SecurityAdmin MBean

Partial ObjectName:
WebSphere:*,type=SecurityAdmin


MBean SecurityAdmin

Management interface for Security functions.


Operation Summary

voidresetLdapBindInfo(java.lang.String userId, java.lang.String password)
           authenticates the user
voidupdateAuthDataCfg(java.util.HashMap newCfg)
           Updates the auth data entries in runtime
voidpurgeUserFromAuthCache(java.lang.String realm, java.lang.String userid)
           Remove a user from the auth cache
voidpurgeUserFromAuthCache(java.lang.String realm, java.lang.String userid, java.lang.String domainId)
           Remove a user from the auth cache for a specific domain
voidclearAuthCache()
           Remove all users from the auth cache
voidclearAuthCache(java.lang.String domainId)
           Remove all users from the auth cache for a specific domain
voidisUserInAuthCache(java.lang.String realm, java.lang.String user, java.lang.String secDomain)
           Validates the existence of user in the auth cache
voidisAuthCacheEmpty(java.lang.String secDomain)
           Returns if an auth cache is empty
java.util.MapgenerateKeysForKeySetGroup(Session session, java.lang.Boolean updateRuntime)
           Generates the LTPA keys for the LTPA KeySetGroup
voidupdateRuntimeKeys(java.util.Map keyMap)
           Updates the LTPA runtime for the keys in the specified Map.
java.util.MapimportSSOPropertiesToKeySetGroup(java.util.Properties ssoProps, byte[] passwd, Session session, java.lang.Boolean updateRuntime)
           Imports the LTPAKeys into the configuration from a file.
voidgenerateKeys(java.lang.String password)
           Generates the LTPA keys
java.util.PropertiesgenKeys(java.lang.String password)
           Generates the LTPA keys without updating the Runtime
voidexportKeys(java.lang.String fileName, java.util.Properties props)
           Export the LTPAKeys from runtime to a file
voidimportKeys(java.lang.String fileName, byte[] passwd)
           Imports the LTPAKeys into the runtime from a file
voidimportLTPAKeys(java.util.Properties ssoProps, byte[] passwd)
           Imports the LTPAKeys into the runtime
voidcheckImportLTPAKeys(java.util.Properties ssoProps, byte[] passwd)
           Checks of the keys can be decrypted with the password
java.util.PropertiesexportLTPAKeys()
           Exports the LTPA keys from the runtime
java.util.PropertiesexportLTPAKeys(byte[] password)
           Exports the LTPA keys from the runtime
ResultgetUsers(java.lang.String pattern, java.lang.Integer limit, java.util.Properties props)
           getUsers from the UserRegistry
ResultgetGroups(java.lang.String pattern, java.lang.Integer limit, java.util.Properties props)
           getGroups from the UserRegistry
java.lang.BooleancheckPassword(java.lang.String userId, java.lang.String password, java.util.Properties props)
           authenticates the user
java.lang.IntegercheckTokenLibFile(java.lang.String tokenType, java.lang.String tokenLib, java.lang.String tokenSlot, java.lang.String tokenPasswordEncoded, java.lang.String serverAlias, java.lang.String clientAlias)
           Validates SSL cryptographic config
java.lang.IntegercheckKeyFile(java.lang.String fileType, java.lang.String fileName, java.lang.String filePasswordEncoded, java.lang.String serverAlias, java.lang.String clientAlias)
           Validates SSL key file config
java.lang.IntegercheckTrustFile(java.lang.String fileType, java.lang.String fileName, java.lang.String filePasswordEncoded)
           Validates SSL trust file config
java.lang.StringgetRealm(java.util.Properties props)
           gets the Realm
java.lang.BooleancheckRunAsUser(java.util.List usrList, java.util.List grpList, java.lang.String userName, java.util.Properties props)
           Checks if the user can be added to the runAsRole
java.lang.StringgetAccessIds(boolean isUser, java.lang.String name, java.util.Properties props)
           Gets the accessIds for users and groups from the active registry
voidupdateJAASCfg(java.lang.String newCfg)
           Dynamic refreshing the WCCM JAAS configuration
java.lang.StringgetJAASCfg()
           Get the WCCM JAAS configuration
TokenHoldergetOpaqueToken(ByteArray ssoToken)
           Get the opaque authorization token.
voidpropagatePolicyToJACCProvider(java.lang.String appList)
           Propagate the security policy to the JACC prvider.
TokenHoldergetInitialContextToken(ByteArray ssoToken, java.lang.String targetServer)
           Get the initial context token for Kerberos.
java.util.ListgetSecureSocketLayerCipherList(java.lang.Boolean fipsEnabledFlag)
           Return SSL cipher list
TokenHolder[]getSingleSignonTokens()
           Get the single signon tokens for the current authenticated caller.
java.util.ListwarnForLocalOS(java.lang.Boolean nodeIsZOS, java.lang.String nodeHostName)
           Check whether or not to issue a warning message during addNode.
byte[]getKerberosPolicy()
           Return the Kerberos Policy byte[] for this server containing SPN and REALM.

