Revoking users from a cache

In WebSphere Application Server, Version 5.0.2 and later, revocation of a user from the security cache using an MBean interface is supported.

About this task

When a user is removed from authentication cache, the user can still login to WebSphere Application Server at any time. Removing the cache only removes the user from the runtime cache. It does not remove the user from the registry, nor does it lock out the user.

Procedure

Use the following procedure in a JACL script.

The following Java Command Language (JACL) revokes a user when given the realm and the user ID, and cycles through all the security administration MBean instances that are returned for the entire cell when run from the deployment manager wsadmin command. The command also purges the user from the cache during each process. The procedure can be called from another JACL script.

Attention: In some of the following lines of code, the lines are split into two or more lines for illustrative purposes only.
proc clearAuthCache {realm userid} { 	global AdminControl AdminConfig 	 if {[catch {$AdminControl queryNames WebSphere:type=SecurityAdmin,*} result]} {       puts stdout "\$AdminControl queryNames WebSphere:type=SecurityAdmin,* caught             an exception $result\n"       return     } else {    if {$result != {}} {        foreach secBean $result {            if {$secBean != {} || $secBean != "null"} {              if {[catch {$AdminControl invoke $secBean clearAuthCache} result]} {                puts stdout "\$AdminControl invoke $secBean clearAuthCache caught                      an exception $result\n"                return              } else {                puts stdout "\ncache cleared for process $secBean\n"              }            } else {              puts stdout "unable to get securityAdmin Mbean, user $userid not revoked"           }            }   } else {     puts stdout "Security Mbean was not found\n"   return }  } 



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic    

Terms of Use | Feedback

Last updated: Aug 29, 2010 7:21:45 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=vela&product=was-nd-dist&topic=tsec_cachepurge
File name: tsec_cachepurge.html