Network Deployment (Distributed operating systems), v8.0 > Scripting the application serving environment (wsadmin) > Use properties files to manage system configuration > Manage specific configuration objects using properties files
Work with security properties files
We can use properties files to modify or delete security properties.
Determine the changes to make to the security configuration.
Start wsadmin.sh.
To start wsadmin using the Jython language, run...
WP_PROFILE/bin/wsadmin -lang jython
Use a properties file, you can modify or delete a security object.
Run administrative commands using wsadmin to change a properties file for a security object, validate the properties, and apply them to the configuration.
Actions for security properties. You can modify or delete security properties.
Action Procedure create Not applicable modify Edit property values in the security properties file and then run applyConfigProperties. delete Run deleteConfigProperties to delete one or more properties. If a deleted property has a default value, the property is set to the default value. Otherwise, the deleted property is removed. create Property Not applicable delete Property Not applicable Optionally, you can use interactive mode with the commands:
AdminTask.command_name('-interactive')
Procedure
- Modify an existing properties file.
- Obtain a properties file for the Security object that to change.
We can extract a properties file for a Security object using the extractConfigProperties command.
- Open the properties file in an editor and change the properties as needed.
Ensure that the environment variables in the properties file match the system. An example Security properties file follows:
# # Header # ResourceType=Security ImplementingResourceType=Security ResourceId=Cell=!{cellName}:Security= # # #Properties # useLocalSecurityServer=true #boolean,default(false) cacheTimeout=600 #integer,required,default(0) allowBasicAuth=true #boolean,default(false) enforceJava2Security=false #boolean,default(false) activeAuthMechanism=Cell=!{cellName}:Security=:LTPA= #ObjectName(LTPA) enabled=true #boolean,default(false) adminPreferredAuthMech=null enableJava2SecRuntimeFiltering=false #boolean,default(false) allowAllPermissionForApplication=false #boolean,default(false) useDomainQualifiedUserNames=false #boolean,default(false) internalServerId=null activeUserRegistry= Cell=!{cellName}:Security=:LDAPUserRegistry=type#IBM_DIRECTORY_SERVER #ObjectName(LDAPUserRegistry) defaultSSLSettings=Cell=!{cellName}:Security=:SSLConfig=alias#CellDefaultSSLSett ings,managementScope#"Cell=!{cellName}:Security=:ManagementScope=scopeName#"(cell):!{cellName}"" #ObjectName(SSLConfig) enforceFineGrainedJCASecurity=false #boolean,default(false) dynamicallyUpdateSSLConfig=true #boolean,default(false) activeProtocol=BOTH #ENUM(CSI|IBM|BOTH),required,default(IBM) issuePermissionWarning=true #boolean,default(false) appEnabled=false #boolean,default(false) EnvironmentVariablesSection #Environment Variables cellName=myCell- Run applyConfigProperties to create or change a security object.
Run applyConfigProperties applies the properties file to the configuration. In this Jython example, the optional -reportFileName parameter produces a report named report.txt:
AdminTask.applyConfigProperties(['-propertiesFileName myObjectType.props -reportFileName report.txt'])
- If you no longer need a property, you can delete the security property.
To delete one or more properties, specify only the properties to be deleted in the properties file and then run deleteConfigProperties; for example:
AdminTask.deleteConfigProperties('[-propertiesFileName myObjectType.props -reportFileName report.txt]')
Results
We can use the properties file to configure and manage the security properties.
What to do next
Save the changes to the configuration.
Extract properties files using wsadmin.sh
Create server, cluster, application, or authorization group objects using properties files and wsadmin scripting
Delete server, cluster, application, or authorization group objects using properties files
Related
PropertiesBasedConfiguration command group using wsadmin.sh