Manage WS-Security distributed cache configurations using wsadmin.sh
The distributed cache stores tokens on the client. Use this topic and the commands in the WSSCacheManagement group of the AdminTask object to query, update, and remove custom and non-custom properties for the distributed cache configuration.
Configure a policy set with WS-Security enabled.
The distributed cache stores tokens on both distributed and local clients. WebSphere Application Server supports only the security context token for the WS-Trust security token service client and the security trust service components.
Use the administrative console or the wsadmin tool to manage your secure conversation distributed cache configuration. Use the wsadmin tool and the Jython scripting language syntax to:
- Query your current distributed cache configuration settings.
- Set the value for the renewal time after token expiration.
- Enable or disable distributed cache for clustered servers.
- Add custom properties to the configuration.
- Remove custom properties from the configuration.
Tasks
- Query the configuration for our existing distributed cache configuration.
We can retrieve a list of our current distributed cache configuration settings and custom properties with the queryWSSDistributedCacheConfig and queryWSSDistributedCacheCustomConfig commands. There are no required or optional parameters for the query commands.
To list all non-custom configuration settings, run the following Jython command:
AdminTask.queryWSSDistributedCacheConfig()To list all distributed cache custom properties, enter the following Jython command:
AdminTask.queryWSSDistributedCacheCustomConfig()- Update your secure conversation distributed cache configuration settings and custom properties.
Use the following steps to update all non-custom distributed cache configuration settings:
- Review our existing configuration settings by running the queryWSSDistributedCacheConfig command:
AdminTask.queryWSSDistributedCacheConfig()The command returns a properties object containing the configuration properties and values for the distributed cache configuration. The following table displays the configuration properties that the command returns:
Property Description tokenRecovery Specifies whether token recovery is enabled or disabled. If the tokenRecovery property is set to true, the Datasource property specifies the shared data source that is assigned to the distributed cache. distributedCache Specifies whether distributed caching is enabled or disabled. Datasource Name of the shared data source that is assigned to the distributed cache if token recovery is enabled. renewIntervalBeforeTimeoutMinutes Amount of time, in minutes, that the client waits before it attempts to renew the token. synchronousClusterUpdate Specifies whether the system performs a synchronous update of distributed caches on cluster members. By default, synchronous cluster updating is enabled. minutesInCacheAfterTimeout Amount of time that the token remains in the cache after the token times out. - Use the updateWSSDistributedCacheConfig command to enable or disable distributed cache and to modify the amount of time after token expiration when downstream calls are allowed to complete.
The following command example enables distributed cache, and sets the mySharedDataSource as the shared data source for token recovery:
AdminTask.updateWSSDistributedCacheConfig('[-tokenRecovery true -Datasource mySharedDataSource -distributedCache true')- Enter the following command to save the configuration changes:
AdminConfig.save()
Use the following steps to update custom properties for our distributed cache configuration:
- Review our existing configuration settings by executing the queryWSSDistributedCacheCustomConfig command. For example:
AdminTask.queryWSSDistributedCacheCustomConfig()The command returns a properties object containing the name and value pairs that correspond to each custom property.
- Use the updateWSSDistributedCacheCustomConfig command to add custom properties for our distributed cache configuration. Specify and define each custom property by passing a properties object with the -customProperties parameter using the following Jython format:
-customProperties [[property1 value1][property2 value2]]For example, the following command adds the cancelActionRST custom property and defines the value as http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel:AdminTask.updateWSSDistributedCacheCustomConfig('[-customProperties [[cancelActionRST http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel]]]')- Enter the following command to save the configuration changes:
AdminConfig.save()
- Remove custom properties from your distributed cache configuration. Use the following steps to remove custom properties from your distributed cache configuration:
- Review our existing configuration settings by executing the queryWSSDistributedCacheCustomConfig command. For example:
AdminTask.queryWSSDistributedCacheCustomConfig()- Use the deleteWSSDistributedCacheConfigCustomProperties command to remove custom properties for our distributed cache configuration. Specify the custom properties to delete by passing a string array with the -propertyNames parameter. For example, the following command removes the cancelActionRST custom property:
AdminTask.deleteWSSDistributedCacheConfigCustomProperties('[-propertyNames [cancelActionRST]]')- Enter the following command to save the configuration changes:
AdminConfig.save()
Your WS-Security distributed cache configuration is updated.
Related:
Secure conversation client cache and trust service configuration SecureConversation default policy sets Configure the Web Services Security distributed cache Example: Installing a web services sample with the console