Enable authentication in the file transfer service using scripting
We can enable authentication in the file transfer service using scripting and wsadmin.
Before starting this task, wsadmin must be running. See the Start wsadmin article for more information.
In WAS ND, V5.0.1 or later, the file transfer service is enhanced to provide role-based authentication. Two versions of the file transfer Web application are provided. By default, the version that does not authenticate its caller is installed. This default supports compatibility between the WAS ND, V5.0 and V5.0.1 or later.
Turning the file transfer authentication on is recommended to prevent unauthorized use of the file transfer application; however, if we have any V5.0 clients in the ND environment, they cannot communicate with the secured file transfer application if global security is turned on.
In WAS V6.x, mixed cells are supported and file transfer has become a system application. If all of the nodes in the cell are of V5.0.1 or later, we can activate authentication in the file transfer service by redeploying the file transfer application at the dmgr. The compatible version is shipped in the APP_ROOT/systemApps/filetransfer.ear directory. The secured version is provided in the APP_ROOT/systemApps/filetransferSecured.ear directory.
- A wsadmin Jacl script is provided to help you redeploy the file transfer. The script is called redeployFileTransfer.jacl and is located in the APP_ROOT/bin directory.
After the deployment manager and all the nodes are upgraded to WAS ND, version 5.0.1 or later, we can deploy the secured file transfer service by running the script.
The syntax for running the script from the bin directory is the following:
- wsadmin -conntype NONE -lang jacl -profile redeployFileTransfer.jacl -c "fileTransferAuthenticationXxx cellName nodeName serverName"where Xxx is On or Off.
(UNIX) Use wsadmin.sh.
- For example, when running the script to enable use of the filetransferSecured.ear file, the syntax is similar to the following example:wsadmin -conntype NONE -lang jacl -profile redeployFileTransfer.jacl -c "fileTransferAuthenticationOn managedCell managedCellManager dmgr"orwsadmin -conntype NONE -lang jacl -profile redeployFileTransfer.jacl -c "fileTransferAuthenticationOn baseCell base server1"
- To go return to running the file transfer service without authentication, we can run the script as shown in the following example:wsadmin -conntype NONE -lang jacl -profile redeployFileTransfer.jacl -c "fileTransferAuthenticationOff baseNodeCell baseNode server1"orwsadmin -conntype NONE -lang jacl -profile redeployFileTransfer.jacl -c "fileTransferAuthenticationOff managedCell managedCellManager dmgr"
What to do nextRestart the server for the change to take affect.
Set security with scripting
Starting the wsadmin scripting client