WsSecCheck command-line utility for validating
security settings
Downloadable files
Abstract
WsSecCheck is a command-line utility for validating
security settings in WebSphere® Application Server V5.x and V5.1.x
Download Description
WsSecCheck provides an ldapsearch-type interface to the SecurityAdmin
MBean in WebSphere Application Server V5.x and V5.1.x to query basic
security settings.
It is a standalone Java™ program that allows you to query WebSphere
Application Server for users and groups, as well as some basic
configuration settings.
Functionality is limited to the methods provided by the SecurityAdmin
MBean.
Installation Overview
Update the file bin\WsSecCheck.properties to point to the SOAP port and
hostname of the target application server (base) or DeploymentManager
(ND).
Usage
Launch using the bat file (Windows) or .sh script (Unix and z/OS). The
syntax is:
WsSecCheck uid pswd propertiesFile "cmd"
where
uid and password are an operating system ID and
password, such as the those that are used to execute WebSphere.
propertiesFile is the file containing WsSecCheck,
bin/WsSecCheck.properties by default. It must be specified if "cmd"
is supplied
"cmd" is an optional WsSecCheck command. If given, WsSecCheck
will execute the command, display the output, and exit, instead of going
into command mode.
Commands:
realm Get realm
getUsers <pattern> <limit> List all users matching <pattern>, up to <limit> occurrences
getGroups <pattern> <limit> List all groups matching <pattern>, up to <limit> occurrences
getAl <u|g> "<id>" Get access ID for u(ser) or g(roup) "id"
checkPwd "<id>" <pswd> Checks whether the id and password are valid
getJAAS Show JAAS configuration
examples Display command examples
Examples
To display 1st 100 users: (or all if less than 100):
getUsers * 100
List up to 50 users ending with "Smith":
getUsers *Smith 50
Verify that there is a group "Managers":
getGroups Managers 1
Get access ID for user Aboulfadl:
getAI u "Aboulfadl"
Get access ID for users in OS group Human Resources:
getAI g "Human Resources"
Get access ID for users in LDAP group Human Resources:
getAI g "cn=Human Resources,ou=AGroupName,o=OrgName,c=Country"
Verify that there is a user Aboulfadl with password Nabile:
checkPwd "Aboulfadl" Nabile
List resources available to user Aboulfadl, and redirect output to a file
(as a system command):
WsSecCheck root rootPassword WsSecCheck.properties "getACs u
\"Aboulfadl\"" > aboulAcs.txt
Get a dump of the JAAS configuration:
getJAAS
Prerequisites
WebSphere Application Server V5.x and V5.1.x
Installation Instructions
Unzip WsSecCheck.zip into the <WebSphere install root>
directory. On Unix and z/OS platforms, use the -a option in unzipping to
avoid ctl-M characters in the properties file.