Enable and disabling security using scripting

 

You can use scripting to enable or disable administrative security. Before starting this task, the wsadmin tool must be running. See the Start the wsadmin scripting client article for more information.

 

Overview

The default profile sets up procedures so that you can enable and disable administrative security based on LocalOS registry.

 

Procedure

• To determine if application security is enabled or disabled by looking at the value of the appEnabled field in the WCCM security model, use the isAppEnabled command...

  Use Jacl:

  $AdminTask isAppSecurityEnabled {}
  

  Use Jython:

  AdminTask.isAppSecurityEnabled()
  

  This command returns a value of true if appEnabled is set to true. Otherwise, returns a value of false.

• To determine if administrative security is enabled or disabled by looking at the value of the enabled field in the WCCM security model, use the isGlobalSecurityEnabled command...

  Use Jacl:

  $AdminTask isGlobalSecurityEnabled{}
  

  Use Jython:

  AdminTask.isGlobalSecurityEnabled()
  

  Returns a value of true if enabled is set to true. Otherwise, returns a value of false.

• To set administrative security based on the passed in value, use the setGlobalSecurity command. For example:

  Use Jacl:

  $AdminTask setGlobalSecurity {-enabled true}
  

  Use Jython:

  AdminTask.setGlobalSecurity ('[-enabled true]')
  

  Returns a value of true if the enabled field in the WCCM security model is successfully updated. Otherwise, returns a value of false.

• You can use the help command to find out the arguments that provide with this call...

  Use Jacl:

  securityon help
  

  Example output:

  Syntax: securityon user password 
  

  • Use Jython:

    securityon()
    

    Example output:

    Syntax: securityon(user, password)
    

• To enable administrative security based on the LocalOS registry, use the following procedure call and arguments:

  Use Jacl:

  securityon user1 password1
  

  • Use Jython:

    securityon('user1', 'password1')
    

• To disable administrative security based on the LocalOS registry, use the following procedure call:

  Use Jacl:

  securityoff
  

  • Use Jython:

    securityoff()
    

  Enabling and disabling LTPA authentication There are sample scripts located in the <WAS_ROOT>/bin directory on how to enable and disable LTPA authentication. The scripts are:

  • LTPA_LDAPSecurityProcs.py (python script)

  • LTPA_LDAPSecurityProcs.jacl (jacl script)

  The scripts hard code the type of LDAP server and base distinguished name (baseDN). The LDAP server type is hardcoded as IBM_DIRECTORY_SERVER and the baseDN is hardcoded as o=ibm,cn=us.

---

Getting started with scripting