Network Deployment (Distributed operating systems), v8.0 > Scripting the application serving environment (wsadmin) > Use properties files to manage system configuration > Manage specific configuration objects using properties files > Work with security properties files


Work with JAAS configuration entry properties files

We can use properties files to create, modify, or delete Java Authentication and Authorization Service (JAAS) configuration entry properties.

Determine the changes to make to your JAAS configuration entry object or its properties.

Start wsadmin.sh.

To start wsadmin using the Jython language, run the wsadmin -lang Jython command from the bin directory of the server profile.

Use a properties file, you can create, modify, or delete a JAAS configuration entry object.

Run administrative commands using wsadmin to create or change a properties file for a JAAS configuration entry, validate the properties, and apply them to the configuration.

Actions for JAAS configuration entry properties files. We can create, modify, and delete JAAS properties.

Action Procedure
create Set required properties and then run the applyConfigProperties command.
modify Edit required properties and then run the applyConfigProperties command..
delete Run deleteConfigProperties to delete a property. If the deleted property has a default value, the property is set to the default value.

To delete the entire JAASConfigurationEntry object, uncomment #DELETE=true and then run the deleteConfigProperties command.

create Property Not applicable
delete Property Not applicable

Optionally, you can use interactive mode with the commands:

AdminTask.command_name('-interactive')


Procedure

  1. Create a JAASConfigurationEntry properties file.

    1. Set JAASConfigurationEntry properties as needed.

      We can add a new JAAS configuration entry under either systemLoginConfiguration or applicationLoginConfiguration.

      Open an editor and create a properties file for a JAASConfigurationEntry object. Use systemLoginConfiguration to add a new JAAS configuration entry:

      #
      # Header
      #
      ResourceType=JAASConfigurationEntry
      ImplementingResourceType=Security
      ResourceId=Cell=!{cellName}:Security=:JAASConfiguration=systemLoginConfig#:JAASConfigurationEntry=
      alias#myJAAS
      #DELETE=true
      #
      
      #
      #Properties
      #
      alias=myJAAS #required
      
      
      #
      # Header JAASLoginModule
      #
      ResourceType=JAASLoginModule
      ImplementingResourceType=Security
      ResourceId=Cell=!{cellName}:Security=:JAASConfiguration=systemLoginConfig#:JAASConfigurationEntry=
      alias#myJAAS:JAASLoginModule=moduleClassName#com.acme.myLoginModule
      AttributeInfo=loginModules
      #DELETE=true
      #
      
      #
      #Properties
      #
      callbackHandlerClassName=null
      moduleClassName=com.acme.myLoginModule #required
      authenticationStrategy=REQUIRED #ENUM(OPTIONAL|REQUISITE|REQUIRED|SUFFICIENT),de
      fault(REQUIRED)
      
      
      #
      # Header JAASLoginModule options
      #
      ResourceType=JAASLoginModule
      ImplementingResourceType=Security
      ResourceId=Cell=!{cellName}:Security=:JAASConfiguration=systemLoginConfig#:JAASConfigurationEntry=
      alias#myJAAS:JAASLoginModule=moduleClassName#com.acme.myLoginModule
      AttributeInfo=options(name,value)
      #
      
      #
      #Properties
      #
      myProp=myValue
      
      #
      # Header JAASLoginModule Another module
      #
      ResourceType=JAASLoginModule
      ImplementingResourceType=Security
      ResourceId=Cell=!{cellName}:Security=:JAASConfiguration=systemLoginConfig#:JAASConfigurationEntry=
      alias#myJAAS:JAASLoginModule=moduleClassName#com.acme.myAnotherLoginModule
      AttributeInfo=loginModules
      #DELETE=true
      #
      
      #
      #Properties
      #
      callbackHandlerClassName=null
      moduleClassName=com.acme.myAnotherLoginModule #required
      authenticationStrategy=REQUIRED #ENUM(OPTIONAL|REQUISITE|REQUIRED|SUFFICIENT),de
      fault(REQUIRED)
      
      
      #
      # Header JAASLoginModule options
      #
      ResourceType=JAASLoginModule
      ImplementingResourceType=Security
      ResourceId=Cell=!{cellName}:Security=:JAASConfiguration=systemLoginConfig#:JAASConfigurationEntry=
      alias#myJAAS:JAASLoginModule=moduleClassName#com.acme.myAnotherLoginModule
      AttributeInfo=options(name,value)
      #
      
      #
      #Properties
      #
      myProp=myValue
      
      EnvironmentVariablesSection
      #Environment Variables
      cellName=myCell
      
    2. Run applyConfigProperties to create or change a JAAS configuration entry.

      Run the applyConfigProperties command applies the properties file to the configuration. In this Jython example, the optional -reportFileName parameter produces a report named report.txt:

      AdminTask.applyConfigProperties(['-propertiesFileName myObjectType.props -reportFileName report.txt '])
      

  2. Modify an existing properties file.

    1. Obtain a properties file for the JAASConfigurationEntry to change.

      We can extract a properties file for a JAASConfigurationEntry object using the extractConfigProperties command.

    2. Open the properties file in an editor and change the properties as needed.

      Ensure that the environment variables in the properties file match the system.

    3. Run applyConfigProperties.

  3. If you no longer need the JAAS configuration entry object or an existing property, you can delete the entire JAAS object or one or more properties.

    • To delete the entire object, specify DELETE=true in the header section of the properties file and run the deleteConfigProperties command; for example:
      AdminTask.deleteConfigProperties('[-propertiesFileName myObjectType.props -reportFileName report.txt]')
      

    • To delete one or more properties, specify only the properties to be deleted in the properties file and then run the deleteConfigProperties command.


Results

We can use the properties file to configure and manage the JAAS configuration entry object and its properties.


What to do next

Save the changes to the configuration.
Extract properties files using wsadmin.sh
Create server, cluster, application, or authorization group objects using properties files and wsadmin scripting
Delete server, cluster, application, or authorization group objects using properties files


Related


PropertiesBasedConfiguration command group using wsadmin.sh

+

Search Tips   |   Advanced Search