WAS v8.5 > Reference > Commands (wsadmin scripting)SecurityDomainCommands command group for AdminTask
We can use the Jython scripting language to configure and administer security domains with wsadmin. Use the commands and parameters in the SecurityDomainCommands group to create and manage security domains, assign servers and clusters to security domains as resources, and to query the security domain configuration.
Use the following commands to administer the security domain configuration:
- convertServerSecurityToSecurityDomain
- copySecurityDomain
- copySecurityDomainFromGlobalSecurity
- createSecurityDomain
- deleteSecurityDomain
- getSecurityDomainForResource
- listResourcesInSecurityDomain
- listSecurityDomains
- listSecurityDomainsForResources
- mapResourceToSecurityDomain
- modifySecurityDomain
- removeResourceFromSecurityDomain
convertServerSecurityToSecurityDomain
Starting in WebSphere Application Server v7.0, the use of security domains can be used in place of server level security configurations. If a server level security configuration is currently being used then the convertServerSecurityToSecurityDomain command can be used to covert it to a security domain.
The command creates a security domain and adds any security settings specified in the server level security configuration to the newly-created security domain. The server resources are mapped to the security domain.
Target object
None.
Required parameters
- -serverResource
- The resource name of the server to be converted to a security domain. (String)
- -securityDomain
- The name of the security domain to be created and that will contain the settings from the server level security configuration. (String)
Optional parameters
- -securityDomainDescription
- Description for the new security domain. (String)
- -deleteServer
- Specify true to remove the server level security configuration and false to leave the server level security configuration. (String)
Batch mode example usage
- Using Jython:
wsadmin> AdminTask.convertServerSecurityToSecurityDomain ('[serverResource Cell=:Node=myNode:Server=server1 -securityDomain secDomain1 -securityDomainDescription "Migrated from server security configuration" -deleteServer true ]'))- Jacl:
wsadmin> $AdminTask convertServerSecurityToSecurityDomain {-serverResource Cell=:Node=myNode:Server=server1 -securityDomain secDomain1 -securityDomainDescription "Migrated from server security configuration" -deleteServer true }
copySecurityDomain
The copySecurityDomain command creates a new security domain by copying an existing security domain. If the security configuration defines an active user registry, provide a realm name for the newly create security domain. If we do not specify a realm name, the system creates a realm name.
Target object
None.
Required parameters
- -securityDomainName
- Name of the new security domain the system creates by copying another security domain. (String)
- -copyFromSecurityDomainName
- Name of the existing security domain the system uses to create the new security domain. (String)
Optional parameters
- -securityDomainDescription
- Description for the new security domain. (String)
- -realmName
- Name of the realm in the new security domain. The system creates a name for the realm if we do not specify a value for this parameter. (String)
Return value
The command returns the configuration ID of the new security domain.
- Jython string:
AdminTask.copySecurityDomain('-securityDomainName copyOfDomain2 -copyFromSecurityDomainName Domain2')
- Jython list:
AdminTask.copySecurityDomain('-securityDomainName', 'copyOfDomain2', '-copyFromSecurityDomainName', 'Domain2')
Interactive mode example usage
- Using Jython:
AdminTask.copySecurityDomain('-interactive')
copySecurityDomainFromGlobalSecurity
The copySecurityDomainFromGlobalSecurity command creates a security domain by copying the global security configuration. If an active user registry exists for the global security configuration, provide a realm name for the newly created security domain. If we do not specify a realm name, then the system creates a realm name.
Target object
None.
Required parameters
- -securityDomainName
- Name of the new security domain the system copies from the global security configuration. (String)
Optional parameters
- -securityDomainDescription
- Description for the new security domain. (String)
- -realmName
- Name of the realm in the new security configuration. The system creates a name for the realm if we do not specify a value for the -realmName parameter. (String)
Return value
The command returns the configuration ID of the new security domain.
