ConsolidateJAASAuthAliases.py is a wsadmin script to consolidate the several JAAS authentication aliases defined for database access by the augment process.
When a WebSphere® ESB for z/OS® server accesses a secure database subsystem, one of the security mechanisms available to it involves the use of JAAS authentication aliases. A JAAS authentication alias specifies a user identifier and password that is provided when the database subsystem requests authentication credentials. The augment process defines a set of JAAS authentication aliases which are associated with the various data sources and service integration buses for use when they access the database. The aliases are also assigned to a number of WebSphere Relational Resource Adapter CMP Connection Factories.
A fully configured WebSphere ESB system consists of the following resources and JAAS authentication aliases defined by the augment process:
Data Sources | JAAS Authentication Alias |
---|---|
BPEDataSourceDb2zOS | BPCDB_<node>.<server>_Auth_Alias |
Business Process Choreographer ME data source | None |
CEI ME data source | CEIME_<node>.<server>_Auth_Alias |
ESBLoggerMediationDataSource | WPSDB_Auth_Alias |
SCA Application Bus ME data source | SCAAPPME00_Auth_Alias |
SCA System Bus ME data source | SCASYSME00_Auth_Alias |
WBI_DataSource | WPSDB_Auth_Alias |
event | <cell>/<node>/<server>/EventAuthDataAliasDB2ZOS |
event_catalog | <cell>/<node>/<server>/EventAuthDataAliasDB2ZOS |
CMP Connection Factories | JAAS Authentication Alias |
WBI_DataSource_CF | WPSDB_Auth_Alias (component-managed) |
WPDDB_Auth_Alias (container-managed) | |
Business Process Choreographer ME data source_CF | None |
CEI ME data source_CF | CEIME_<node>.<server>_Auth_Alias (component-managed) |
CEIME_<node>.<server>_Auth_Alias (container-managed) | |
SCA Application Bus ME data source_CF | SCAAPPME00_Auth_Alias (component-managed) |
SCAAPPME00_Auth_Alias (container-managed) | |
SCA System Bus ME data source_CF | SCASYSME00_Auth_Alias (component-managed) |
SCASYSME00_Auth_Alias (container-managed) | |
event_catalog_CF | <cell>/<node>/<server>/EventAuthDataAliasDB2ZOS (container managed) |
SIBuses | JAAS Authentication Alias |
<node>.<server>-BPC<cell>Bus | BPCME_00_Auth_Alias |
<node>.<server>-CommonEventInfrastructure.Bus | CEIME_<node>.<server>_Auth_Alias |
<node>.<server>-SCA.APPLICATION.<cell>.Bus | None |
<node>.<server>-SCA.SYSTEM.<cell>.Bus | None |
On z/OS all the various data repositories are defined to access the same z/OS database subsystem, for example DB2 for z/OS. In addition, authentication to this common database subsystem is carried out using the same user identifier and password. It would not be uncommon for many, if not all, of the JAAS authentication aliases defined by the augment process to be defined with the same user identifier and password.
The wsadmin Jython script can be used to consolidate the various JAAS authentication aliases created by WebSphere ESB or WESB configuration into a single entry.
By default the location of the script is /usr/lpp/zWESB/V6R2/zos.config/samples.
The script was originally developed for WebSphere ESB or WESB for z/OS V6.1.0.1 running on WebSphere Application Server for z/OS V6.1.0.15. The script was tested against a standalone server and a network deployment cell consisting of the deployment manager node and a single application server node.
/AppServerRoot/bin/wsadmin.sh -host <host name> -port <host port> -lang jython -f ConsolidateJAASAuthAliases.py <JAAS authentication alias name> <user ID> <password> [scan mode]
The script provides a report of all the actions it has taken.
If no fourth parameter is supplied to the script, the changes are committed. If any string is provided as a fourth parameter, the changes are backed out, although the script will still report the changes that it would have made.