Operation Detail

resetLdapBindInfo

public void resetLdapBindInfo(java.lang.String userId, java.lang.String password)

     authenticates the user

Parameters:

     userId - The userId to authenticate
     password - The password of the user

Security Roles:

     administrator
     operator


updateAuthDataCfg

public void updateAuthDataCfg(java.util.HashMap newCfg)

     Updates the auth data entries in runtime

Parameters:

     newCfg - The auth data config.

Security Roles:

     administrator
     operator


purgeUserFromAuthCache

public void purgeUserFromAuthCache(java.lang.String realm, java.lang.String userid)

     Remove a user from the auth cache

Parameters:

     realm - The security realm.
     userid - The userid.

Security Roles:

     administrator
     operator


purgeUserFromAuthCache

public void purgeUserFromAuthCache(java.lang.String realm, java.lang.String userid, java.lang.String domainId)

     Remove a user from the auth cache for a specific domain

Parameters:

     realm - The security realm.
     userid - The userid.
     domainId - The security domain id.

Security Roles:

     administrator
     operator


clearAuthCache

public void clearAuthCache()

     Remove all users from the auth cache

Security Roles:

     administrator
     operator


clearAuthCache

public void clearAuthCache(java.lang.String domainId)

     Remove all users from the auth cache for a specific domain

Parameters:

     domainId - The security domain id.

Security Roles:

     administrator
     operator


isUserInAuthCache

public void isUserInAuthCache(java.lang.String realm, java.lang.String user, java.lang.String secDomain)

     Validates the existence of user in the auth cache

Parameters:

     realm - The security realm.
     user - The userid.
     secDomain - The security domain name.

Security Roles:

     administrator
     operator


isAuthCacheEmpty

public void isAuthCacheEmpty(java.lang.String secDomain)

     Returns if an auth cache is empty

Parameters:

     secDomain - The security domain name.

Security Roles:

     administrator
     operator


generateKeysForKeySetGroup

public java.util.Map generateKeysForKeySetGroup(Session session, java.lang.Boolean updateRuntime)

     Generates the LTPA keys for the LTPA KeySetGroup

Parameters:

     session - The session for making configuration changes.
     updateRuntime - Determines whether to update all processes with the new Keys.

Security Roles:

     administrator
     operator

ResourceInstanceIdentifier:

     The resource being modified for the MBean is of type Cell

     The instance is identified by the value of key cell in the MBean's Object Name >


updateRuntimeKeys

public void updateRuntimeKeys(java.util.Map keyMap)

     Updates the LTPA runtime for the keys in the specified Map.

Parameters:

     keyMap - The keys used to update the LTPA runtime.

Security Roles:

     administrator
     operator

ResourceInstanceIdentifier:

     The resource being modified for the MBean is of type Cell

     The instance is identified by the value of key cell in the MBean's Object Name >


importSSOPropertiesToKeySetGroup

public java.util.Map importSSOPropertiesToKeySetGroup(java.util.Properties ssoProps, byte[] passwd, Session session, java.lang.Boolean updateRuntime)

     Imports the LTPAKeys into the configuration from a file.

Parameters:

     ssoProps - A properties object containing the LTPA keys to import
     passwd - password in java byte array format to encrypt and decrypt the LTPA keys
     session - The management session for saving configuration information.
     updateRuntime - Determines whether to update all processes with the new Keys.

