Work with security properties files
We can use properties files to modify or delete security properties.
Determine the changes to make to the security configuration.
From the server profile bin directory, run wsadmin -lang jython
Using a properties file modify or delete a security object.
Run administrative commands using wsadmin to change a properties file for a security object, validate the properties, and apply them to the configuration.
Action Procedure create Not applicable modify Edit property values in the security properties file and then run the applyConfigProperties command. delete Run the deleteConfigProperties command to delete one or more properties. If a deleted property has a default value, the property is set to the default value. Otherwise, the deleted property is removed. create Property Not applicable delete Property Not applicable Optionally, we can use interactive mode with the commands:
AdminTask.command_name('-interactive')
- Modify an existing properties file.
- Obtain a properties file for the Security object to change.
We can extract a properties file for a Security object using the extractConfigProperties command.
- Open the properties file in an editor and change the properties as needed.
Ensure that the environment variables in the properties file match the system. An example Security properties file follows:
# # Header # ResourceType=Security ImplementingResourceType=Security ResourceId=Cell=!{cellName}:Security= # # #Properties # useLocalSecurityServer=true #boolean,default(false) cacheTimeout=600 #integer, required,default(0) allowBasicAuth=true #boolean,default(false) enforceJava2Security=false #boolean,default(false) activeAuthMechanism=Cell=!{cellName}:Security=:LTPA= #ObjectName(LTPA) enabled=true #boolean,default(false) adminPreferredAuthMech=null enableJava2SecRuntimeFiltering=false #boolean,default(false) allowAllPermissionForApplication=false #boolean,default(false) useDomainQualifiedUserNames=false #boolean,default(false) internalServerId=null activeUserRegistry= Cell=!{cellName}:Security=:LDAPUserRegistry=type#IBM_DIRECTORY_SERVER #ObjectName(LDAPUserRegistry) defaultSSLSettings=Cell=!{cellName}:Security=:SSLConfig=alias#CellDefaultSSLSett ings,managementScope#"Cell=!{cellName}:Security=:ManagementScope=scopeName#"(cell):!{cellName}"" #ObjectName(SSLConfig) enforceFineGrainedJCASecurity=false #boolean,default(false) dynamicallyUpdateSSLConfig=true #boolean,default(false) activeProtocol=BOTH #ENUM(CSI|IBM|BOTH), required,default(IBM) issuePermissionWarning=true #boolean,default(false) appEnabled=false #boolean,default(false) EnvironmentVariablesSection #Environment Variables cellName=myCell
- Run the applyConfigProperties command to create or change a security object.
Running the applyConfigProperties command applies the properties file to the configuration. In this Jython example, the optional -reportFileName parameter produces a report named report.txt:
AdminTask.applyConfigProperties(['-propertiesFileName myObjectType.props -reportFileName report.txt'])
- If we no longer need a property, we can delete the security property.
To delete one or more properties, specify only the properties to be deleted in the properties file and then run the deleteConfigProperties command; for example:
AdminTask.deleteConfigProperties('[-propertiesFileName myObjectType.props -reportFileName report.txt]')
Results
We can use the properties file to configure and manage the security properties.
What to do next
Save the changes to the configuration.
Subtopics
- Work with LDAP properties files
We can use properties files to create, modify, or delete LDAP user registry properties.
- Work with LTPA properties files
We can use properties files to modify or delete LTPA properties.
- Work with JAAS configuration entry properties files
We can use properties files to create, modify, or delete JAAS configuration entry properties.
- Work with JAAS authorization data properties files
We can use properties files to create, modify, or delete JAAS authorization data properties.
- Work with SSL configuration properties files
We can use properties files to create, modify, or delete SSL configuration properties.
- Retrieve signer certificates using SSL properties files
We can use properties files to retrieve Secure Sockets Layer (SSL) signer certificates.
- Enable global security and configuring federated user registries using properties files
We can use properties files to enable global security and configure federated LDAP user registries. Modify the example properties file for the environment.
- Mapping users and resources using authorization group properties files
We can use authorization group properties files to map users to administrative roles and resources to authorization groups.
Related tasks
Extracting properties files Create server, cluster, application, or authorization group objects using properties files and wsadmin scripting Delete server, cluster, application, or authorization group objects using properties files
PropertiesBasedConfiguration (AdminTask)