- Jython string:
AdminTask.copySecurityDomainFromGlobalSecurity('-securityDomainName GSCopy -securityDomainDescription "copy of global security" -realmName myRealm')- Jython list:
AdminTask.copySecurityDomainFromGlobalSecurity('-securityDomainName', 'GSCopy', '-securityDomainDescription', '"copy of global security"', '-realmName myRealm')
Interactive mode example usage
- Using Jython:
AdminTask.copySecurityDomainFromGlobalSecurity('-interactive')
createSecurityDomain
The createSecurityDomain command creates the security domain-security.xml and domain-security-map.xml files under the profile_root/config/cells/cellName/securityDomain/configurationName directory.
The system creates an empty domain-security.xml file.
Target object
None.
Required parameters
- -securityDomainName
- Name of the new security domain to create. (String)
Optional parameters
- -securityDomainDescription
- Description of the new security domain. (String)
Return value
The command returns the configuration ID of the new security domain.
- Jython string:
AdminTask.createSecurityDomain('-securityDomainName newDomain -securityDomainDescription "new security domain"')
- Jython list:
AdminTask.createSecurityDomain('-securityDomainName', 'newDomain', '-securityDomainDescription', '"new security domain"')
Interactive mode example usage
- Using Jython:
AdminTask.createSecurityDomain('-interactive')
deleteSecurityDomain
The deleteSecurityDomain command removes the domain-security.xml and domain-security-map.xml files from the security domain directory. The command returns an error if resources are mapped to the security domain of interest. To delete the security domain when resources are mapped to the security domain of interest, specify the value for the -force parameter as true.
Target object
None.
Required parameters
- -securityDomainName
- Name of the security domain to delete. (String)
Optional parameters
- -force
- The system deletes the security domain without checking for resources associated with the domain. Use this option when the resources in the security domains are not valid resources. The default value for the -force parameter is false. (Boolean)
Return value
The command does not return output if the system successfully removes the security domain configuration.
Batch mode example usage
- Jython string:
AdminTask.deleteSecurityDomain('-securityDomainName mySecurityDomain -force true')
- Jython list:
AdminTask.deleteSecurityDomain('-securityDomainName', 'mySecurityDomain', '-force', 'true')
Interactive mode example usage
- Using Jython:
AdminTask.deleteSecurityDomain('-interactive')
getSecurityDomainForResource
The getSecurityDomainForResource command displays the security domain for a specific resource. If the resource is not mapped to a domain, the command does not return output.
Target object
None.
Required parameters
- -resourceName
- Name of the resource of interest. Specify the value in the following format: Cell=:Node=myNode:Server=myServer (String)
Optional parameters
- -getEffectiveDomain
- Whether the command returns the effective domain of the resource if the resource is not directly mapped to a domain. Default is true. Specify false if we do not want to display the effective domain if the resource is not directly mapped to a domain. (Boolean)
Return value
The command returns the security domain name as a string.
- Jython string:
AdminTask.getSecurityDomainForResource('-resourceName Cell=:Node=myNode:Server=myServer')
- Jython list:
AdminTask.getSecurityDomainForResource('-resourceName', 'Cell=:Node=myNode:Server=myServer')
Interactive mode example usage
- Using Jython:
AdminTask.getSecurityDomainForResource('-interactive')
listResourcesInSecurityDomain
The listResourcesInSecurityDomain command displays the servers or clusters associated with a specific security domain.
Target object
None.
Required parameters
- -securityDomainName
- Name of the security domain of interest. (String)
- -expandCell
- Whether to display the servers in the cell. Specify true to display the specific servers, or specify false to list the cell information only. (Boolean)
Return value
The command returns an array containing the names of the resources that are mapped to the security domain of interest in the format: Cell=cell name:Node=node name:Server=server name.
- Jython string:
AdminTask.listResourcesInSecurityDomain('-securityDomainName myDomain')
- Jython list:
AdminTask.listResourcesInSecurityDomain('-securityDomainName', 'myDomain')
Interactive mode example usage
- Using Jython:
AdminTask.listResourcesInSecurityDomain('-interactive')
listSecurityDomains
The listSecurityDomains command lists each security domain configured for the server.
Target object
None.
Optional parameters
- -listDescription
- Whether to display the description of the security domains. Specify true to display the descriptions of the security domains. (Boolean)
- -doNotDisplaySpecialDomains
- Whether to exclude special domains. Specify true to exclude the special domains in the command output, or false to display the special domains. (Boolean)
Return value
The command returns an array containing the names of security domains configured for the server. The command returns an array of attribute lists containing the name and description for each security domain if the -listDescription parameter is specified.
