WizardCommands (AdminTask)
WizardCommands commands can be used to configure security using similar actions to the security wizard panels in the console.
addToAdminAuthz
Add a new administrative user to the configuration.
Required parameters
- adminUser
- Name of the administrative user to add to the configuration.
Examples
Batch mode example:
Jacl:
$AdminTask addToAdminAuthz {-adminUser user_name}
Jython string...
AdminTask.addToAdminAuthz ('[-adminUser user_name]')
Jython list:
AdminTask.addToAdminAuthz (['-adminUser', 'user_name'])
Interactive mode:
Jacl:
$AdminTask addToAdminAuthz {-interactive}
Jython string...
AdminTask.addToAdminAuthz ('[-interactive]')
Jython list:
AdminTask.addToAdminAuthz (['-interactive'])
applyWizardSettings
Apply the current security wizard settings from the workspace.
Required parameters
- adminName
- Name of the user with administrative privileges defined in the registry.
- secureApps
- Whether to set application-level security. This type of security provides application isolation and requirements for authenticating application users.
We can specify a true or false value.
The value set for this parameter might be overridden by a value at the server level.gotcha
- secureLocalResources
- Whether to set Java 2 security. If we enable Java 2 security and an application requires more Java 2 security permissions than are granted in the default policy, then the application might fail to run properly. By default, access to local resources is not restricted. We can choose to disable Java 2 security, even when application security is enabled.
We can specify a true or false value.
- userRegistryType
- Specifies a valid user registry type. The following type values are valid:
- LDAPUserRegistry
This registry type uses the LDAP user registry settings when users and groups exist in an external LDAP directory.
- CustomUserRegistry
This type specifies a custom registry that implements the UserRegistry interface in the com.ibm.websphere.security package. If we specify this user registry type, use the customRegistryClass parameter to specify the class name for the user registry.
- WIMUserRegistry
This value has the same effect as the Federated repositories option in the Security Configuration Wizard on the console. A registry type manages identities in a single, virtual realm stored in multiple repositories.
- LocalOSUserRegistry
Specifies the registry for the local operating system of the application server.
Optional parameters
- adminPassword
- Specifies a password for the user with administrative privileges defined in the registry.
adminPassword is supported only when WIMUserRegistry is selected and adminUser belongs to default FileRegistry of Federated Repository.
- customProps
- Specifies a custom property.
- customRegistryClass
- Specifies a dot-separated class name that implements the UserRegistry interface in the com.ibm.websphere.security package. Include this parameter if specified CustomUserRegistry for the userRegistryType parameter.
- ignoreCase
- Indicates that when an authorization check is performed, the check is not case-sensitive.
We can specify a true or false value.
- ldapServerType
- Specifies a valid LDAP server type. The following type values are valid:
- IBM_DIRECTORY_SERVER
This value refers to a supported IBM Tivoli Directory Server version.
- IPLANET
This value refers to a supported Sun Java System Directory Server version.
- NDS
This value refers to a supported Novell eDirectory version.
- DOMINO502
This value refers to a supported Lotus Domino server version.
- SECUREWAY
This value refers to an IBM SecureWay Directory Server version.
- ACTIVE_DIRECTORY
This value refers to a supported Microsoft Active Directory version.
- CUSTOM
This value refers to a custom registry implementation.
For more information about the supported LDAP server versions, see the WAS detailed system requirements documentation.
- ldapBaseDN
- Base distinguished name of the directory service, which indicates the starting point for LDAP searches in the directory service. For example, ou=Rochester, o=IBM, c=us.
- ldapBindDN
- Distinguished name for the application server, which is used to bind to the directory service.
- ldapBindPassword
- Password for the application server, which is used to bind to the directory service.
- ldapHostName
- Specifies the (LDAP server host name. This host name is either an IP address or a domain name service (DNS) name.
- ldapPort
- Specifies a valid LDAP server port number.
