Revoking users from a cache

In WebSphere Application Server, Version 5.0.2 and later, revocation of a user from the security cache using an MBean interface is supported.

About this task

When a user is removed from authentication cache, the user can still login to WebSphere Application Server at any time. Removing the cache only removes the user from the runtime cache. It does not remove the user from the registry, nor does it lock out the user.

Procedure

Use the following procedure in a JACL script.

The following Java Command Language (JACL) revokes a user when given the realm and the user ID, and cycles through all the security administration MBean instances that are returned when run from the wsadmin command. The command also purges the user from the cache during each process. The procedure can be called from another JACL script.

Attention: In some of the following lines of code, the lines are split into two or more lines for illustrative purposes only.
proc revokeUser {realm userid} { 	    global AdminControl AdminConfig 	         if {[catch {$AdminControl queryNames WebSphere:type=SecurityAdmin,*}         result]} { 		puts stdout "\$AdminControl queryNames WebSphere:type=SecurityAdmin,*          caught an exception $result\n" 		return  	} else { 		if {$result != {}} { 	                foreach secBean $result { 	                        if {$secBean != {} || $secBean != "null"} { 		                        if {[catch {$AdminControl invoke $secBean                      purgeUserFromAuthCache "$realm $userid"} result]} { 			                        puts stdout "\$AdminControl invoke $secBean                         purgeUserFromAuthCache $realm $userid caught an                         exception $result\n" 			                        return  		                       } else { 			                        puts stdout "\nUser $userid has been purged from the                        cache of process $secBean\n"                 		        } 	                        } else { 		                        puts stdout "unable to get securityAdmin Mbean, user                      $userid not revoked"                       }                       }	 	} else { 		puts stdout "Security Mbean was not found\n" 		return 	}         }         return true } 



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 30, 2013 4:53:43 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-base-dist&topic=tsec_cachepurge
File name: tsec_cachepurge.html