+

Search Tips   |   Advanced Search

SecurityDomainCommands


Use Jython to configure and administer security domains with wsadmin. Use the commands and parameters in the SecurityDomainCommands group to create and manage security domains, assign servers and clusters to security domains as resources, and to query the security domain configuration.

Use the following commands to administer the security domain configuration:

 

copySecurityDomain

Create a new security domain by copying an existing security domain. If the security configuration defines an active user registry, provide a realm name for the newly create security domain. If we do not specify a realm name, the system creates a realm name.

Target object

None.

Required parameters

-securityDomainName

Name of the new security domain that the system creates by copying another security domain. (String)

-copyFromSecurityDomainName

Name of the existing security domain that the system uses to create the new security domain. (String)

Optional parameters

-securityDomainDescription

Description for the new security domain. (String)

-realmName

Name of the realm in the new security domain. The system creates a name for the realm if we do not specify a value for this parameter. (String)

Return value

The command returns the configuration ID of the new security domain.

Batch mode example usage

Interactive mode example usage

 

copySecurityDomainFromGlobalSecurity

Create a security domain by copying the global security configuration. If an active user registry exists for the global security configuration, provide a realm name for the newly created security domain. If we do not specify a realm name, then the system creates a realm name.

Target object

None.

Required parameters

-securityDomainName

Name of the new security domain that the system copies from the global security configuration. (String)

Optional parameters

-securityDomainDescription

Description for the new security domain. (String)

-realmName

Name of the realm in the new security configuration. The system creates a name for the realm if we do not specify a value for the -realmName parameter. (String)

Return value

The command returns the configuration ID of the new security domain.

Batch mode example usage

Interactive mode example usage

 

createSecurityDomain

Create the security domain-security.xml and domain-security-map.xml files under the $WP_PROFILE/config/cells/cellName/securityDomain/configurationName directory. The system creates an empty domain-security.xml file.

Target object

None.

Required parameters

-securityDomainName

Name of the new security domain to create. (String)

Optional parameters

-securityDomainDescription

Description of the new security domain. (String)

Return value

The command returns the configuration ID of the new security domain.

Batch mode example usage

Interactive mode example usage

 

deleteSecurityDomain

Remove the domain-security.xml and domain-security-map.xml files from the security domain directory. The command returns an error if resources are mapped to the security domain of interest. To delete the security domain when resources are mapped to the security domain of interest, specify the value for the -force parameter as true.

Target object

None.

Required parameters

-securityDomainName

Name of the security domain to delete. (String)

Optional parameters

-force

Specifies that the system deletes the security domain without checking for resources that are associated with the domain. Use this option when the resources in the security domains are not valid resources. The default value for the -force parameter is false. (Boolean)

Return value

The command does not return output if the system successfully removes the security domain configuration.

Batch mode example usage

Interactive mode example usage

 

getSecurityDomainForResource

Display the security domain for a specific resource. If the resource is not mapped to a domain, the command does not return output.

Target object

None.

Required parameters

-resourceName

Name of the resource of interest. Specify the value in the following format: Cell=:Node=myNode:Server=myServer (String)

Optional parameters

-getEffectiveDomain

Specifies whether the command returns the effective domain of the resource if the resource is not directly mapped to a domain. The default value is true. Specify false if we do not want to display the effective domain if the resource is not directly mapped to a domain. (Boolean)

Return value

The command returns the security domain name as a string.

Batch mode example usage

Interactive mode example usage

 

listResourcesInSecurityDomain

Display the servers or clusters that are associated with a specific security domain.

Target object

None.

Required parameters

-securityDomainName

Name of the security domain of interest. (String)

-expandCell

Specifies whether to display the servers in the cell. Specify true to display the specific servers, or specify false to list the cell information only. (Boolean)

Return value

The command returns an array that contains the names of the resources that are mapped to the security domain of interest in the format: Cell=<cell name>:Node=<node name>:Server=<server name>.

Batch mode example usage

Interactive mode example usage

 

listSecurityDomains

List each security domain configured for the server.

Target object

None.

Optional parameters

-listDescription

Specifies whether to display the description of the security domains. Specify true to display the descriptions of the security domains. (Boolean)

-doNotDisplaySpecialDomains

Specifies whether to exclude special domains. Specify true to exclude the special domains in the command output, or false to display the special domains. (Boolean)

Return value

The command returns an array that contains the names of security domains that are configured for the server. The command returns an array of attribute lists that contain the name and description for each security domain if the -listDescription parameter is specified.

Batch mode example usage

Interactive mode example usage

 

listSecurityDomainsForResources

List the security domains that are associated with the resources of interest.

Target object

None.

Required parameters

-resourceNames

Specifies one or more resources for which the command returns the associated security domains. Specify each resource separated by the plus sign character (+). (String)

Return value

The command returns the list of resources specified by the -resourceNames parameter and the security domains to which each resource is mapped.

Batch mode example usage

Interactive mode example usage

 

mapResourceToSecurityDomain

Map a resource to a security domain. The system adds an entry for each resource to the domain-security-map.xml file.

Target object

None.

Required parameters

-securityDomainName

Name of the security domain of interest. (String)

-resourceName

Name of the resource to which the system maps the security domain of interest. Specify the value in the following format: Cell=:Node=myNode:Server=myServer (String)

Return value

The command does not return output if the system successfully assigns the resource to the security domain of interest.

Batch mode example usage

Interactive mode example usage

 

modifySecurityDomain

Change the description of a security domain.

Target object

None.

Required parameters

-securityDomainName

Name of the security domain to edit. (String)

Optional parameters

-securityDomainDescription

New description for the security domain of interest. (String)

Return value

The command does not return output if the system successfully modifies the security domain.

Batch mode example usage

Interactive mode example usage

 

removeResourceFromSecurityDomain

Remove a resource from a security domain mapping. The command removes the resource entry from the domain-security-map.xml file.

Target object

None.

Required parameters

-securityDomainName

Name of the security domain from which to remove the resource. (String)

-resourceName

Name of the resource to remove. Specify the value in the following format: Cell=:Node=myNode:Server=myServer (String)

Return value

The command does not return output if the system successfully removes the resource from the security domain.

Batch mode example usage

Interactive mode example usage




 

Related tasks


Set multiple security domains using scripting
Set security domains using scripting
Mapping resources to security domains using scripting
Remove resources from security domains using scripting
Remove security domains using scripting
Set local operating system user registries using scripting
Set custom user registries using scripting
Remove user registries using scripting
Set JAAS login modules using scripting