Examples
Batch mode example:
Jacl:
$AdminTask applyWizardSettings {-secureLocalResources true_or_false -secureApps true_or_false -ignoreCase true_or_false -ldapServerType server_type -ldapBaseDN base_DN_value -ldapBindDN bind_DN_value -ldapBindPassword bind_DN_password -ldapHostName host -ldapPort port_number -userRegistryType user_registry_type -adminName administrator_user_name -adminPassword administrator_password}
Jython string...
AdminTask.applyWizardSettings ('[-secureLocalResources true_or_false -secureApps true_or_false -ignoreCase true_or_false -ldapServerType server_type -ldapBaseDN base_DN_value -ldapBindDN bind_DN_value -ldapBindPassword bind_DN_password -ldapHostName host -ldapPort port_number -userRegistryType user_registry_type -adminName administrator_user_name -adminPassword administrator_password]')
Jython list:
AdminTask.applyWizardSettings (['-secureLocalResources', 'true_or_false', '-secureApps', 'true_or_false', '-ignoreCase', 'true_or_false', '-ldapServerType', 'server_type', '-ldapBaseDN', 'base_DN_value', '-ldapBindDN', 'bind_DN_value', '-ldapBindPassword', 'bind_DN_password', '-ldapHostName', 'host', '-ldapPort', 'port_number', '-userRegistryType', 'user_registry_type', '-adminName', 'administrator_user_name', '-adminPassword', 'administrator_password'])
Interactive mode:
Jacl:
$AdminTask applyWizardSettings {-interactive}
Jython string...
AdminTask.applyWizardSettings ('[-interactive]')
Jython list:
AdminTask.applyWizardSettings (['-interactive'])
getCurrentWizardSettings
Retrieve the current security wizard settings from the workspace.
Parameters
None
Examples
Batch mode example:
Jacl:
$AdminTask getCurrentWizardSettings
Jython string...
AdminTask.getCurrentWizardSettings
Interactive mode:
Jacl:
$AdminTask getCurrentWizardSettings {-interactive}
Jython string...
AdminTask.getCurrentWizardSettings ('[-interactive]')
isAdminLockedOut
Verify that at least one administrative user exists in the input user registry.
Required parameters
- registryType
- Specifies a valid user registry type. The following type values are valid:
- LDAPUserRegistry
This registry type uses the LDAP user registry settings when users and groups exist in an external LDAP directory.
- CustomUserRegistry
This type specifies a custom registry.
- WIMUserRegistry
This value has the same effect as the Federated repositories option in the Security Configuration Wizard on the console. This registry type manages identities in a single, virtual realm stored in multiple repositories.
- LocalOSUserRegistry
Specifies the registry for the local operating system of the application server.
Examples
Batch mode example:
Jacl:
$AdminTask isAdminLockedOut {-registryType user_registry_type}
Jython string...
AdminTask.isAdminLockedOut ('[-registryType user_registry_type]')
Jython list:
AdminTask.isAdminLockedOut (['-registryType', 'user_registry_type'])
Interactive mode:
Jacl:
$AdminTask isAdminLockedOut {-interactive}
Jython string...
AdminTask.isAdminLockedOut ('[-interactive]')
Jython list:
AdminTask.isAdminLockedOut (['-interactive']
isAppSecurityEnabled
Return a true or false value that indicates whether application security is enabled.
Parameters
None
Examples
Batch mode example:
Jacl:
$AdminTask isAppSecurityEnabled
Jython string...
AdminTask.isAppSecurityEnabled
Interactive mode:
Jacl:
$AdminTask isAppSecurityEnabled {-interactive}
Jython string...
AdminTask.isAppSecurityEnabled ('[-interactive]')
isGlobalSecurityEnabled
Return a true or false value that indicates whether administrative security is enabled.
Parameters
None
Examples
Batch mode example:
Jacl:
$AdminTask isGlobalSecurityEnabled
Jython string...
AdminTask.isGlobalSecurityEnabled
Interactive mode:
Jacl:
$AdminTask isGlobalSecurityEnabled {-interactive}
Jython string...
