You can use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands and parameters in the WizardCommands group can be used to configure security using similar actions to the security wizard panels in the administrative console.
The addToAdminAuthz command adds a new administrative user to your configuration.
Required parameters
Examples
Batch mode example usage:
$AdminTask addToAdminAuthz {-adminUser user_name}
AdminTask.addToAdminAuthz ('[-adminUser user_name]')
AdminTask.addToAdminAuthz (['-adminUser', 'user_name'])
Interactive mode example usage:
$AdminTask addToAdminAuthz {-interactive}
AdminTask.addToAdminAuthz ('[-interactive]')
AdminTask.addToAdminAuthz (['-interactive'])
The applyWizardSettings command applies the current security wizard settings from the workspace.
Required parameters
You can specify a true or false value.
You can specify a true or false value.
This registry type uses the Lightweight Directory Access Protocol (LDAP) user registry settings when users and groups exist in an external LDAP directory.
This type specifies a custom registry that implements the UserRegistry interface in the com.ibm.websphere.security package. If you specify this user registry type, use the customRegistryClass parameter to specify the class name for the user registry.
This value has the same effect as the Federated repositories option in the Security Configuration Wizard on the administrative console. A registry type manages identities in a single, virtual realm that is stored in multiple repositories.
This value specifies the registry for the local operating system of the application server.
Optional parameters
You can specify a true or false value.
This value refers to a supported IBM® Tivoli® Directory Server version.
This value refers to a supported Sun Java System Directory Server version.
This value refers to a supported Novell eDirectory version.
This value refers to a supported IBM Lotus® Domino® server version.
This value refers to an IBM SecureWay Directory Server version.
This value refers to a supported Microsoft Active Directory version.
This value refers to a custom registry implementation.
For more information about the supported LDAP server versions, see the WebSphere® Application Server detailed system requirements documentation.
Examples
Batch mode example usage:
$AdminTask applyWizardSettings {-secureLocalResources true_or_false -secureApps true_or_false
-ignoreCase true_or_false -ldapServerType server_type -ldapBaseDN base_DN_value
-ldapBindDN bind_DN_value -ldapBindPassword bind_DN_password
-ldapHostName host_name -ldapPort port_number -userRegistryType
user_registry_type
-adminName administrator_user_name -adminPassword administrator_password}
AdminTask.applyWizardSettings ('[-secureLocalResources true_or_false -secureApps true_or_false
-ignoreCase true_or_false -ldapServerType server_type -ldapBaseDN base_DN_value
-ldapBindDN bind_DN_value -ldapBindPassword bind_DN_password
-ldapHostName host_name -ldapPort port_number -userRegistryType
user_registry_type
-adminName administrator_user_name -adminPassword administrator_password]')
AdminTask.applyWizardSettings (['-secureLocalResources', 'true_or_false',
'-secureApps', 'true_or_false', '-ignoreCase', 'true_or_false',
'-ldapServerType', 'server_type', '-ldapBaseDN', 'base_DN_value',
'-ldapBindDN', 'bind_DN_value', '-ldapBindPassword', 'bind_DN_password',
'-ldapHostName', 'host_name', '-ldapPort', 'port_number',
'-userRegistryType', 'user_registry_type', '-adminName', 'administrator_user_name',
'-adminPassword', 'administrator_password'])
Interactive mode example usage:
$AdminTask applyWizardSettings {-interactive}
AdminTask.applyWizardSettings ('[-interactive]')
AdminTask.applyWizardSettings (['-interactive'])
The getCurrentWizardSettings command retrieves the current security wizard settings from the workspace.
Parameters
None
Examples
Batch mode example usage:
$AdminTask getCurrentWizardSettings
AdminTask.getCurrentWizardSettings
Interactive mode example usage:
$AdminTask getCurrentWizardSettings {-interactive}
AdminTask.getCurrentWizardSettings ('[-interactive]')
The isAdminLockedOut command verifies that at least one administrative user exists in the input user registry.
Required parameters
This registry type uses the Lightweight Directory Access Protocol (LDAP) user registry settings when users and groups exist in an external LDAP directory.
This type specifies a custom registry.
This value has the same effect as the Federated repositories option in the Security Configuration Wizard on the administrative console. This registry type manages identities in a single, virtual realm that is stored in multiple repositories.
This value specifies the registry for the local operating system of the application server.
Examples
Batch mode example usage:
$AdminTask isAdminLockedOut {-registryType user_registry_type}
AdminTask.isAdminLockedOut ('[-registryType user_registry_type]')
AdminTask.isAdminLockedOut (['-registryType', 'user_registry_type'])
Interactive mode example usage:
$AdminTask isAdminLockedOut {-interactive}
AdminTask.isAdminLockedOut ('[-interactive]')
AdminTask.isAdminLockedOut (['-interactive']
The isAppSecurityEnabled command returns a true or false value that indicates whether application security is enabled.
Parameters
None
Examples
Batch mode example usage:
$AdminTask isAppSecurityEnabled
AdminTask.isAppSecurityEnabled
Interactive mode example usage:
$AdminTask isAppSecurityEnabled {-interactive}
AdminTask.isAppSecurityEnabled ('[-interactive]')
The isGlobalSecurityEnabled command returns a true or false value that indicates whether administrative security is enabled.
Parameters
None
Examples
Batch mode example usage:
$AdminTask isGlobalSecurityEnabled
AdminTask.isGlobalSecurityEnabled
Interactive mode example usage:
$AdminTask isGlobalSecurityEnabled {-interactive}
AdminTask.isGlobalSecurityEnabled ('[-interactive]')
The setGlobalSecurity command changes whether administrative security is enabled.
Required parameters
You must specify either a true or false value.
Examples
Batch mode example usage:
$AdminTask setGlobalSecurity {-enabled true_or_false}
AdminTask.setGlobalSecurity ('[-enabled true_or_false]')
AdminTask.setGlobalSecurity (['-enabled', 'true_or_false'])
Interactive mode example usage:
$AdminTask setGlobalSecurity {-interactive}
AdminTask.setGlobalSecurity ('[-interactive]')
AdminTask.setGlobalSecurity (['-interactive'])
The setUseRegistryServerId command updates the useRegistryServerId field in the user registry object within the security.xml file with a true or flase value. If you set the field value to true, the application server uses a user-specified server ID for interprocess communications.
Required parameters
This registry type uses the Lightweight Directory Access Protocol (LDAP) user registry settings when users and groups exist in an external LDAP directory.
This type specifies a custom registry.
This value has the same effect as the Federated repositories option in the Security Configuration Wizard on the administrative console. A registry type manages identities in a single, virtual realm that is stored in multiple repositories.
This value specifies the registry for the local operating system of the application server.
Examples
Batch mode example usage:
$AdminTask setUseRegistryServerId {-userRegistryType user_registry_type -useRegistryServerId
true_or_false}
AdminTask.setUseRegistryServerId ('[-userRegistryType user_registry_type -useRegistryServerId true_or_false]')
AdminTask.setUseRegistryServerId (['-userRegistryType', 'user_registry_type', '-useRegistryServerId',
'true_or_false'])
Interactive mode example usage:
$AdminTask setUseRegistryServerId {-interactive}
AdminTask.setUseRegistryServerId ('[-interactive]')
AdminTask.setUseRegistryServerId (['-interactive'])
The validateAdminName command verifies whether an administrator name exists in the input user registry.
Required parameters
This registry type uses the Lightweight Directory Access Protocol (LDAP) user registry settings when users and groups exist in an external LDAP directory.
This type specifies a custom registry.
This value has the same effect as the Federated repositories option in the Security Configuration Wizard on the administrative console. A registry type manages identities in a single, virtual realm that is stored in multiple repositories.
This value specifies the registry for the local operating system of the application server.
Optional parameters
This value refers to a supported IBM Tivoli Directory Server version.
This value refers to a supported Sun Java System Directory Server version.
This value refers to a supported Novell eDirectory version.
This value refers to a supported IBM Lotus Domino server version.
This value refers to an IBM SecureWay Directory Server version.
This value refers to a supported Microsoft Active Directory version.
This value refers to a custom registry implementation.
For more information about the supported LDAP server versions, see the WebSphere Application Server detailed system requirements documentation.
Examples
Batch mode example usage:
$AdminTask validateAdminName {-ldapServerType server_type -registryType user_registry_type
-adminUser administrator}
AdminTask.validateAdminName ('[-ldapServerType server_type -registryType user_registry_type
-adminUser administrator]')
AdminTask.validateAdminName (['-ldapServerType', 'server_type', '-registryType',
'user_registry_type',
'-adminUser', 'administrator'])
Interactive mode example usage:
$AdminTask validateAdminName {-interactive}
AdminTask.validateAdminName ('[-interactive]')
AdminTask.validateAdminName (['-interactive'])
The validateLDAPConnection command validates the connection to a specified LDAP server.
Required parameters
This value refers to a supported IBM Tivoli Directory Server version.
This value refers to a supported Sun Java System Directory Server version.
This value refers to a supported Novell eDirectory version.
This value refers to a supported IBM Lotus Domino server version.
This value refers to an IBM SecureWay Directory Server version.
This value refers to a supported Microsoft Active Directory version.
This value refers to a custom registry implementation.
For more information about the supported LDAP server versions, see the WebSphere Application Server detailed system requirements documentation.
Optional parameters
Examples
Batch mode example usage:
$AdminTask validateLDAPConnection {-baseDN base_ND_value -bindDN bind_DN_value
-bindPassword bind_password -hostname host_name -securityDomainName
security_domain_name
-port port_number -sslAlias alias -sslEnabled true_or_false
-type LDAP_registry_type}
AdminTask.validateLDAPConnection ('[-baseDN base_ND_value -bindDN bind_DN_value
-bindPassword bind_password -hostname host_name -securityDomainName
security_domain_name
-port port_number -sslAlias alias -sslEnabled true_or_false
-type LDAP_registry_type]')
AdminTask.validateLDAPConnection (['-baseDN', 'base_ND_value', '-bindDN', 'bind_DN_value',
'-bindPassword', 'bind_password', '-hostname', 'host_name', '-securityDomainName',
'security_domain_name', '-port', 'port_number', '-sslAlias', 'alias',
'-sslEnabled', 'true_or_false', '-type', 'LDAP_registry_type'])
Interactive mode example usage:
$AdminTask validateLDAPConnection {-interactive}
AdminTask.validateLDAPConnection ('[-interactive]')
AdminTask.validateLDAPConnection (['-interactive'])
The WIMCheckPassword command validates the user name and password in the federated repository.
Required parameters
Examples
Batch mode example usage:
$AdminTask.WIMCheckPassword {-username user_name -password password}
AdminTask.WIMCheckPassword ('[-username user_name -password password]')
AdminTask.WIMCheckPassword (['-username', 'user_name', '-password', 'password'])
Interactive mode example usage:
$AdminTask WIMCheckPassword {-interactive}
AdminTask.WIMCheckPassword ('[-interactive]')
AdminTask.WIMCheckPassword (['-interactive'])