SecurityDomainCommands

Use the Jython scripting language to configure and administer security domains with the wsadmin tool. Use the commands and parameters in the SecurityDomainCommands group to manage security domains, assign servers and clusters to security domains as resources, and to query the security domain configuration.

Administer the security domain configuration:

• convertServerSecurityToSecurityDomain
• copySecurityDomain
• copySecurityDomainFromGlobalSecurity
• createSecurityDomain
• deleteSecurityDomain
• getSecurityDomainForResource
• listResourcesInSecurityDomain
• listSecurityDomains
• listSecurityDomainsForResources
• mapResourceToSecurityDomain
• modifySecurityDomain
• removeResourceFromSecurityDomain

convertServerSecurityToSecurityDomain

Starting in WebSphere Application Server v7.0, the use of security domains can be used in place of server level security configurations. If a server level security configuration is currently being used then the convertServerSecurityToSecurityDomain command can be used to covert it to a security domain.

The command creates a security domain and adds any security settings specified in the server level security configuration to the newly-created security domain. The server resources are mapped to the security domain.

Target object: None.

Required parameters:

-serverResource

The resource name of the server to be converted to a security domain. (String)

-securityDomain

The name of the security domain to be created and that will contain the settings from the server level security configuration. (String)

Optional parameters:

-securityDomainDescription

Description for the new security domain. (String)

-deleteServer

Specify true to remove the server level security configuration and false to leave the server level security configuration. (String)

Batch mode example usage

• Use Jython:

  wsadmin> AdminTask.convertServerSecurityToSecurityDomain ('[serverResource Cell=:Node=myNode:Server=server1 
                                            -securityDomain secDomain1 -securityDomainDescription "Migrated from 
                                             server security configuration"
                                            -deleteServer true ]'))
  

• Use Jacl:

  wsadmin> $AdminTask convertServerSecurityToSecurityDomain {-serverResource Cell=:Node=myNode:Server=server1 
                                             -securityDomain secDomain1 -securityDomainDescription "Migrated from 
                                             server security configuration"
                                             -deleteServer true  }
  

copySecurityDomain

The copySecurityDomain command creates a new security domain by copying an existing security domain. If the security configuration defines an active user registry, provide a realm name for the newly create security domain. If we do not specify a realm name, the system creates a realm name.

Target object: None.

Required parameters:

-securityDomainName

Name of the new security domain the system creates by copying another security domain. (String)

-copyFromSecurityDomainName

Name of the existing security domain the system uses to create the new security domain. (String)

Optional parameters:

-securityDomainDescription

Description for the new security domain. (String)

-realmName

Name of the realm in the new security domain. The system creates a name for the realm if we do not specify a value for this parameter. (String)

Return value.

The command returns the configuration ID of the new security domain.

Batch mode example usage

• Use Jython string:

  AdminTask.copySecurityDomain('-securityDomainName copyOfDomain2 -copyFromSecurityDomainName Domain2')
  

• Use Jython list:

  AdminTask.copySecurityDomain('-securityDomainName', 'copyOfDomain2', '-copyFromSecurityDomainName', 'Domain2')
  

Interactive mode example usage

• Use Jython:

  AdminTask.copySecurityDomain('-interactive')
  

copySecurityDomainFromGlobalSecurity

The copySecurityDomainFromGlobalSecurity command creates a security domain by copying the global security configuration. If an active user registry exists for the global security configuration, provide a realm name for the newly created security domain. If we do not specify a realm name, then the system creates a realm name.

Target object: None.

Required parameters:

-securityDomainName

Name of the new security domain the system copies from the global security configuration. (String)

Optional parameters:

-securityDomainDescription

Description for the new security domain. (String)

-realmName

Name of the realm in the new security configuration. The system creates a name for the realm if we do not specify a value for the -realmName parameter. (String)

Return value.

The command returns the configuration ID of the new security domain.

Batch mode example usage

• Use Jython string:

  AdminTask.copySecurityDomainFromGlobalSecurity('-securityDomainName GSCopy -securityDomainDescription
  "copy of global security" -realmName myRealm')
  

• Use Jython list:

  AdminTask.copySecurityDomainFromGlobalSecurity('-securityDomainName', 'GSCopy', '-securityDomainDescription',
  '"copy of global security"', '-realmName myRealm')
  

Interactive mode example usage

• Use Jython:

  AdminTask.copySecurityDomainFromGlobalSecurity('-interactive')
  

createSecurityDomain

The createSecurityDomain command creates the security domain-security.xml and domain-security-map.xml files under the profile_root/config/cells/cellName/securityDomain/configurationName directory. The system creates an empty domain-security.xml file.

