Network Deployment (Distributed operating systems), v8.0 > Reference > Commands (wsadmin scripting)

NamingAuthzCommands command group

We can use Jython to configure naming roles for groups and users with wsadmin.sh. Use the commands and parameters in the NamingAuthzCommands group to assign, remove, and query naming role configuration. CosNaming security offers increased granularity of security control over CosNaming functions.

A number of naming roles are defined to provide the degrees of authority that are needed to perform certain application server naming service functions. The authorization policy is only enforced when global security is enabled.

Use the following commands to manage the naming service functions:

• listGroupsForNamingRoles

• listUsersForNamingRoles

• mapGroupsToNamingRole

• mapUsersToNamingRole

• removeGroupsFromNamingRole

• removeUsersFromNamingRole

listGroupsForNamingRoles

The listGroupsForNamingRoles command displays the groups and special subjects that are mapped to the naming roles.

Target object None

Return value

The command returns a list of the groups and special subjects associated with each naming role.

Batch example...

### Jython

AdminTask.listGroupsForNamingRoles()

Interactive example...

### Jython

AdminTask.listGroupsForNamingRoles('-interactive')

listUsersForNamingRoles

The listUsersForNamingRoles command displays the users that are mapped to the naming roles.

Target object None

Return value

The command returns a list of the users associated with each naming role.

Batch example...

### Jython

AdminTask.listUsersForNamingRoles()

Interactive example...

### Jython

AdminTask.listUsersForNamingRoles('-interactive')

mapGroupsToNamingRole

The mapGroupsToNamingRole command maps groups, special subjects, or groups and special subjects to the naming roles.

Target object None

Required parameters

-roleName

Name of the naming role. (String)

Name space security roles. Four name space security roles are available: CosNamingRead, CosNamingWrite, CosNamingCreate, and CosNamingDelete. The roles have authority levels from low to high, as the following table defines:

Role name	Description
CosNamingRead	We can query the application server name space using, for example, the Java Naming and Directory Interface (JNDI) lookup method. The EVERYONE special-subject is the default policy for this role.
CosNamingWrite	We can perform write operations such as JNDI bind, rebind, or unbind, and CosNamingRead operations.
CosNamingCreate	We can create new objects in the name space through operations such as JNDI createSubcontext and CosNamingWrite operations.
CosNamingDelete	We can destroy objects in the name space, for example using the JNDI destroySubcontext method and CosNamingCreate operations.

Optional parameters

-groupids

Names of the groups to map to the naming roles. (String[])

-accessids

Access IDs of the users in the format <group:realmName/uniqueID>. (String[])

-specialSubjects

Special subjects to map. (String[])

Special subjects. The special subjects include EVERYONE, ALLAUTHENTICATED, ALLAUTHENTICATEDINTRUSTEDREALMS, as the following table defines:

Header	Header
EVERYONE	Maps everyone to a specified role. When you map everyone to a role, anyone can access the resources that are protected by this role and, essentially, there is no security.
ALLAUTHENTICATED	Maps each authenticated user to a specified role. When you map each authenticated user to a specified role, each valid user in the current registry who has been authenticated can access resources that are protected by this role.
ALLAUTHENTICATEDINTRUSTEDREALMS	Maps each authenticated user to a specified role. When you map each authenticated user to a specified role, each valid user in the current registry who has been authenticated can access resources that are protected by this role in the trusted realm.

Return value

The command does not return output.

Batch mode example usage

• Jython string:

  AdminTask.mapGroupsToNamingRole('[-roleName CosNamingCreate -groupids [group1, group2]]')
  

• Use Jython list:

  AdminTask.mapGroupsToNamingRole(['-roleName', 'CosNamingCreate', '-groupids', '[group1, group2]'])
  

Interactive example...

### Jython

AdminTask.mapGroupsToNamingRole('-interactive')

mapUsersToNamingRole

The mapUsersToNamingRole command maps users to the naming roles.

Target object None

Required parameters

-roleName

Name of the naming role. (String)

Name space security roles. Four name space security roles are available: CosNamingRead, CosNamingWrite, CosNamingCreate, and CosNamingDelete. The roles have authority levels from low to high, as the following table defines:

Role name	Description
CosNamingRead	We can query the application server name space using, for example, the Java Naming and Directory Interface (JNDI) lookup method. The EVERYONE special-subject is the default policy for this role.
CosNamingWrite	We can perform write operations such as JNDI bind, rebind, or unbind, and CosNamingRead operations.
CosNamingCreate	We can create new objects in the name space through operations such as JNDI createSubcontext and CosNamingWrite operations.
CosNamingDelete	We can destroy objects in the name space, for example using the JNDI destroySubcontext method and CosNamingCreate operations.

