+

Search Tips   |   Advanced Search

Enable authentication in the file transfer service using scripting

The file transfer service provides role-based authentication. We can enable authentication in the file transfer service using scripting and the wsadmin tool.

See Starting the wsadmin scripting client for more information.

There are two versions of the file transfer Web application: a secured version and an unsecured version. The secured version of this file, which is the version that authenticates its caller, is installed by default. The secured version is located in the app_server_root/systemApps/filetransferSecured.ear directory. The unsecured version, which is the version that does not authenticate its caller, is located in the app_server_root/systemApps/filetransfer.ear directory

(ZOS) The file transfer Web application, which handles both authenticated and non-authenticated requests, is located in the app_server_root/systemApps/filetransferSecured.ear directory.

The z/OS operating system handles file transfer authentication based on the global administrative security setting. When this setting is enabled, only authenticated file transfers occur. When this setting is disabled, both secured and unsecured file transfers can occur. IBM recommends that we enable global administrative security to prevent unauthorized use of the file transfer application.bprac

(iSeries) (Dist) In WAS a mixed cell environments, file transfer is a system application. We can activate authentication in the file transfer service by redeploying the file transfer Web application at the deployment manager level.


Tasks

  1. Run the redeployFileTransfer.jacl script to help you redeploy the file transfer Web application. This wsadmin script is located in the app_server_root/bin directory. Run the script from the app_server_root/bin directory using the following syntax:
    wsadmin -conntype NONE -lang jacl -profile redeployFileTransfer.jacl -c 
    "fileTransferAuthenticationXxx cell node dmgr"
    
    In this example, the variables represent the following:

    • Xxx is On or Off.
    • cell is the name of our cell.
    • node is the name of our node.
    • dmgr is the server type. This script will work only on the deployment manager.

    (AIX) (Linux) (HPUX) (Solaris) Use wsadmin.sh.

    (iSeries) Use wsadmin.

    (Windows) Use wsadmin or wsadmin.bat.

    Review the following examples on how to run the script with the different authentication options:

    • To run the script with authentication, which uses the filetransfer.ear file, use a command similar to the following:
      wsadmin -conntype NONE -lang jacl -profile redeployFileTransfer.jacl -c 
      "fileTransferAuthenticationOn managedCell managedCellNode dmgr"
      

    • To run the script and file transfer service without authentication, use a command similar to the following:
      wsadmin -conntype NONE -lang jacl -profile redeployFileTransfer.jacl -c 
      "fileTransferAuthenticationOff managedCell managedCellNode dmgr"
      

    In the previous examples, the following values apply:

    • managedCell the names of the cell.
    • managedCellNode is the names of our node.
    • dmgr is the server type.

  2. If we receive an error related to the file transfer service, troubleshoot the problem by reviewing the systemapps.xml file. We might receive the following error if we attempt to set authentication to a state in which it is already configured:
    Error: com.ibm.ws.scripting.ScriptingException: WASX7280E: An
    application with name "filetransfer" does not exist.
    
    This error will be displayed, for example, when we try to set authentication to on when it is already on or off when it is already off.

    To determine the current state of the file transfer authentication, see the systemapps.xml file in the app_server_root/AppServer/profiles/dmgr_profile/config/cells/cell/nodes/node directory:

    • This entry indicates that authentication is on:
      <deployedApplications>${app_server_root}/
         systemApps/filetransferSecured.ear</deployedApplications> 
      
    • This entry indicates that authentication is off:
      <deployedApplications>${app_server_root}/
         systemApps/filetransfer.ear</deployedApplications>
      


What to do next

We must restart the server for the change to take affect.

  • Configure security with scripting
  • Start the wsadmin scripting client