User revocation from a cache (Version 5.0.2 or later)

In WebSphere Application Server Version 5.0.2 and later, revocation of a user from the security cache using an MBean interface is allowed. The following Java Command Language (JACL) example revokes a user when given the realm and user ID and cycles through all SecurityAdmin MBean instances returned for the entire cell when executed from the Deployment Manager WSADMIN. It also purges the user from the cache during each process.

Note: This procedure can be called from another JACL script.

proc revokeUser {realm userid} {
  global AdminControl AdminConfig
  
  if {[catch {$AdminControl queryNames
       WebSphere:type=SecurityAdmin,*} result]} {
    puts stdout "\$AdminControl queryNames WebSphere:type=SecurityAdmin,* 
       caught an exception $result\n"
    return 
  } else {
    if {$result != {}} {
      foreach secBean $result {
        if {$secBean != {} || $secBean != "null"} {
          if {[catch {$AdminControl invoke $secBean purgeUserFromAuthCache
              "$realm $userid"} result]} {
            puts stdout "\$AdminControl invoke $secBean purgeUserFromAuthCache
                 $realm $userid caught an exception $result\n"
            return 
          } else {
            puts stdout "\nUser 
                $userid has been purged from the cache of process $secBean\n"
          }
        } else {
          puts stdout "unable to get securityAdmin Mbean, user $userid not revoked"
        }
      }  
    } else {
      puts stdout "Security Mbean was not found\n"
      return
    }
  }
  return true
}