Enable authentication in the file transfer service using scripting

 

You can enable authentication in the file transfer service using scripting and the wsadmin tool. Before starting this task, the wsadmin tool must be running. See the Start the wsadmin scripting client article for more information.

 

Overview

In WAS ND, V5.0.1 or later, the file transfer service is enhanced to provide role-based authentication. Two versions of the file transfer Web application are provided. By default, the version that does not authenticate its caller is installed. This default supports compatibility between the WebSphere Application Server ND, V5.0 and V5.0.1 or later.

Turning the file transfer authentication on is recommended to prevent unauthorized use of the file transfer application; however, if you have any V5.0 clients in your ND environment, they cannot communicate with the secured file transfer application if global security is turned on.

In WAS V6.x, mixed cells are supported and file transfer has become a system application. If all of the nodes in the cell are of V5.0.1 or later, you can activate authentication in the file transfer service by redeploying the file transfer application at the deployment manager. The compatible version is shipped in the app_server_root/systemApps/filetransfer.ear directory. The secured version is provided in the app_server_root/systemApps/filetransferSecured.ear directory.

 

Procedure

• A wsadmin Jacl script is provided to help you redeploy the file transfer. The script is called redeployFileTransfer.jacl and is located in the app_server_root/bin directory.

  After the deployment manager and all the nodes are upgraded to WAS ND, version 5.0.1 or later, you can deploy the secured file transfer service by running the script.

  The syntax for running the script from the bin directory is the following:

  wsadmin -profile redeployFileTransfer.jacl -c "fileTransferAuthenticationXxx cellName nodeName serverName"
  

  where Xxx is On or Off.

  On Windows use wsadmin or wsadmin.bat.

  

  Use wsadmin.sh.

  • For example, when running the script to enable use of the filetransferSecured.ear file, the syntax is similar to the following example:

    wsadmin -profile redeployFileTransfer.jacl -c "fileTransferAuthenticationOn managedCell managedCellManager dmgr"
    

    or

    wsadmin -profile redeployFileTransfer.jacl -c "fileTransferAuthenticationOn baseCell base server1"
    

• To go return to running the file transfer service without authentication, you can run the script as shown in the following example:

  wsadmin -profile redeployFileTransfer.jacl -c "fileTransferAuthenticationOff baseNodeCell baseNode server1"
  

  or

  wsadmin -profile redeployFileTransfer.jacl -c "fileTransferAuthenticationOff managedCell managedCellManager dmgr"
  

 

What to do next

You must restart the server for the change to take affect.

---

Configure security with scripting
Start the wsadmin scripting client