/WebSphere/V6T5N1/AppServer/bin:> ./wsadmin.sh -host winmvsp2 -port 20540 -lang jython -f /u/healdr/Jython/ConsolidateJAASAuthAliases.py WPSDB2Access wsadmin admn4was WASX7209I: Connected to process "serverN1" on node Node1MVSP2 using SOAP connector; The type of process is: UnManagedProcess WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv variable: "[WPSDB2Access, wsadmin, admn4was]" ConsolidateJAASAuthAliases: Starting Created JAAS alias: WPSDB2Access Replacing alias reference in data source: event T5Cell1Base/Node1MVSP2/serverN1/EventAuthDataAliasDB2ZOS => WPSDB2Access Replacing alias reference in data source: event_catalog Container-managed T5Cell1Base/Node1MVSP2/serverN1/EventAuthDataAliasDB2ZOS => Component-managed WPSDB2Access Removing alias reference from CMP connection factory: event_catalog_CF Container-managed T5Cell1Base/Node1MVSP2/serverN1/EventAuthDataAliasDB2ZOS Removing alias: T5Cell1Base/Node1MVSP2/serverN1/EventAuthDataAliasDB2ZOS Replacing alias reference in data source: BPEDataSourceDb2zOS BPCDB_Node1MVSP2.serverN1_Auth_Alias => WPSDB2Access Removing alias: BPCDB_Node1MVSP2.serverN1_Auth_Alias Replacing alias reference in SIBus data store of ME: Node1MVSP2.serverN1-BPC. T5Cell1Base.Bus BPCME_00_Auth_Alias => WPSDB2Access Removing alias: BPCME_00_Auth_Alias Replacing alias reference in data source: SCA System Bus ME data source SCASYSME00_Auth_Alias => WPSDB2Access Replacing alias reference in SIBus data store of ME: Node1MVSP2.serverN1-SCA. SYSTEM.T5Cell1Base.Bus SCASYSME00_Auth_Alias => WPSDB2Access Removing alias reference from CMP connection factory: SCA System Bus ME data source_CF Component-managed SCASYSME00_Auth_Alias Removing alias reference from CMP connection factory: SCA System Bus ME data source_CF Container-managed SCASYSME00_Auth_Alias Removing alias: SCASYSME00_Auth_Alias Replacing alias reference in data source: SCA Application Bus ME data source SCAAPPME00_Auth_Alias => WPSDB2Access Replacing alias reference in SIBus data store of ME: Node1MVSP2.serverN1-SCA. APPLICATION.T5Cell1Base.Bus SCAAPPME00_Auth_Alias => WPSDB2Access Removing alias reference from CMP connection factory: SCA Application Bus ME data source_CF Component-managed SCAAPPME00_Auth_Alias Removing alias reference from CMP connection factory: SCA Application Bus ME data source_CF Container-managed SCAAPPME00_Auth_Alias Removing alias: SCAAPPME00_Auth_Alias Replacing alias reference in data source: CEI ME data source CEIME_Node1MVSP2.serverN1_Auth_Alias => WPSDB2Access Replacing alias reference in SIBus data store of ME: Node1MVSP2.serverN1-Comm onEventInfrastructure_Bus CEIME_Node1MVSP2.serverN1_Auth_Alias => WPSDB2Access Removing alias reference from CMP connection factory: CEI ME data source_CF Component-managed CEIME_Node1MVSP2.serverN1_Auth_Alias Removing alias reference from CMP connection factory: CEI ME data source_CF Container-managed CEIME_Node1MVSP2.serverN1_Auth_Alias Removing alias: CEIME_Node1MVSP2.serverN1_Auth_Alias Replacing alias reference in data source: ESBLoggerMediationDataSource WPSDB_Auth_Alias => WPSDB2Access Replacing alias reference in data source: WBI_DataSource WPSDB_Auth_Alias => WPSDB2Access Removing alias reference from CMP connection factory: WBI_DataSource_CF Component-managed WPSDB_Auth_Alias Removing alias reference from CMP connection factory: WBI_DataSource_CF Container-managed WPSDB_Auth_Alias Removing alias: WPSDB_Auth_Alias Saving configuration ConsolidateJAASAuthAliases: Completed
/WebSphere/V6T5DM/DeploymentManager/bin:> ./wsadmin.sh -host winmvsp1 -port 20510 -lang jython -f /u/healdr/Jython/ConsolidateJAASAuthAliases.py WPSDB2Access wsadmin admn4was scanit WASX7209I: Connected to process "dmgr" on node NDNodeT5dmgrMVSP1 using SOAP connector; The type of process is: DeploymentManager WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv variable: "[WPSDB2Access, wsadmin, admn4was, scanit]" ConsolidateJAASAuthAliases: Starting Created JAAS alias: WPSDB2Access … Removing alias: CEIME_Node1MVSP2.serverN1_Auth_Alias Running in scan mode, no updates committed ConsolidateJAASAuthAliases: Completed
The following references provide more information about wsadmin and Jython scripting: