Manage WS-Security distributed cache configurations
The distributed cache stores tokens on the client. Use this topic and the commands in the WSSCacheManagement group of the AdminTask object to query, update, and remove custom and non-custom properties for the distributed cache configuration.
Configure a policy set with WS-Security enabled.
The distributed cache stores tokens on both distributed and local clients. WebSphere Application Server supports only the security context token for the WS-Trust security token service client and the security trust service components.
We can use the administrative console or wsadmin.sh to manage the secure conversation distributed cache configuration. We can use wsadmin.sh and the Jython scripting language syntax to:
- Query the current distributed cache configuration settings.
- Set the value for the renewal time after token expiration.
- Enable or disable distributed cache for clustered servers.
- Add custom properties to the configuration.
- Remove custom properties from the configuration.
- Query the configuration for the existing distributed cache configuration.
Retrieve a list of the current distributed cache configuration settings and custom properties with the queryWSSDistributedCacheConfig and queryWSSDistributedCacheCustomConfig commands. There are no required or optional parameters for the query commands.
To list all non-custom configuration settings, run the following Jython command:
AdminTask.queryWSSDistributedCacheConfig()
To list all distributed cache custom properties, enter the following Jython command:
AdminTask.queryWSSDistributedCacheCustomConfig()
- Update the secure conversation distributed cache configuration settings and custom properties.
Use the following steps to update all non-custom distributed cache configuration settings:
- Review the existing configuration settings by running the queryWSSDistributedCacheConfig command:
AdminTask.queryWSSDistributedCacheConfig()
The command returns a properties object containing the configuration properties and values for the distributed cache configuration. The following table displays the configuration properties that the command returns:
properties. Use the properties to determine the distributed
Property Description tokenRecovery Whether token recovery is enabled or disabled. If the tokenRecovery property is set to true, the Datasource property specifies the shared data source assigned to the distributed cache. distributedCache Whether distributed caching is enabled or disabled. Datasource Name of the shared data source assigned to the distributed cache if token recovery is enabled. renewIntervalBeforeTimeoutMinutes Amount of time, in minutes, that the client waits before it attempts to renew the token. synchronousClusterUpdate Whether the system performs a synchronous update of distributed caches on cluster members. By default, synchronous cluster updating is enabled. minutesInCacheAfterTimeout Amount of time that the token remains in the cache after the token times out.
- Use the updateWSSDistributedCacheConfig command to enable or disable distributed cache and to modify the amount of time after token expiration when downstream calls are allowed to complete.
The following command example enables distributed cache, and sets the mySharedDataSource as the shared data source for token recovery:
AdminTask.updateWSSDistributedCacheConfig('[-tokenRecovery true -Datasource mySharedDataSource -distributedCache true')
- Save the configuration changes:
AdminConfig.save()
Use the following steps to update custom properties for the distributed cache configuration:
- Review the existing configuration settings by executing the queryWSSDistributedCacheCustomConfig command. For example:
AdminTask.queryWSSDistributedCacheCustomConfig()
The command returns a properties object containing the name and value pairs that correspond to each custom property.
- Use the updateWSSDistributedCacheCustomConfig command to add custom properties for the distributed cache configuration. Specify and define each custom property by passing a properties object with the -customProperties parameter using the following Jython format:
-customProperties [[property1 value1][property2 value2]]
For example, the following command adds the cancelActionRST custom property and defines the value as http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel:
AdminTask.updateWSSDistributedCacheCustomConfig('[-customProperties [[cancelActionRST http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel]]]')
- Save the configuration changes:
AdminConfig.save()
- Remove custom properties from the distributed cache configuration. Use the following steps to remove custom properties from your distributed cache configuration:
- Review the existing configuration settings by executing the queryWSSDistributedCacheCustomConfig command. For example:
AdminTask.queryWSSDistributedCacheCustomConfig()
- Use the deleteWSSDistributedCacheConfigCustomProperties command to remove custom properties for the distributed cache configuration. Specify the custom properties to delete by passing a string array with the -propertyNames parameter. For example, the following command removes the cancelActionRST custom property:
AdminTask.deleteWSSDistributedCacheConfigCustomProperties('[-propertyNames [cancelActionRST]]')
- Save the configuration changes:
AdminConfig.save()
Results
Your WS-Security distributed cache configuration is updated.
Related concepts
Secure conversation client cache and trust service configuration SecureConversation default policy sets
Related tasks
Configure the Web Services Security distributed cache using the administrative console Example: Install a web services sample with the console