.

Before you begin
Before starting this task, the wsadmin tool must be running. See the Starting the wsadmin scripting client article for more information.

About this task

In WebSphere Application Server Network Deployment, V5.0.1 or later, the file transfer service is enhanced to provide role-based authentication. Two versions of the file transfer Web application are provided. By default, the version that does not authenticate its caller is installed. This default supports compatibility between the WAS Network Deployment, V5.0 and V5.0.1 or later.
Turning the file transfer authentication on is recommended to prevent unauthorized use of the file transfer application; however, if you have any V5.0 clients in your Network Deployment environment, they cannot communicate with the secured file transfer application if global security is turned on.
In WebSphere Application Server V6.x, mixed cells are supported and file transfer has become a system application. If all of the nodes in the cell are of V5.0.1 or later, we can activate authentication in the file transfer service by redeploying the file transfer application at the deployment manager. The compatible version is shipped in the app_server_root/systemApps/filetransfer.ear directory. The secured version is provided in the app_server_root/systemApps/filetransferSecured.ear directory.

Procedure
A wsadmin Jacl script is provided to help you redeploy the file transfer. The script is called redeployFileTransfer.jacl and is located in the app_server_root/bin directory.
After the deployment manager and all the nodes are upgraded to WAS Network Deployment, version 5.0.1 or later, we can deploy the secured file transfer service by running the script.
The syntax for running the script from the bin directory is the following:
wsadmin -profile redeployFileTransfer.jacl -c "fileTransferAuthenticationXxx cellName nodeName serverName"
where Xxx is On or Off.
Use wsadmin or wsadmin.bat.
Use wsadmin.sh.
For example, when running the script to enable use of the filetransferSecured.ear file, the syntax is similar to the following example
wsadmin -profile redeployFileTransfer.jacl -c "fileTransferAuthenticationOn managedCell managedCellManager dmgr"
or
wsadmin -profile redeployFileTransfer.jacl -c "fileTransferAuthenticationOn baseCell base server1"

If you want to go return to running the file transfer service without authentication, we can run the script as shown in the following example:

wsadmin -profile redeployFileTransfer.jacl -c "fileTransferAuthenticationOff baseNodeCell baseNode server1"

wsadmin -profile redeployFileTransfer.jacl -c "fileTransferAuthenticationOff managedCell managedCellManager dmgr"

What to do next

You must restart the server for the change to take affect.

Related information
Configuring security with scripting Starting the wsadmin scripting client