Network Deployment (Distributed operating systems), v8.0 > Scripting the application serving environment (wsadmin) > Scripting for security > Configure security with scripting

WizardCommands command group

Use the Jython or Jacl scripting languages to configure security with wsadmin.sh. The commands and parameters in the WizardCommands group can be used to configure security using similar actions to the security wizard panels in the admin console.

The WizardCommands command group includes the following commands:

• addToAdminAuthz

• applyWizardSettings

• getCurrentWizardSettings

• isAdminLockedOut

• isAppSecurityEnabled

• isGlobalSecurityEnabled

• setGlobalSecurity

• setUseRegistryServerId

• validateAdminName

• validateLDAPConnection

• WIMCheckPassword

addToAdminAuthz

The addToAdminAuthz command adds a new administrative user to the configuration.

Required parameters

adminUser

Name of the administrative user to add to the configuration.

Examples

Batch example...

### Jacl

$AdminTask addToAdminAuthz {-adminUser user_name}

### Jython string

AdminTask.addToAdminAuthz ('[-adminUser user_name]')

• Jython list:

  AdminTask.addToAdminAuthz (['-adminUser', 'user_name'])
  

Interactive example...

### Jacl

$AdminTask addToAdminAuthz {-interactive}

### Jython string

AdminTask.addToAdminAuthz ('[-interactive]')

• Jython list:

  AdminTask.addToAdminAuthz (['-interactive'])
  

applyWizardSettings

The applyWizardSettings command applies the current security wizard settings from the workspace.

Required parameters

adminName

Name of the user with administrative privileges that is defined in the registry.

secureApps

Whether to set application-level security. This type of security provides application isolation and requirements for authenticating application users.

We can specify a true or false value. The value that you set for this parameter might be overridden by a value at the server level.

secureLocalResources

Whether to set Java 2 security. If you enable Java 2 security and an application requires more Java 2 security permissions than are granted in the default policy, then the application might fail to run properly. By default, access to local resources is not restricted. We can choose to disable Java 2 security, even when application security is enabled.

We can specify a true or false value.

userRegistryType

Valid user registry type. The following type values are valid:

• LDAPUserRegistry

  This registry type uses the LDAP user registry settings when users and groups exist in an external LDAP directory.

• CustomUserRegistry

  This type specifies a custom registry that implements the UserRegistry interface in the com.ibm.websphere.security package. If you specify this user registry type, use the customRegistryClass parameter to specify the class name for the user registry.

• WIMUserRegistry

  This value has the same effect as the Federated repositories option in the Security Configuration Wizard on the admin console. A registry type manages identities in a single, virtual realm stored in multiple repositories.

• LocalOSUserRegistry

  This value specifies the registry for the local operating system of the application server.

Optional parameters

adminPassword

Password for the user with administrative privileges that is defined in the registry.

customProps

Custom property.

customRegistryClass

Dot-separated class name that implements the UserRegistry interface in the com.ibm.websphere.security package. Include this parameter if you specify CustomUserRegistry for the userRegistryType parameter.

ignoreCase

Indicates that when an authorization check is performed, the check is not case-sensitive.

We can specify a true or false value.

ldapServerType

Valid LDAP server type. The following type values are valid:

• IBM_DIRECTORY_SERVER

  This value refers to a supported IBM Tivoli Directory Server version.

• IPLANET

  This value refers to a supported Sun Java System Directory Server version.

• NDS

  This value refers to a supported Novell eDirectory version.

• DOMINO502

  This value refers to a supported IBM Lotus Domino server version.

• SECUREWAY

  This value refers to an IBM SecureWay Directory Server version.

• ACTIVE_DIRECTORY

  This value refers to a supported Microsoft Active Directory version.

• CUSTOM

  This value refers to a custom registry implementation.

For more information about the supported LDAP server versions, see the WAS detailed system requirements documentation.

ldapBaseDN

Base distinguished name of the directory service, which indicates the starting point for Lightweight Directory Access Protocol (LDAP) searches in the directory service. For example, ou=Rochester, o=IBM, c=us.

ldapBindDN

Distinguished name for the application server, which is used to bind to the directory service.

ldapBindPassword

Password for the application server, which is used to bind to the directory service.

ldapHostName

Specifies the (LDAP server host name. This host name is either an IP address or a DNS name.

ldapPort

Valid LDAP server port number.