Security Roles:

     administrator
     operator

ResourceInstanceIdentifier:

     The resource being modified for the MBean is of type Cell

     The instance is identified by the value of key cell in the MBean's Object Name >


generateKeys

public void generateKeys(java.lang.String password)

     Generates the LTPA keys

Parameters:

     password - The password to encrypt and decrypt the Keys

Security Roles:

     administrator
     operator

ResourceInstanceIdentifier:

     The resource being modified for the MBean is of type Cell

     The instance is identified by the value of key cell in the MBean's Object Name >


genKeys

public java.util.Properties genKeys(java.lang.String password)

     Generates the LTPA keys without updating the Runtime

Parameters:

     password - The password to encrypt and decrypt the Keys

Security Roles:

     administrator
     operator

ResourceInstanceIdentifier:

     The resource being modified for the MBean is of type Cell

     The instance is identified by the value of key cell in the MBean's Object Name >


exportKeys

public void exportKeys(java.lang.String fileName, java.util.Properties props)

     Export the LTPAKeys from runtime to a file

Parameters:

     fileName - A File URI to which LTPA keys to be exported
     props - optional LTPA server properties

Security Roles:

     administrator
     operator

ResourceInstanceIdentifier:

     The resource being modified for the MBean is of type Cell

     The instance is identified by the value of key cell in the MBean's Object Name >


importKeys

public void importKeys(java.lang.String fileName, byte[] passwd)

     Imports the LTPAKeys into the runtime from a file

Parameters:

     fileName - A File URI containing the LTPA keys to import
     passwd - password in java byte array format to encrypt and decrypt the LTPA keys

Security Roles:

     administrator
     operator

ResourceInstanceIdentifier:

     The resource being modified for the MBean is of type Cell

     The instance is identified by the value of key cell in the MBean's Object Name >


importLTPAKeys

public void importLTPAKeys(java.util.Properties ssoProps, byte[] passwd)

     Imports the LTPAKeys into the runtime

Parameters:

     ssoProps - A properties object containing the LTPA keys to import
     passwd - password in java byte array format to encrypt and decrypt the LTPA keys

Security Roles:

     administrator
     operator

ResourceInstanceIdentifier:

     The resource being modified for the MBean is of type Cell

     The instance is identified by the value of key cell in the MBean's Object Name >


checkImportLTPAKeys

public void checkImportLTPAKeys(java.util.Properties ssoProps, byte[] passwd)

     Checks of the keys can be decrypted with the password

Parameters:

     ssoProps - A properties object containing the LTPA keys to import
     passwd - password in java byte array format to encrypt and decrypt the LTPA keys

Security Roles:

     administrator
     operator

ResourceInstanceIdentifier:

     The resource being modified for the MBean is of type Cell

     The instance is identified by the value of key cell in the MBean's Object Name >


exportLTPAKeys

public java.util.Properties exportLTPAKeys()

     Exports the LTPA keys from the runtime

Security Roles:

     administrator
     operator

ResourceInstanceIdentifier:

     The resource being modified for the MBean is of type Cell

     The instance is identified by the value of key cell in the MBean's Object Name >


exportLTPAKeys

public java.util.Properties exportLTPAKeys(byte[] password)

     Exports the LTPA keys from the runtime

Parameters:

     password - password in java byte array format to encrypt and decrypt the LTPA keys

Security Roles:

     administrator
     operator

ResourceInstanceIdentifier:

     The resource being modified for the MBean is of type Cell

     The instance is identified by the value of key cell in the MBean's Object Name >


getUsers

public Result getUsers(java.lang.String pattern, java.lang.Integer limit, java.util.Properties props)

     getUsers from the UserRegistry

Parameters:

     pattern - The pattern to search for users in the UserRegistry
     limit - The maximum number of users that can be returned
     props - The properties object

Security Roles:

     administrator
     operator


getGroups

public Result getGroups(java.lang.String pattern, java.lang.Integer limit, java.util.Properties props)

     getGroups from the UserRegistry

Parameters:

     pattern - The pattern to search for groups in the UserRegistry
     limit - The maximum number of groups that can be returned
     props - The properties object

Security Roles:

     administrator
     operator


checkPassword

public java.lang.Boolean checkPassword(java.lang.String userId, java.lang.String password, java.util.Properties props)

     authenticates the user

Parameters:

     userId - The userId to authenticate
     password - The password of the user
     props - The properties object

Security Roles:

     administrator
     operator


checkTokenLibFile

public java.lang.Integer checkTokenLibFile(java.lang.String tokenType, java.lang.String tokenLib, java.lang.String tokenSlot, java.lang.String tokenPasswordEncoded, java.lang.String serverAlias, java.lang.String clientAlias)

     Validates SSL cryptographic config

Parameters:

     tokenType - Token type, i.e., PKCS#11
     tokenLib - The token library file name
     tokenSlot - The tokenslot number
     tokenPasswordEncoded - The token password in the encoded form
     serverAlias - The value from com.ibm.ssl.keyStoreServerAlias
     clientAlias - The value from com.ibm.ssl.keyStoreClientAlias