Target object: None.

Required parameters:

-securityDomainName

Name of the new security domain to create. (String)

Optional parameters:

-securityDomainDescription

Description of the new security domain. (String)

Return value.

The command returns the configuration ID of the new security domain.

Batch mode example usage

• Use Jython string:

  AdminTask.createSecurityDomain('-securityDomainName newDomain -securityDomainDescription "new security domain"')
  

• Use Jython list:

  AdminTask.createSecurityDomain('-securityDomainName', 'newDomain', '-securityDomainDescription',
  '"new security domain"')
  

Interactive mode example usage

• Use Jython:

  AdminTask.createSecurityDomain('-interactive')
  

deleteSecurityDomain

The deleteSecurityDomain command removes the domain-security.xml and domain-security-map.xml files from the security domain directory. The command returns an error if resources are mapped to the security domain of interest. To delete the security domain when resources are mapped to the security domain of interest, specify the value for the -force parameter as true.

Target object: None.

Required parameters:

-securityDomainName

Name of the security domain to delete. (String)

Optional parameters:

-force

The system deletes the security domain without checking for resources associated with the domain. Use this option when the resources in the security domains are not valid resources. The default value for the -force parameter is false. (Boolean)

Return value. The command does not return output.if the system successfully removes the security domain configuration.

Batch mode example usage

• Use Jython string:

  AdminTask.deleteSecurityDomain('-securityDomainName mySecurityDomain -force true')
  

• Use Jython list:

  AdminTask.deleteSecurityDomain('-securityDomainName', 'mySecurityDomain', '-force', 'true')
  

Interactive mode example usage

• Use Jython:

  AdminTask.deleteSecurityDomain('-interactive')
  

getSecurityDomainForResource

The getSecurityDomainForResource command displays the security domain for a specific resource. If the resource is not mapped to a domain, the command does not return output.

Target object: None.

Required parameters:

-resourceName

Name of the resource of interest. Specify the value in the following format: Cell=:Node=myNode:Server=myServer (String)

Optional parameters:

-getEffectiveDomain

Specifies whether the command returns the effective domain of the resource if the resource is not directly mapped to a domain. Default is true. Specify false if we do not want to display the effective domain if the resource is not directly mapped to a domain. (Boolean)

Return value.

The command returns the security domain name as a string.

Batch mode example usage

• Use Jython string:

  AdminTask.getSecurityDomainForResource('-resourceName Cell=:Node=myNode:Server=myServer')
  

• Use Jython list:

  AdminTask.getSecurityDomainForResource('-resourceName', 'Cell=:Node=myNode:Server=myServer')
  

Interactive mode example usage

• Use Jython:

  AdminTask.getSecurityDomainForResource('-interactive')
  

listResourcesInSecurityDomain

The listResourcesInSecurityDomain command displays the servers or clusters associated with a specific security domain.

Target object: None.

Required parameters:

-securityDomainName

Name of the security domain of interest. (String)

-expandCell

Specifies whether to display the servers in the cell. Specify true to display the specific servers, or specify false to list the cell information only. (Boolean)

Return value.

The command returns an array containing the names of the resources that are mapped to the security domain of interest in the format: Cell=cell name:Node=node name:Server=server name.

Batch mode example usage

• Use Jython string:

  AdminTask.listResourcesInSecurityDomain('-securityDomainName myDomain')
  

• Use Jython list:

  AdminTask.listResourcesInSecurityDomain('-securityDomainName', 'myDomain')
  

Interactive mode example usage

• Use Jython:

  AdminTask.listResourcesInSecurityDomain('-interactive')
  

listSecurityDomains

The listSecurityDomains command lists each security domain configured for the server.

Target object: None.

Optional parameters:

-listDescription

Specifies whether to display the description of the security domains. Specify true to display the descriptions of the security domains. (Boolean)

-doNotDisplaySpecialDomains

Specifies whether to exclude special domains. Specify true to exclude the special domains in the command output, or false to display the special domains. (Boolean)

Return value.