Examples

Batch example...

### Jacl

$AdminTask applyWizardSettings {-secureLocalResources true_or_false -secureApps true_or_false
-ignoreCase true_or_false -ldapServerType server_type -ldapBaseDN base_DN_value
-ldapBindDN bind_DN_value -ldapBindPassword bind_DN_password
-ldapHostName host_name -ldapPort port_number -userRegistryType
user_registry_type
-adminName administrator_user_name -adminPassword administrator_password}

### Jython string

AdminTask.applyWizardSettings ('[-secureLocalResources true_or_false -secureApps true_or_false
-ignoreCase true_or_false -ldapServerType server_type -ldapBaseDN base_DN_value
-ldapBindDN bind_DN_value -ldapBindPassword bind_DN_password
-ldapHostName host_name -ldapPort port_number -userRegistryType
 user_registry_type
-adminName administrator_user_name -adminPassword administrator_password]')

• Jython list:

  AdminTask.applyWizardSettings (['-secureLocalResources', 'true_or_false',
  '-secureApps', 'true_or_false', '-ignoreCase', 'true_or_false',
  '-ldapServerType', 'server_type', '-ldapBaseDN', 'base_DN_value',
  '-ldapBindDN', 'bind_DN_value', '-ldapBindPassword', 'bind_DN_password',
  '-ldapHostName', 'host_name', '-ldapPort', 'port_number',
  '-userRegistryType', 'user_registry_type', '-adminName', 'administrator_user_name',
  '-adminPassword', 'administrator_password'])
  

Interactive example...

### Jacl

$AdminTask applyWizardSettings {-interactive}

### Jython string

AdminTask.applyWizardSettings ('[-interactive]')

• Jython list:

  AdminTask.applyWizardSettings (['-interactive'])
  

getCurrentWizardSettings

The getCurrentWizardSettings command retrieves the current security wizard settings from the workspace.

Parameters

None

Examples

Batch example...:

### Jacl

$AdminTask getCurrentWizardSettings

### Jython string

AdminTask.getCurrentWizardSettings

Interactive example...

### Jacl

$AdminTask getCurrentWizardSettings {-interactive}

### Jython string

AdminTask.getCurrentWizardSettings ('[-interactive]')

isAdminLockedOut

The isAdminLockedOut command verifies that at least one administrative user exists in the input user registry.

Required parameters

registryType

Valid user registry type. The following type values are valid:

• LDAPUserRegistry

  This registry type uses the LDAP user registry settings when users and groups exist in an external LDAP directory.

• CustomUserRegistry

  This type specifies a custom registry.

• WIMUserRegistry

  This value has the same effect as the Federated repositories option in the Security Configuration Wizard on the admin console. This registry type manages identities in a single, virtual realm stored in multiple repositories.

• LocalOSUserRegistry

  This value specifies the registry for the local operating system of the application server.

Examples

Batch example...

### Jacl

$AdminTask isAdminLockedOut {-registryType user_registry_type}

### Jython string

AdminTask.isAdminLockedOut ('[-registryType user_registry_type]')

• Jython list:

  AdminTask.isAdminLockedOut (['-registryType', 'user_registry_type'])
  

Interactive example...

### Jacl

$AdminTask isAdminLockedOut {-interactive}

### Jython string

AdminTask.isAdminLockedOut ('[-interactive]')

• Jython list:

  AdminTask.isAdminLockedOut (['-interactive']
  

isAppSecurityEnabled

The isAppSecurityEnabled command returns a true or false value that indicates whether application security is enabled.

Parameters

None

Examples

Batch example...:

### Jacl

$AdminTask isAppSecurityEnabled

### Jython string

AdminTask.isAppSecurityEnabled

Interactive example...

### Jacl

$AdminTask isAppSecurityEnabled {-interactive}

### Jython string

AdminTask.isAppSecurityEnabled ('[-interactive]')

isGlobalSecurityEnabled

The isGlobalSecurityEnabled command returns a true or false value that indicates whether administrative security is enabled.