AdminTask.isGlobalSecurityEnabled ('[-interactive]')
setGlobalSecurity
Change whether administrative security is enabled.
Required parameters
- enabled
- Whether to enable administrative security. This enabled parameter is equivalent to the Enable application security option on the console.
Specify either a true or false value.
Examples
Batch mode example:
Jacl:
$AdminTask setGlobalSecurity {-enabled true_or_false}
Jython string...
AdminTask.setGlobalSecurity ('[-enabled true_or_false]')
Jython list:
AdminTask.setGlobalSecurity (['-enabled', 'true_or_false'])
Interactive mode:
Jacl:
$AdminTask setGlobalSecurity {-interactive}
Jython string...
AdminTask.setGlobalSecurity ('[-interactive]')
Jython list:
AdminTask.setGlobalSecurity (['-interactive'])
setUseRegistryServerId
Update the useRegistryServerId field in the user registry object within security.xml with a true or flase value. If we set the field value to true, the application server uses a user-specified server ID for interprocess communications.
Required parameters
- useRegistryServerId
- Specifies a true or false value for the useRegistryServerId setting.
- useRegistryType
- Specifies a valid user registry type. The following type values are valid:
- LDAPUserRegistry
This registry type uses the LDAP user registry settings when users and groups exist in an external LDAP directory.
- CustomUserRegistry
This type specifies a custom registry.
- WIMUserRegistry
This value has the same effect as the Federated repositories option in the Security Configuration Wizard on the console. A registry type manages identities in a single, virtual realm stored in multiple repositories.
- LocalOSUserRegistry
Specifies the registry for the local operating system of the application server.
Examples
Batch mode example:
Jacl:
$AdminTask setUseRegistryServerId {-userRegistryType user_registry_type -useRegistryServerId true_or_false}
Jython string...
AdminTask.setUseRegistryServerId ('[-userRegistryType user_registry_type -useRegistryServerId true_or_false]')
Jython list:
AdminTask.setUseRegistryServerId (['-userRegistryType', 'user_registry_type', '-useRegistryServerId', 'true_or_false'])
Interactive mode:
Jacl:
$AdminTask setUseRegistryServerId {-interactive}
Jython string...
AdminTask.setUseRegistryServerId ('[-interactive]')
Jython list:
AdminTask.setUseRegistryServerId (['-interactive'])
validateAdminName
Validate whether an administrator name exists in the input user registry.
Required parameters
- adminUser
- Specifies an administrative user name.
- registryType
- Specifies a valid user registry type. The following type values are valid:
- LDAPUserRegistry
This registry type uses the LDAP user registry settings when users and groups exist in an external LDAP directory.
- CustomUserRegistry
This type specifies a custom registry.
- WIMUserRegistry
This value has the same effect as the Federated repositories option in the Security Configuration Wizard on the console. A registry type manages identities in a single, virtual realm stored in multiple repositories.
- LocalOSUserRegistry
Specifies the registry for the local operating system of the application server.
Optional parameters
- ldapServerType
- Specifies a valid LDAP server type. The following type values are valid:
- IBM_DIRECTORY_SERVER
This value refers to a supported IBM Tivoli Directory Server version.
- IPLANET
This value refers to a supported Sun Java System Directory Server version.
- NDS
This value refers to a supported Novell eDirectory version.
- DOMINO502
This value refers to a supported Lotus Domino server version.
- SECUREWAY
This value refers to an IBM SecureWay Directory Server version.
- ACTIVE_DIRECTORY
This value refers to a supported Microsoft Active Directory version.
- CUSTOM
This value refers to a custom registry implementation.
For more information about the supported LDAP server versions, see the WAS detailed system requirements documentation.
Examples
Batch mode example:
Jacl:
$AdminTask validateAdminName {-ldapServerType server_type -registryType user_registry_type -adminUser administrator}
Jython string...
