Work with security properties files
Use properties files to modify or delete security properties.
Determine the changes to make to the security configuration.
Start the wsadmin scripting tool. To start wsadmin using the Jython language, run the wsadmin -lang jython command from the bin directory of the server profile.
Use a properties file to modify or delete a security object.
Run administrative commands using wsadmin to change a properties file for a security object, validate the properties, and apply them to the configuration.
Action Procedure create Not applicable modify Edit property values in the security properties file and then run the applyConfigProperties command. delete Run the deleteConfigProperties command to delete one or more properties. If a deleted property has a default value, the property is set to the default value. Otherwise, the deleted property is removed. create Property Not applicable delete Property Not applicable Optionally, we can use interactive mode with the commands:
AdminTask.command_name('-interactive')
Tasks
- Modify an existing properties file.
- Obtain a properties file for the Security object to change.
We can extract a properties file for a Security object using the extractConfigProperties command.
- Open the properties file in an editor and change the properties as needed.
Ensure that the environment variables in the properties file match the system. An example Security properties file follows:
# # Header # ResourceType=Security ImplementingResourceType=Security ResourceId=Cell=!{cellName}:Security= # # #Properties # useLocalSecurityServer=true #boolean,default(false) cacheTimeout=600 #integer,required,default(0) allowBasicAuth=true #boolean,default(false) enforceJava2Security=false #boolean,default(false) activeAuthMechanism=Cell=!{cellName}:Security=:LTPA= #ObjectName(LTPA) enabled=true #boolean,default(false) adminPreferredAuthMech=null enableJava2SecRuntimeFiltering=false #boolean,default(false) allowAllPermissionForApplication=false #boolean,default(false) useDomainQualifiedUserNames=false #boolean,default(false) internalServerId=null activeUserRegistry= Cell=!{cellName}:Security=:LDAPUserRegistry=type#IBM_DIRECTORY_SERVER #ObjectName(LDAPUserRegistry) defaultSSLSettings=Cell=!{cellName}:Security=:SSLConfig=alias#CellDefaultSSLSett ings,managementScope#"Cell=!{cellName}:Security=:ManagementScope=scopeName#"(cell):!{cellName}"" #ObjectName(SSLConfig) enforceFineGrainedJCASecurity=false #boolean,default(false) dynamicallyUpdateSSLConfig=true #boolean,default(false) activeProtocol=BOTH #ENUM(CSI|IBM|BOTH),required,default(IBM) issuePermissionWarning=true #boolean,default(false) appEnabled=false #boolean,default(false) EnvironmentVariablesSection #Environment Variables cellName=myCell- Run the applyConfigProperties command to create or change a security object.
Running the applyConfigProperties command applies the properties file to the configuration. In this Jython example, the optional -reportFileName parameter produces a report named report.txt:
AdminTask.applyConfigProperties(['-propertiesFileName myObjectType.props -reportFileName report.txt'])
- If we no longer need a property, we can delete the security property.
To delete one or more properties, specify only the properties to be deleted in the properties file and then run the deleteConfigProperties command; for example:
AdminTask.deleteConfigProperties('[-propertiesFileName myObjectType.props -reportFileName report.txt]')
Use the properties file to configure and manage the security properties.
What to do next
Save the changes to the configuration.
Subtopics
- Work with LDAP properties files
- Work with LTPA properties files
- Work with JAAS configuration entry properties files
- Work with JAAS authorization data properties files
- Work with SSL configuration properties files
- Retrieving signer certificates using SSL properties files
- Enable global security and configuring federated user registries using properties files
- Mapping users and resources using authorization group properties files
Extracting properties files Create server, cluster, application, or authorization group objects using properties files and wsadmin scripting Deleting server, cluster, application, or authorization group objects using properties files PropertiesBasedConfiguration .