Automating authorization group configurations using wsadmin.sh
The scripting library provides Jython script procedures to assist in automating the environment. Use the authorization groups scripts create, configure, remove and query your authorization group configuration.
The scripting library provides a set of procedures to automate the most common application server administration functions. There are three ways to use the Jython script library.
- Run scripts from the Jython script library in interactive mode with the wsadmin tool. We can launch the wsadmin tool, and run individual scripts included in the script library using the following syntax:
wsadmin>AdminServerManagement.createApplicationServer("myNode", "myServer", "default")
- Use a text editor to combine several scripts from the Jython script library, as the following sample displays:
# # myscript.py # AdminServerManagement.createApplicationServer("myNode", "Server1", "default") AdminServerManagement.createApplicationServer("myNode", "Server2", "default") # Using one of them as the first member of a cluster AdminClusterManagement.createClusterWithFirstMember("myCluster", "APPLICATION_SERVER", "myNode", "Server1") # Add a second member to the cluster AdminClusterManagement.createClusterMember("myCluster", "myNode", "Server3") # Install an application AdminApplication.installAppWithClusterOption("DefaultApplication", "..\installableApps\DefaultApplication.ear", "myCluster") # Start all servers and applications on the node AdminServerManagement.startAllServers("myNode")Save the custom script and run it from the command line, as the following syntax demonstrates:
>bin>wsadmin -language jython -f path/to/your/jython/file.py
Use the Jython scripting library code as sample syntax to write custom scripts. Each script example in the script library demonstrates best practices for writing wsadmin scripts. The script library code is located in the app_server_root/scriptLibraries directory. Within this directory, the scripts are organized into subdirectories according to functionality. For example, the app_server_root/scriptLibraries/application/V70 subdirectory contains procedures that perform application management tasks that are applicable to v7.0 and later of the product. The subdirectory V70 in the script library paths does not mean the scripts in that subdirectory are v7.0 scripts.
The authorization group management procedures in scripting library are located in the app_server_root/scriptLibraries/security/V70 subdirectory. Each script from the directory automatically loads when you launch the wsadmin tool. To automatically load our own Jython scripts (*.py) when the wsadmin tool starts, create a new subdirectory and save existing automation scripts under the app_server_root/scriptLibraries directory.
To create custom scripts using the scripting library procedures, save the modified scripts to a new subdirectory to avoid overwriting the library. Do not edit the script procedures in the scripting library.bprac
Use the AdminAuthorizations.py scripts to perform multiple combinations of authorization group administration functions. Use the following steps to create an authorization group, adds resources to the group, and assigns user roles.
Tasks
- Optional: Start the wsadmin scripting tool.
Use this step to launch the wsadmin tool and connect to a server. If we launch the wsadmin tool, use the interactive mode examples to run scripts. Alternatively, we can run each script individually without launching the wsadmin tool.
- Enter the following command from the bin directory to launch the wsadmin tool and connect to a server:
bin>wsadmin -lang jython
When the wsadmin tool launches, the system loads each script from the scripting library.
- Create an authorization group.
Use the createAuthorizationGroup script to create a new authorization group in the configuration, as the following example demonstrates:
bin>wsadmin -lang jython -c "AdminAuthorizations.createAuthorizationGroup("myAuthGroup")"
We can also use interactive mode to run the script procedure:
wsadmin>AdminAuthorizations.createAuthorizationGroup("myAuthGroup")
- Add resources to the new authorization group.
Use the addResourceToAuthorizationGroup script to add resources. We can create a file-grained administrative authorization groups by selecting administrative resources to be part of the authorization group, as the following example demonstrates:
bin>wsadmin -lang jython -c "AdminAuthorizations.addResourceToAuthorizationGroup("myAuthGroup", "Node=myNode:Server=myServer")"
We can also use interactive mode to run the script procedure:
wsadmin>AdminAuthorizations.addResourceToAuthorizationGroup("myAuthGroup", "Node=myNode:Server=myServer")
- Assign users to the administrative role for the authorization group.
Use the mapUsersToAdminRole script to assign one or more users to the administrative role for the resources in the authorization group. We can assign users for the authorization group to the administrator, configurator, deployer, operator, monitor, adminsecuritymanager, and iscadmins administrative roles. The following example maps the user01, user02, and user03 users as administrators for the resources in the authorization group:
bin>wsadmin -lang jython -c "AdminAuthorizations.mapUsersToAdminRole("myAuthGroup", "administrator", "user01 user02 user03")"
We can also use interactive mode to run the script procedure:
wsadmin>AdminAuthorizations.mapUsersToAdminRole("myAuthGroup", "administrator", "user01 user02 user03")
The wsadmin script libraries return the same output as the associated wsadmin commands. For example, the AdminServerManagement.listServers() script returns a list of available servers. The AdminClusterManagement.checkIfClusterExists() script returns a value of true if the cluster exists, or false if the cluster does not exist. If the command does not return the expected output, the script libraries return a 1 value when the script successfully runs. If the script fails, the script libraries return a -1 value and an error message with the exception.
By default, the system disables failonerror option. To enable this option, specify true as the last argument for the script procedure:
wsadmin>AdminApplication.startApplicationOnCluster("myApplication","myCluster","true")
What to do next
Create custom scripts to automate the environment by combining script procedures from the scripting library. Save custom scripts to a new subdirectory of the app_server_root/scriptLibraries directory.
Subtopics
- Authorization group configuration scripts
The scripting library provides script procedures to automate the application server configurations. Use the scripts in this topic to create, configure, remove and query our security authorization group configuration. We can run each script individually or combine procedures to create custom automation scripts.
Related:
Administrative roles and naming service authorization Role-based authorization Start the wsadmin scripting client Use the script library to automate the application serving environment Create a fine-grained administrative authorization group