Security Roles:

     administrator
     operator

RunAs Mode:

     The MBean's methods run as System after initial authorization check is performed


checkKeyFile

public java.lang.Integer checkKeyFile(java.lang.String fileType, java.lang.String fileName, java.lang.String filePasswordEncoded, java.lang.String serverAlias, java.lang.String clientAlias)

     Validates SSL key file config

Parameters:

     fileType - The file type, i.e., JKS
     fileName - The absolute path of the key file
     filePasswordEncoded - The key file password in the encoded form
     serverAlias - The value from com.ibm.ssl.keyStoreServerAlias
     clientAlias - The value from com.ibm.ssl.keyStoreClientAlias

Security Roles:

     administrator
     operator

RunAs Mode:

     The MBean's methods run as System after initial authorization check is performed


checkTrustFile

public java.lang.Integer checkTrustFile(java.lang.String fileType, java.lang.String fileName, java.lang.String filePasswordEncoded)

     Validates SSL trust file config

Parameters:

     fileType - The file type, i.e., JKS
     fileName - The absolute path of the trust file
     filePasswordEncoded - The trust file password in the encoded form

Security Roles:

     administrator
     operator

RunAs Mode:

     The MBean's methods run as System after initial authorization check is performed


getRealm

public java.lang.String getRealm(java.util.Properties props)

     gets the Realm

Parameters:

     props - The properties object

Security Roles:

     administrator
     operator


checkRunAsUser

public java.lang.Boolean checkRunAsUser(java.util.List usrList, java.util.List grpList, java.lang.String userName, java.util.Properties props)

     Checks if the user can be added to the runAsRole

Parameters:

     usrList - The list of userNames
     grpList - The list of groupNames
     userName - The user name entered for runAsRole
     props - The properties object

Security Roles:

     administrator
     operator


getAccessIds

public java.lang.String getAccessIds(boolean isUser, java.lang.String name, java.util.Properties props)

     Gets the accessIds for users and groups from the active registry

Parameters:

     isUser - true if it a user, false if it is a group
     name - The name of the user or group
     props - The properties object

Security Roles:

     administrator
     operator


updateJAASCfg

public void updateJAASCfg(java.lang.String newCfg)

     Dynamic refreshing the WCCM JAAS configuration

Parameters:

     newCfg - New WCCM JAAS configuration

Security Roles:

     administrator
     operator


getJAASCfg

public java.lang.String getJAASCfg()

     Get the WCCM JAAS configuration

Security Roles:

     administrator
     operator

RunAs Mode:

     The MBean's methods run as System after initial authorization check is performed


getOpaqueToken

public TokenHolder getOpaqueToken(ByteArray ssoToken)

     Get the opaque authorization token.

Parameters:

     ssoToken - The opaque token lookup key

Security Roles:

     administrator
     operator


propagatePolicyToJACCProvider

public void propagatePolicyToJACCProvider(java.lang.String appList)

     Propagate the security policy to the JACC prvider.

Parameters:

     appList - A string of colon(:) separated application names whose security policy information needs to be propagated to the JACC provider. If null is passed the security policy of all the applications in the process will be propagated.

Security Roles:

     administrator
     operator


getInitialContextToken

public TokenHolder getInitialContextToken(ByteArray ssoToken, java.lang.String targetServer)

     Get the initial context token for Kerberos.

Parameters:

     ssoToken - The opaque token lookup key
     targetServer - The target server to perform initSecContext against.

Security Roles:

     administrator
     operator


getSecureSocketLayerCipherList

public java.util.List getSecureSocketLayerCipherList(java.lang.Boolean fipsEnabledFlag)

     Return SSL cipher list

Parameters:

     fipsEnabledFlag - True if FIPS is enabled, false otherwise.

Security Roles:

     administrator
     operator


getSingleSignonTokens

public TokenHolder[] getSingleSignonTokens()

     Get the single signon tokens for the current authenticated caller.

Security Roles:

     administrator
     operator


warnForLocalOS

public java.util.List warnForLocalOS(java.lang.Boolean nodeIsZOS, java.lang.String nodeHostName)

     Check whether or not to issue a warning message during addNode.

Parameters:

     nodeIsZOS - True if the node is on a zOS platform.
     nodeHostName - The host name of the node being federated.

Security Roles:

     administrator
     operator


getKerberosPolicy

public byte[] getKerberosPolicy()

     Return the Kerberos Policy byte[] for this server containing SPN and REALM.

Security Roles:

     administrator
     operator


Copyright IBM Corporation 2002, 2012