WAS v8.5 > Script the application serving environment (wsadmin) > Use properties files to manage system configuration > Manage specific configuration objects using properties filesWork with security properties files
We can use properties files to modify or delete security properties.
Determine the changes to make to your security configuration.
Start the wsadmin scripting tool. To start wsadmin using the Jython language, run the wsadmin -lang jython command from the bin directory of the server profile. Using a properties file, we can modify or delete a security object.
Run administrative commands using wsadmin to change a properties file for a security object, validate the properties, and apply them to your configuration.
Actions for security properties. We can modify or delete security properties.
Action Procedure create Not applicable modify Edit property values in the security properties file and then run the applyConfigProperties command. delete Run the deleteConfigProperties command to delete one or more properties. If a deleted property has a default value, the property is set to the default value. Otherwise, the deleted property is removed. create Property Not applicable delete Property Not applicable Optionally, we can use interactive mode with the commands:
AdminTask.command_name('-interactive')
- Modify an existing properties file.
- Obtain a properties file for the Security object to change.
We can extract a properties file for a Security object using the extractConfigProperties command.
- Open the properties file in an editor and change the properties as needed.
Ensure the environment variables in the properties file match the system. An example Security properties file follows:
# # Header # ResourceType=Security ImplementingResourceType=Security ResourceId=Cell=!{cellName}:Security= # # #Properties # useLocalSecurityServer=true #boolean,default(false) cacheTimeout=600 #integer,required,default(0) allowBasicAuth=true #boolean,default(false) enforceJava2Security=false #boolean,default(false) activeAuthMechanism=Cell=!{cellName}:Security=:LTPA= #ObjectName(LTPA) enabled=true #boolean,default(false) adminPreferredAuthMech=null enableJava2SecRuntimeFiltering=false #boolean,default(false) allowAllPermissionForApplication=false #boolean,default(false) useDomainQualifiedUserNames=false #boolean,default(false) internalServerId=null activeUserRegistry= Cell=!{cellName}:Security=:LDAPUserRegistry=type#IBM_DIRECTORY_SERVER #ObjectName(LDAPUserRegistry) defaultSSLSettings=Cell=!{cellName}:Security=:SSLConfig=alias#CellDefaultSSLSett ings,managementScope#"Cell=!{cellName}:Security=:ManagementScope=scopeName#"(cell):!{cellName}"" #ObjectName(SSLConfig) enforceFineGrainedJCASecurity=false #boolean,default(false) dynamicallyUpdateSSLConfig=true #boolean,default(false) activeProtocol=BOTH #ENUM(CSI|IBM|BOTH),required,default(IBM) issuePermissionWarning=true #boolean,default(false) appEnabled=false #boolean,default(false) EnvironmentVariablesSection #Environment Variables cellName=myCell
- Run the applyConfigProperties command to create or change a security object.
Running the applyConfigProperties command applies the properties file to the configuration. In this Jython example, the optional -reportFileName parameter produces a report named report.txt:
AdminTask.applyConfigProperties(['-propertiesFileName myObjectType.props -reportFileName report.txt'])
- If we no longer need a property, we can delete the security property.
To delete one or more properties, specify only the properties to be deleted in the properties file and then run the deleteConfigProperties command; for example:
AdminTask.deleteConfigProperties('[-propertiesFileName myObjectType.props -reportFileName report.txt]')
Results
We can use the properties file to manage the security properties.
Save the changes to your configuration.
Subtopics
- Work with LDAP properties files
We can use properties files to create, modify, or delete LDAP user registry properties.- Work with LTPA properties files
We can use properties files to modify or delete Lightweight Third Party Authentication (LTPA) properties.- Work with JAAS configuration entry properties files
We can use properties files to create, modify, or delete Java Authentication and Authorization Service (JAAS) configuration entry properties.- Work with JAAS authorization data properties files
We can use properties files to create, modify, or delete Java Authentication and Authorization Service (JAAS) authorization data properties.- Work with SSL configuration properties files
We can use properties files to create, modify, or delete SSL configuration properties.- Retrieving signer certificates using SSL properties files
We can use properties files to retrieve Secure Sockets Layer (SSL) signer certificates.- Enable global security and configuring federated user registries using properties files
We can use properties files to enable global security and configure federated LDAP user registries. This topic provides an example properties file that we can modify for the environment.- Map users and resources using authorization group properties files
We can use authorization group properties files to map users to administrative roles and resources to authorization groups.
Related
Extracting properties files using wsadmin.sh
Create server, cluster, application, or authorization group objects using properties files and wsadmin scripting
Delete server, cluster, application, or authorization group objects using properties files
Reference:
PropertiesBasedConfiguration command group for AdminTask using wsadmin.sh