Enable and disable security using scripting

Use scripting to enable or disable application security, global security, administrative security based on the LocalOS registry, and authentication mechanisms.

Start the wsadmin scripting client.

The default profile sets up procedures so that we can enable and disable administrative security based on LocalOS registry.

Tasks

• Determine if application security is enabled or disabled:

  • Jacl:
    $AdminTask isAppSecurityEnabled {}

  • Use Jython:
    AdminTask.isAppSecurityEnabled()

  This command returns a value of true if appEnabled is set to true. Otherwise, returns a value of false.

• Determine if administrative security is enabled or disabled:
  • Use Jacl:
    $AdminTask isGlobalSecurityEnabled{}

  • Use Jython:
    AdminTask.isGlobalSecurityEnabled()

  Returns a value of true if enabled is set to true. Otherwise, returns a value of false.

• Set administrative security based on the passed in value:
  • Use Jacl:
    $AdminTask setGlobalSecurity {-enabled true}

  • Use Jython:
    AdminTask.setGlobalSecurity ('[-enabled true]')

  Returns a value of true if the enabled field in the WCCM security model is successfully updated. Otherwise, returns a value of false.

• Find out the arguments needed to provide with this call:
  • Use Jacl:
    securityon help

    Example output:

    Syntax: securityon user password

  • Jython:
    securityon()

    Example output:

    Syntax: securityon(user, password)

• Enable administrative security based on the LocalOS registry...
  • Use Jacl:
    securityon user1 password1

  • Use Jython:
    securityon('user1', 'password1')

• Disable administrative security based on the LocalOS registry...

  • Use Jacl:
    securityoff

  • Use Jython:
    securityoff()

• Enable and disable LTPA and Kerberos authentication.

  Set Kerberos as the authentication mechanism in the security configuration:

  AdminTask.setActiveAuthMechanism('-authMechanismType KRB5')

  Set LTPA as the authentication mechanism in the security configuration:

  AdminTask.setActiveAuthMechanism('-authMechanismType LTPA')

  There are sample scripts located in <WAS_ROOT>/bin on how to enable and disable LTPA authentication. The scripts are:

  • LTPA_LDAPSecurityProcs.py (python script)
  • LTPA_LDAPSecurityProcs.jacl (jacl script)

  The scripts hard code the type of LDAP server and base distinguished name (baseDN). The LDAP server type is hardcoded as IBM_DIRECTORY_SERVER and the baseDN is hardcoded as o=ibm,cn=us.

Configure security with scripting

Enable WebSphere Application Server security

Get started with wsadmin scripting

Start the wsadmin scripting client

Kerberos authentication commands