+

Search Tips   |   Advanced Search

Mapping resources to security domains using scripting

Use this topic to assign management resources to security domains. Set management resources to our security domains to customize the security configuration for a cell, server, or cluster.

Users assigned to the administrator role can configure security domains. Verify that we have the appropriate administrative role before configuring security domains. Also, create a security domain, or copy an existing security domain before assigning resources to a security domain.

After creating a security domain, we can map management resources to the security domain. We can assign resources to a security domain at the server, cell, and cluster level. Use the following steps to assign a resource to a security domain:


Tasks

  1. Launch the wsadmin scripting tool using the Jython scripting language. See the Starting the wsadmin scripting client article for more information.

  2. Determine which security domain to map a resource.

    Use the listSecurityDomains command to view a list of security domains in the configuration. Specify true for the optional -listDescription parameter to list the description for each security domain...

      print AdminTask.listSecurityDomains('-listDescription true')

    The command returns the following example attribute list output: 

    {{name myDomain}
{description {security domain for administrative applications}}}
{{name domain2}
{description {new domain for cell123}}}

  3. Assign a resource to a security domain.

    Use the mapResourceToSecurityDomain command to assign a management resource to the security domain. For example, use the following Jython command to secure all applications on the server1 cell with the security attributes in the domain2 security domain: 

    AdminTask.mapResourceToSecurityDomain('-securityDomainName domain2 -resourceName Cell=myCell:Node=myNode:Server=server1')

  4. Save the configuration changes. 
    AdminConfig.save()

Our security domain is updated in the configuration. All applications in the specified resource use the security attributes specified by the security domain. If the security domain does not contain all security attributes, then the missing attributes are obtained from the global security configuration.


What to do next

Restart each resource that we assigned to a security domain.

  • Configure security domains using scripting
  • Manage servers, nodes and cells with scripting
  • Start the wsadmin scripting client