Optional parameters

-userids

User IDs to map to the naming roles of interest. (String[])

-accessids

Access IDs of the users in the format <user:realmName/uniqueID>. (String[])

Return value

The command does not return output.

Batch mode example usage

• Jython string:

  AdminTask.mapUsersToNamingRole([-roleName CosNamingDelete -userids [user1, user2, user3]]')
  

• Use Jython list:

  AdminTask.mapUsersToNamingRole(['-roleName', 'CosNamingDelete', '-userids', '[user1, user2, user3]'])
  

Interactive example...

### Jython

AdminTask.mapUsersToNamingRole('-interactive']

removeGroupsFromNamingRole

The removeGroupsFromNamingRole command removes groups, special subjects, or groups and special subjects from a naming role.

Target object None

Required parameters

-roleName

Name of the naming role. (String)

Name space security roles. Four name space security roles are available: CosNamingRead, CosNamingWrite, CosNamingCreate, and CosNamingDelete. The roles have authority levels from low to high, as the following table defines:

Role name	Description
CosNamingRead	We can query the application server name space using, for example, the Java Naming and Directory Interface (JNDI) lookup method. The EVERYONE special-subject is the default policy for this role.
CosNamingWrite	We can perform write operations such as JNDI bind, rebind, or unbind, and CosNamingRead operations.
CosNamingCreate	We can create new objects in the name space through operations such as JNDI createSubcontext and CosNamingWrite operations.
CosNamingDelete	We can destroy objects in the name space, for example using the JNDI destroySubcontext method and CosNamingCreate operations.

Optional parameters

-groupids

Names of the groups to remove from the naming roles of interest. (String[])

-specialSubjects

Special subjects to remove. (String[])

Special subjects. The special subjects include EVERYONE, ALLAUTHENTICATED, ALLAUTHENTICATEDINTRUSTEDREALMS, as the following table defines:

Header	Header
EVERYONE	Maps everyone to a specified role. When you map everyone to a role, anyone can access the resources that are protected by this role and, essentially, there is no security.
ALLAUTHENTICATED	Maps each authenticated user to a specified role. When you map each authenticated user to a specified role, each valid user in the current registry who has been authenticated can access resources that are protected by this role.
ALLAUTHENTICATEDINTRUSTEDREALMS	Maps each authenticated user to a specified role. When you map each authenticated user to a specified role, each valid user in the current registry who has been authenticated can access resources that are protected by this role in the trusted realm.

Return value

The command does not return output.

Batch mode example usage

• Jython string:

  AdminTask.removeGroupsFromNamingRole('-roleName CosNamingRead -groupids [group1, group2] -specialSubjects EVERYONE')
  

• Use Jython list:

  AdminTask.removeGroupsFromNamingRole(['-roleName', 'CosNamingRead', '-groupids', '[group1, group2]', '-specialSubjects', 'EVERYONE'])
  

Interactive example...

### Jython

AdminTask.removeGroupsFromNamingRole('-interactive')

removeUsersFromNamingRole

The removeUsersFromNamingRole command removes users from a naming role.

Target object None

Required parameters

-roleName

Name of the naming role. (String)

Name space security roles. Four name space security roles are available: CosNamingRead, CosNamingWrite, CosNamingCreate, and CosNamingDelete. The roles have authority levels from low to high, as the following table defines:

Role name	Description
CosNamingRead	We can query the application server name space using, for example, the Java Naming and Directory Interface (JNDI) lookup method. The EVERYONE special-subject is the default policy for this role.
CosNamingWrite	We can perform write operations such as JNDI bind, rebind, or unbind, and CosNamingRead operations.
CosNamingCreate	We can create new objects in the name space through operations such as JNDI createSubcontext and CosNamingWrite operations.
CosNamingDelete	We can destroy objects in the name space, for example using the JNDI destroySubcontext method and CosNamingCreate operations.

Optional parameters

-userids

User IDs to remove from the naming roles of interest. (String[])

Return value

The command does not return output.

Batch mode example usage

• Jython string:

  AdminTask.removeUsersFromNamingRole('-roleName CosNamingRead')
  

• Use Jython list:

  AdminTask.removeUsersFromNamingRole(['-roleName', 'CosNamingRead'])
  

Interactive example...

### Jython

AdminTask.removeUsersFromNamingRole('-interactive')

Configure multiple security domains using scripting

Related

Naming roles
SecurityDomainCommands command group
SecurityConfigurationCommands command group

+

Search Tips   |   Advanced Search