Parameters

None

Examples

Batch example...:

### Jacl

$AdminTask isGlobalSecurityEnabled

### Jython string

AdminTask.isGlobalSecurityEnabled

Interactive example...

### Jacl

$AdminTask isGlobalSecurityEnabled {-interactive}

### Jython string

AdminTask.isGlobalSecurityEnabled ('[-interactive]')

setGlobalSecurity

The setGlobalSecurity command changes whether administrative security is enabled.

Required parameters

enabled

Whether to enable administrative security. This enabled parameter is equivalent to the Enable application security option on the admin console.

We must specify either a true or false value.

Examples

Batch example...

### Jacl

$AdminTask setGlobalSecurity {-enabled true_or_false}

### Jython string

AdminTask.setGlobalSecurity ('[-enabled true_or_false]')

• Jython list:

  AdminTask.setGlobalSecurity (['-enabled', 'true_or_false'])
  

Interactive example...

### Jacl

$AdminTask setGlobalSecurity {-interactive}

### Jython string

AdminTask.setGlobalSecurity ('[-interactive]')

• Jython list:

  AdminTask.setGlobalSecurity (['-interactive'])
  

setUseRegistryServerId

The setUseRegistryServerId command updates the useRegistryServerId field in the user registry object within the security.xml file with a true or flase value. If you set the field value to true, the application server uses a user-specified server ID for interprocess communications.

Required parameters

useRegistryServerId

True or false value for the useRegistryServerId setting.

useRegistryType

Valid user registry type. The following type values are valid:

• LDAPUserRegistry

  This registry type uses the LDAP user registry settings when users and groups exist in an external LDAP directory.

• CustomUserRegistry

  This type specifies a custom registry.

• WIMUserRegistry

  This value has the same effect as the Federated repositories option in the Security Configuration Wizard on the admin console. A registry type manages identities in a single, virtual realm stored in multiple repositories.

• LocalOSUserRegistry

  This value specifies the registry for the local operating system of the application server.

Examples

Batch example...

### Jacl

$AdminTask setUseRegistryServerId {-userRegistryType user_registry_type -useRegistryServerId
true_or_false}

### Jython string

AdminTask.setUseRegistryServerId ('[-userRegistryType user_registry_type -useRegistryServerId
true_or_false]')

• Jython list:

  AdminTask.setUseRegistryServerId (['-userRegistryType', 'user_registry_type', '-useRegistryServerId',
  'true_or_false'])
  

Interactive example...

### Jacl

$AdminTask setUseRegistryServerId {-interactive}

### Jython string

AdminTask.setUseRegistryServerId ('[-interactive]')

• Jython list:

  AdminTask.setUseRegistryServerId (['-interactive'])
  

validateAdminName

The validateAdminName command verifies whether an administrator name exists in the input user registry.

Required parameters

adminUser

Specifies an administrative user name.

registryType

Valid user registry type. The following type values are valid:

• LDAPUserRegistry

  This registry type uses the LDAP user registry settings when users and groups exist in an external LDAP directory.

• CustomUserRegistry

  This type specifies a custom registry.

• WIMUserRegistry

  This value has the same effect as the Federated repositories option in the Security Configuration Wizard on the admin console. A registry type manages identities in a single, virtual realm stored in multiple repositories.

• LocalOSUserRegistry

  This value specifies the registry for the local operating system of the application server.

Optional parameters

ldapServerType

Valid LDAP server type. The following type values are valid:

• IBM_DIRECTORY_SERVER

  This value refers to a supported IBM Tivoli Directory Server version.

• IPLANET

  This value refers to a supported Sun Java System Directory Server version.

• NDS

  This value refers to a supported Novell eDirectory version.

• DOMINO502

  This value refers to a supported IBM Lotus Domino server version.

• SECUREWAY

  This value refers to an IBM SecureWay Directory Server version.

• ACTIVE_DIRECTORY

  This value refers to a supported Microsoft Active Directory version.

• CUSTOM

  This value refers to a custom registry implementation.

For more information about the supported LDAP server versions, see the WAS detailed system requirements documentation.

Examples

Batch example...