The command returns an array containing the names of security domains configured for the server. The command returns an array of attribute lists that contain the name and description for each security domain if the -listDescription parameter is specified.

Batch mode example usage

• Use Jython string:

  AdminTask.listSecurityDomains('-listDescription true')
  

• Use Jython list:

  AdminTask.listSecurityDomains('-listDescription', 'true')
  

Interactive mode example usage

• Use Jython:

  AdminTask.listSecurityDomains('-interactive')
  

listSecurityDomainsForResources

The listSecurityDomainsForResources command lists the security domains associated with the resources of interest.

Target object: None.

Required parameters:

-resourceNames

One or more resources for which the command returns the associated security domains. Specify each resource separated by the plus sign character (+). (String)

Return value.

The command returns the list of resources specified by the -resourceNames parameter and the security domains to which each resource is mapped.

Batch mode example usage

• Use Jython string:

  AdminTask.listSecurityDomainsForResources('-resourceNames resource1+resource2+resource3')
  

• Use Jython list:

  AdminTask.listSecurityDomainsForResources('-resourceNames', 'resource1+resource2+resource3')
  

Interactive mode example usage

• Use Jython:

  AdminTask.listSecurityDomainsForResources('-interactive')
  

mapResourceToSecurityDomain

The mapResourceToSecurityDomain command maps a resource to a security domain. The system adds an entry for each resource to the domain-security-map.xml file.

Target object: None.

Required parameters:

-securityDomainName

Name of the security domain of interest. (String)

-resourceName

Name of the resource to which the system maps the security domain of interest. Specify the value in the following format: Cell=:Node=myNode:Server=myServer (String)

Return value. The command does not return output.if the system successfully assigns the resource to the security domain of interest.

Batch mode example usage

• Use Jython string:

  AdminTask.mapResourceToSecurityDomain('-securityDomainName mySecurityDomain -resourceName 
  -resourceName Cell=:Node=myNode:Server=myServer')
  

• Use Jython list:

  AdminTask.mapResourceToSecurityDomain('-securityDomainName', 'mySecurityDomain', '-resourceName', 
  '-resourceName Cell=:Node=myNode:Server=myServer')
  

Interactive mode example usage

• Use Jython:

  AdminTask.mapResourceToSecurityDomain('-interactive')
  

modifySecurityDomain

The modifySecurityDomain command changes the description of a security domain.

Target object: None.

Required parameters:

-securityDomainName

Name of the security domain to edit. (String)

Optional parameters:

-securityDomainDescription

New description for the security domain of interest. (String)

Return value. The command does not return output.if the system successfully modifies the security domain.

Batch mode example usage

• Use Jython string:

  AdminTask.modifySecurityDomain('-securityDomainName myDomain -securityDomainDescription
  "my new description"')
  

• Use Jython list:

  AdminTask.modifySecurityDomain('-securityDomainName', 'myDomain', '-securityDomainDescription',= 
  '"my new description"')
  

Interactive mode example usage

• Use Jython:

  AdminTask.modifySecurityDomain('-interactive')
  

removeResourceFromSecurityDomain

The removeResourceFromSecurityDomain command removes a resource from a security domain mapping. The command removes the resource entry from the domain-security-map.xml file.

Target object: None.

Required parameters:

-securityDomainName

Name of the security domain from which to remove the resource. (String)

-resourceName

Name of the resource to remove. Specify the value in the following format: Cell=:Node=myNode:Server=myServer (String)

Return value. The command does not return output.if the system successfully removes the resource from the security domain.

Batch mode example usage

• Use Jython string:

  AdminTask.removeResourceFromSecurityDomain('-securityDomainName myDomain -resourceName
  Cell=:Node=myNode:Server=myServer')
  

• Use Jython list:

  AdminTask.removeResourceFromSecurityDomain('-securityDomainName', 'myDomain', '-resourceName',
  'Cell=:Node=myNode:Server=myServer')
  

Interactive mode example usage

• Use Jython:

  AdminTask.removeResourceFromSecurityDomain('-interactive')
  

Configure multiple security domains using scripting

Configure security domains using scripting

Mapping resources to security domains using scripting

Remove resources from security domains using scripting

Remove security domains using scripting

Configure local operating system user registries using scripting

Configure custom user registries using scripting

Remove user registries using scripting

Configure JAAS login modules