AdminTask.validateAdminName ('[-ldapServerType server_type -registryType user_registry_type -adminUser administrator]')
Jython list:
AdminTask.validateAdminName (['-ldapServerType', 'server_type', '-registryType', 'user_registry_type', '-adminUser', 'administrator'])
Interactive mode:
Jacl:
$AdminTask validateAdminName {-interactive}
Jython string...
AdminTask.validateAdminName ('[-interactive]')
Jython list:
AdminTask.validateAdminName (['-interactive'])
validateLDAPConnection
Validate the connection to a specified LDAP server.
Required parameters
- hostname
- Specifies the LDAP server host name. This host name is either an IP address or a domain name service (DNS) name.
- sslEnabled
- Whether secure socket communications is enabled with the LDAP server. When this option is selected, LDAP SSL settings are used, if specified.
- type
- Specifies a valid LDAP registry type. The following type values are valid:
- IBM_DIRECTORY_SERVER
This value refers to a supported IBM Tivoli Directory Server version.
- IPLANET
This value refers to a supported Sun Java System Directory Server version.
- NDS
This value refers to a supported Novell eDirectory version.
- DOMINO502
This value refers to a supported Lotus Domino server version.
- SECUREWAY
This value refers to an IBM SecureWay Directory Server version.
- ACTIVE_DIRECTORY
This value refers to a supported Microsoft Active Directory version.
- CUSTOM
This value refers to a custom registry implementation.
For more information about the supported LDAP server versions, see the WAS detailed system requirements documentation.
Optional parameters
- baseDN
- Base distinguished name of the directory service, which indicates the starting point for LDAP searches in the directory service. For example, ou=Rochester, o=IBM, c=us
- bindDN
- Distinguished name for the application server, which is used to bind to the directory service.
- bindPassword
- Password for the application server, which is used to bind to the directory service.
- port
- Specifies the LDAP server port number.
- securityDomainName
- Name used to uniquely identify the security domain.
- sslAlias
- Specifies which SSL configuration to use for LDAP.
Examples
Batch mode example:
Jacl:
$AdminTask validateLDAPConnection {-baseDN base_ND_value -bindDN bind_DN_value -bindPassword bind_password -hostname host -securityDomainName security_domain_name -port port_number -sslAlias alias -sslEnabled true_or_false -type LDAP_registry_type}
Jython string...
AdminTask.validateLDAPConnection ('[-baseDN base_ND_value -bindDN bind_DN_value -bindPassword bind_password -hostname host -securityDomainName security_domain_name -port port_number -sslAlias alias -sslEnabled true_or_false -type LDAP_registry_type]')
Jython list:
AdminTask.validateLDAPConnection (['-baseDN', 'base_ND_value', '-bindDN', 'bind_DN_value', '-bindPassword', 'bind_password', '-hostname', 'host', '-securityDomainName', 'security_domain_name', '-port', 'port_number', '-sslAlias', 'alias', '-sslEnabled', 'true_or_false', '-type', 'LDAP_registry_type'])
Interactive mode:
Jacl:
$AdminTask validateLDAPConnection {-interactive}
Jython string...
AdminTask.validateLDAPConnection ('[-interactive]')
Jython list:
AdminTask.validateLDAPConnection (['-interactive'])
WIMCheckPassword
Validate the user name and password in the federated repository.
Required parameters
- username
- Name of the user.
- password
- Password for the user.
Examples
Batch mode example:
Jacl:
$AdminTask.WIMCheckPassword {-username user_name -password password}
Jython string...
AdminTask.WIMCheckPassword ('[-username user_name -password password]')
Jython list:
AdminTask.WIMCheckPassword (['-username', 'user_name', '-password', 'password'])
Interactive mode:
Jacl:
$AdminTask WIMCheckPassword {-interactive}
Jython string...
AdminTask.WIMCheckPassword ('[-interactive]')
Jython list:
AdminTask.WIMCheckPassword (['-interactive'])
Related tasks
Use the wsadmin scripting AdminTask object for scripted administration Commands (AdminTask)
WebSphere Application Server detailed system requirements