### Jacl

$AdminTask validateAdminName {-ldapServerType server_type -registryType user_registry_type
-adminUser administrator}

### Jython string

AdminTask.validateAdminName ('[-ldapServerType server_type -registryType user_registry_type
-adminUser administrator]')

• Jython list:

  AdminTask.validateAdminName (['-ldapServerType', 'server_type', '-registryType',
  'user_registry_type',
  '-adminUser', 'administrator'])
  

Interactive example...

### Jacl

$AdminTask validateAdminName {-interactive}

### Jython string

AdminTask.validateAdminName ('[-interactive]')

• Jython list:

  AdminTask.validateAdminName (['-interactive'])
  

validateLDAPConnection

The validateLDAPConnection command validates the connection to a specified LDAP server.

Required parameters

hostname

Specifies the LDAP server host name. This host name is either an IP address or a DNS name.

sslEnabled

Whether secure socket communications is enabled with the LDAP server. When this option is selected, LDAP SSL settings are used, if specified.

type

Valid LDAP registry type. The following type values are valid:

• IBM_DIRECTORY_SERVER

  This value refers to a supported IBM Tivoli Directory Server version.

• IPLANET

  This value refers to a supported Sun Java System Directory Server version.

• NDS

  This value refers to a supported Novell eDirectory version.

• DOMINO502

  This value refers to a supported IBM Lotus Domino server version.

• SECUREWAY

  This value refers to an IBM SecureWay Directory Server version.

• ACTIVE_DIRECTORY

  This value refers to a supported Microsoft Active Directory version.

• CUSTOM

  This value refers to a custom registry implementation.

For more information about the supported LDAP server versions, see the WAS detailed system requirements documentation.

Optional parameters

baseDN

Base distinguished name of the directory service, which indicates the starting point for LDAP searches in the directory service. For example, ou=Rochester, o=IBM, c=us

bindDN

Distinguished name for the application server, which is used to bind to the directory service.

bindPassword

Password for the application server, which is used to bind to the directory service.

port

Specifies the LDAP server port number.

securityDomainName

Name used to uniquely identify the security domain.

sslAlias

Specifies which SSL configuration to use for LDAP.

Examples

Batch example...

### Jacl

$AdminTask validateLDAPConnection {-baseDN base_ND_value -bindDN bind_DN_value
-bindPassword bind_password -hostname host_name -securityDomainName
 security_domain_name
-port port_number -sslAlias alias -sslEnabled true_or_false
-type LDAP_registry_type}

### Jython string

AdminTask.validateLDAPConnection ('[-baseDN base_ND_value -bindDN bind_DN_value
-bindPassword bind_password -hostname host_name -securityDomainName
security_domain_name
-port port_number -sslAlias alias -sslEnabled true_or_false
-type LDAP_registry_type]')

• Jython list:

  AdminTask.validateLDAPConnection (['-baseDN', 'base_ND_value', '-bindDN', 'bind_DN_value',
  '-bindPassword', 'bind_password', '-hostname', 'host_name', '-securityDomainName',
  'security_domain_name', '-port', 'port_number', '-sslAlias', 'alias',
  '-sslEnabled', 'true_or_false', '-type', 'LDAP_registry_type'])
  

Interactive example...

### Jacl

$AdminTask validateLDAPConnection {-interactive}

### Jython string

AdminTask.validateLDAPConnection ('[-interactive]')

• Jython list:

  AdminTask.validateLDAPConnection (['-interactive'])
  

WIMCheckPassword

The WIMCheckPassword command validates the user name and password in the federated repository.

Required parameters

username

Name of the user.

password

Password for the user.

Examples

Batch example...

### Jacl

$AdminTask.WIMCheckPassword {-username user_name -password password}

### Jython string

AdminTask.WIMCheckPassword ('[-username user_name -password password]')

• Jython list:

  AdminTask.WIMCheckPassword (['-username', 'user_name', '-password', 'password'])
  

Interactive example...

### Jacl

$AdminTask WIMCheckPassword {-interactive}

### Jython string

AdminTask.WIMCheckPassword ('[-interactive]')

• Jython list:

  AdminTask.WIMCheckPassword (['-interactive'])
  

Use the wsadmin scripting AdminTask object for scripted administration

Related

Commands using wsadmin.sh
WAS detailed system requirements

+

Search Tips   |   Advanced Search