Network Deployment (Distributed operating systems), v8.0 > Scripting the application serving environment (wsadmin) > Scripting for security > Configure security with scripting

Enable authentication in the file transfer service using scripting

The file transfer service provides role-based authentication. We can enable authentication in the file transfer service using scripting and wsadmin.sh. See the Starting the wsadmin scripting client article for more information.

There are two versions of the file transfer Web application.; a secured version and an unsecured version. The secured version of this file, which is the version that authenticates its caller, is installed by default. The secured version is located in the WAS_HOME/systemApps/filetransferSecured.ear directory. The unsecured version, which is the version that does not authenticate its caller, is located in the WAS_HOME/systemApps/filetransfer.ear directory

In WAS a mixed cell environments, file transfer is a system application. We can activate authentication in the file transfer service by redeploying the file transfer Web application at the dmgr level.

Procedure

1. Run the redeployFileTransfer.jacl script to help you redeploy the file transfer Web application. This wsadmin script is located in the WAS_HOME/bin directory. The syntax for running the script from the WAS_HOME/bin directory is similar to the following:

   wsadmin -conntype NONE -lang jacl -profile redeployFileTransfer.jacl -c
   "fileTransferAuthenticationXxx cell_name node_name dmgr"
   

   In this example, the variables represent the following:
   • Xxx is On or Off.
   • cell_name is the name of your cell.
   • node_name is the name of your node.
   • dmgr is the server type. This script will work only on the dmgr.

   (AIX) (Solaris) Use wsadmin.sh.

   (Windows) Use wsadmin or wsadmin.bat. Review the following examples on how to run the script with the different authentication options:

   • To run the script with authentication, which uses the filetransfer.ear file, use a command similar to the following:

     wsadmin -conntype NONE -lang jacl -profile redeployFileTransfer.jacl -c
     "fileTransferAuthenticationOn managedCell managedCellNode dmgr"
     

   • To run the script and file transfer service without authentication, use a command similar to the following:

     wsadmin -conntype NONE -lang jacl -profile redeployFileTransfer.jacl -c
     "fileTransferAuthenticationOff managedCell managedCellNode dmgr"
     
     

   In the previous examples, the following values apply:

   • managedCell the names of the cell.
   • managedCellNode is the names of your node.
   • dmgr is the server type.

2. If you receive an error related to the file transfer service, troubleshoot the problem by reviewing the systemapps.xml file. You might receive the following error if you attempt to set authentication to a state in which it is already configured:

   Error: com.ibm.ws.scripting.ScriptingException: WASX7280E: An application with name "filetransfer" does not exist.
   

   This error will be displayed, for example, when you try to set authentication to on when it is already on or off when it is already off.

   To determine the current state of the file transfer authentication, see the systemapps.xml file in the WAS_HOME/AppServer/profiles/dmgr_profile/config/cells/cell_name/nodes/node_name directory:

   • This entry indicates that authentication is on:

     <deployedApplications>${
     WAS_HOME}/
        systemApps/filetransferSecured.ear
     </deployedApplications>
     

   • This entry indicates that authentication is off:

     <deployedApplications>${
     WAS_HOME}/
        systemApps/filetransfer.ear
     </deployedApplications> 

What to do next

We must restart the server for the change to take affect.
Start the wsadmin scripting client using wsadmin.sh
Configure security with scripting
Start the wsadmin scripting client using wsadmin.sh

+

Search Tips   |   Advanced Search