WebSphere Extended Deployment, Version 6.0.x
             Operating Systems: AIX, HP-UX, Linux, Solaris, Windows, z/OS


Securing the long-running scheduler

This topic describes how to secure the long-running scheduler.

Before you begin

Users who are assigned the lradmin role have the authority to perform all long-running scheduler application actions on all jobs regardless of job ownership, while users who are assigned with the lrsubmitter role can only act on jobs that are owned by the submitters themselves.
Note: To invoke lrcmd.sh | .bat on an HTTPS port, you must configure SSL on the scheduler server. Following the steps in part three of the series, location in the following DeveloperWorks article, Build Web services with transport-level security using Rational Application Developer V7, Part 3: Configure HTTPS. You must be a registered user for DeveloperWorks in order to access articles. If you have not registered as a user for DeveloperWorks, follow the instructions on the IBM registration page.

About this task

This sample task assumes that the job scheduler is configured. From the administrative console:

Procedure

  1. [Version 6.0.1 and later] Click Security > Secure administration, applications, and infrastructure.
  2. Select administrative security, application security, and optionally Java 2 security.
  3. Configure User account repository by specifying one of the available realm definitions.
  4. [Version 6.0.1 and later] Once you have configured WebSphere Application Server Security, click Apply to save your configuration.
  5. [Version 6.0.1 and later] Expand System administration > Job scheduler > Security role to user/group mapping.
  6. [Version 6.0.1 and later] Select the roles to be configured.
  7. Click Look up users if one or more users are to be assigned the target role, or click Look up groups if role assignment is at the group level.
  8. Select the user or group to be assigned to the target role.
  9. Click OK and save the configuration.
  10. [Version 6.0.1 only] Click Security > Global Security.
  11. [Version 6.0.1 only] Enable global security and Java 2 security. This supports any of the WebSphere Application Server supported user registries such as Local OS, Lightweight Directory Access Protocol (LDAP), or custom.
  12. Restart the celll.

What to do next

With security enabled, provide a valid user ID and password for job actions that are performed through the command- line interface. Submit a job action through the command-line interface with the user name and password information. See the following example:
<install_root>/bin/lrcmd.[bat|sh]  
-cmd=<name_of_command> <command_arguments> [-host=<host> -port=<port>] 
-userid=<user_ID> -password=<password>
where:
  • <host> is the on demand router (ODR) host name or the long-running scheduler server host name. If not specified, the default is localhost.
  • <port> is the ODR HTTP(s) proxy address or the long-running scheduler server HTTP(s) port. If not specified, the default is 80.
See the following example:
D:\IBM\WebSphere\AppServer\bin\lrcmd 
-cmd=submit -xJCL=D:\IBM\WebSphere\AppServer\longRunning\
postingSampleXJCL.xml -port=9445 -host=wasxd01.ibm.com 
-userid=mylradmin -password=w2g0u1tf



Related concepts
Roles and privileges for securing the long-running scheduler
The command line interface
Task topic    

Terms of Use | Feedback

Last updated: Oct 16, 2009 11:08:29 AM EDT
http://publib.boulder.ibm.com/infocenter/wxdinfo/v6r0/index.jsp?topic=/com.ibm.websphere.xd.doc/info/scheduler/tbgsecur.html