- Jython string:
AdminTask.listSecurityDomains('-listDescription true')
- Jython list:
AdminTask.listSecurityDomains('-listDescription', 'true')
Interactive mode example usage
- Using Jython:
AdminTask.listSecurityDomains('-interactive')
listSecurityDomainsForResources
The listSecurityDomainsForResources command lists the security domains associated with the resources of interest.
Target object
None.
Required parameters
- -resourceNames
- Specifies one or more resources for which the command returns the associated security domains. Specify each resource separated by the plus sign character (+). (String)
Return value
The command returns the list of resources specified by the -resourceNames parameter and the security domains to which each resource is mapped.
- Jython string:
AdminTask.listSecurityDomainsForResources('-resourceNames resource1+resource2+resource3')
- Jython list:
AdminTask.listSecurityDomainsForResources('-resourceNames', 'resource1+resource2+resource3')
Interactive mode example usage
- Using Jython:
AdminTask.listSecurityDomainsForResources('-interactive')
mapResourceToSecurityDomain
The mapResourceToSecurityDomain command maps a resource to a security domain. The system adds an entry for each resource to the domain-security-map.xml file.
Target object
None.
Required parameters
- -securityDomainName
- Name of the security domain of interest. (String)
- -resourceName
- Name of the resource to which the system maps the security domain of interest. Specify the value in the following format: Cell=:Node=myNode:Server=myServer (String)
Return value
The command does not return output if the system successfully assigns the resource to the security domain of interest.
- Jython string:
AdminTask.mapResourceToSecurityDomain('-securityDomainName mySecurityDomain -resourceName -resourceName Cell=:Node=myNode:Server=myServer')- Jython list:
AdminTask.mapResourceToSecurityDomain('-securityDomainName', 'mySecurityDomain', '-resourceName', '-resourceName Cell=:Node=myNode:Server=myServer')
Interactive mode example usage
- Using Jython:
AdminTask.mapResourceToSecurityDomain('-interactive')
modifySecurityDomain
The modifySecurityDomain command changes the description of a security domain.
Target object
None.
Required parameters
- -securityDomainName
- Name of the security domain to edit. (String)
Optional parameters
- -securityDomainDescription
- New description for the security domain of interest. (String)
Return value
The command does not return output if the system successfully modifies the security domain.
Batch mode example usage
- Jython string:
AdminTask.modifySecurityDomain('-securityDomainName myDomain -securityDomainDescription "my new description"')- Jython list:
AdminTask.modifySecurityDomain('-securityDomainName', 'myDomain', '-securityDomainDescription',= '"my new description"')
Interactive mode example usage
- Using Jython:
AdminTask.modifySecurityDomain('-interactive')
removeResourceFromSecurityDomain
The removeResourceFromSecurityDomain command removes a resource from a security domain mapping. The command removes the resource entry from the domain-security-map.xml file.
Target object
None.
Required parameters
- -securityDomainName
- Name of the security domain from which to remove the resource. (String)
- -resourceName
- Name of the resource to remove. Specify the value in the following format: Cell=:Node=myNode:Server=myServer (String)
Return value
The command does not return output if the system successfully removes the resource from the security domain.
Batch mode example usage
- Jython string:
AdminTask.removeResourceFromSecurityDomain('-securityDomainName myDomain -resourceName Cell=:Node=myNode:Server=myServer')- Jython list:
AdminTask.removeResourceFromSecurityDomain('-securityDomainName', 'myDomain', '-resourceName', 'Cell=:Node=myNode:Server=myServer')
Interactive mode example usage
- Using Jython:
AdminTask.removeResourceFromSecurityDomain('-interactive')
Related
Configure multiple security domains using scripting
Configure security domains using scripting
Map resources to security domains using scripting
Remove resources from security domains using scripting
Remove security domains using scripting
Configure local operating system user registries using scripting
Configure custom user registries using scripting
Remove user registries using scripting
Configure JAAS login modules using wsadmin.sh