SecurityAdmin MBean

Partial ObjectName:
WebSphere:*,type=SecurityAdmin


MBean SecurityAdmin

Management interface for Security functions.


Operation Summary
voidresetLdapBindInfo(java.lang.String userId, java.lang.String password)
           authenticates the user
voidupdateAuthDataCfg(java.util.HashMap newCfg)
           Updates the auth data entries in runtime
voidpurgeUserFromAuthCache(java.lang.String realm, java.lang.String userid)
           Remove a user from the auth cache
voidclearAuthCache()
           Remove all users from the auth cache
voidgenerateKeys(java.lang.String password)
           Generates the LTPA keys
java.util.PropertiesgenKeys(java.lang.String password)
           Generates the LTPA keys without updating the Runtime
voidexportKeys(java.lang.String fileName, java.util.Properties props)
           Export the LTPAKeys from runtime to a file
voidimportKeys(java.lang.String fileName, [B passwd)
           Imports the LTPAKeys into the runtime from a file
voidimportLTPAKeys(java.util.Properties ssoProps, [B passwd)
           Imports the LTPAKeys into the runtime
voidcheckImportLTPAKeys(java.util.Properties ssoProps, [B passwd)
           Checks of the keys can be decrypted with the password
java.util.PropertiesexportLTPAKeys()
           Exports the LTPA keys from the runtime
com.ibm.websphere.security.ResultgetUsers(java.lang.String pattern, java.lang.Integer limit, java.util.Properties props)
           getUsers from the UserRegistry
com.ibm.websphere.security.ResultgetGroups(java.lang.String pattern, java.lang.Integer limit, java.util.Properties props)
           getGroups from the UserRegistry
java.lang.BooleancheckPassword(java.lang.String userId, java.lang.String password, java.util.Properties props)
           authenticates the user
java.lang.IntegercheckTokenLibFile(java.lang.String tokenType, java.lang.String tokenLib, java.lang.String tokenSlot, java.lang.String tokenPasswordEncoded, java.lang.String serverAlias, java.lang.String clientAlias)
           Validates SSL cryptographic config
java.lang.IntegercheckKeyFile(java.lang.String fileType, java.lang.String fileName, java.lang.String filePasswordEncoded, java.lang.String serverAlias, java.lang.String clientAlias)
           Validates SSL key file config
java.lang.IntegercheckTrustFile(java.lang.String fileType, java.lang.String fileName, java.lang.String filePasswordEncoded)
           Validates SSL trust file config
java.lang.StringgetRealm(java.util.Properties props)
           gets the Realm
java.lang.BooleancheckRunAsUser(java.util.List usrList, java.util.List grpList, java.lang.String userName, java.util.Properties props)
           Checks if the user can be added to the runAsRole
java.lang.StringgetAccessIds(boolean isUser, java.lang.String name, java.util.Properties props)
           Gets the accessIds for users and groups from the active registry
voidupdateJAASCfg(java.lang.String newCfg)
           Dynamic refreshing the WCCM JAAS configuration
java.lang.StringgetJAASCfg()
           Get the WCCM JAAS configuration
com.ibm.wsspi.security.token.TokenHoldergetOpaqueToken(com.ibm.ws.security.util.ByteArray ssoToken)
           Get the opaque authorization token.
voidpropagatePolicyToJACCProvider(java.lang.String appList)
           Propagate the security policy to the JACC prvider.
com.ibm.wsspi.security.token.TokenHoldergetInitialContextToken(com.ibm.ws.security.util.ByteArray ssoToken, java.lang.String targetServer)
           Get the initial context token for Kerberos.
java.util.ListgetSecureSocketLayerCipherList(java.lang.Boolean fipsEnabledFlag)
           Return SSL cipher list
com.ibm.wsspi.security.token.TokenHolder[]getSingleSignonTokens()
           Get the single signon tokens for the current authenticated caller.

Operation Detail

resetLdapBindInfo

public void resetLdapBindInfo(java.lang.String userId, java.lang.String password)
authenticates the user
Parameters:
userId - The userId to authenticate
password - The password of the user
Security Roles:
administrator
configurator

updateAuthDataCfg

public void updateAuthDataCfg(java.util.HashMap newCfg)
Updates the auth data entries in runtime
Parameters:
newCfg - The auth data config.
Security Roles:
administrator
configurator

purgeUserFromAuthCache

public void purgeUserFromAuthCache(java.lang.String realm, java.lang.String userid)
Remove a user from the auth cache
Parameters:
realm - The security realm.
userid - The userid.
Security Roles:
administrator
configurator

clearAuthCache

public void clearAuthCache()
Remove all users from the auth cache
Security Roles:
administrator
configurator

generateKeys

public void generateKeys(java.lang.String password)
Generates the LTPA keys
Parameters:
password - The password to encrypt and decrypt the Keys
Security Roles:
administrator
configurator

genKeys

public java.util.Properties genKeys(java.lang.String password)
Generates the LTPA keys without updating the Runtime
Parameters:
password - The password to encrypt and decrypt the Keys
Security Roles:
administrator
configurator

exportKeys

public void exportKeys(java.lang.String fileName, java.util.Properties props)
Export the LTPAKeys from runtime to a file
Parameters:
fileName - A File URI to which LTPA keys to be exported
props - optional LTPA server properties
Security Roles:
administrator
configurator

importKeys

public void importKeys(java.lang.String fileName, [B passwd)
Imports the LTPAKeys into the runtime from a file
Parameters:
fileName - A File URI containing the LTPA keys to import
passwd - password in java byte array format to encrypt and decrypt the LTPA keys
Security Roles:
administrator
configurator

importLTPAKeys

public void importLTPAKeys(java.util.Properties ssoProps, [B passwd)
Imports the LTPAKeys into the runtime
Parameters:
ssoProps - A properties object containing the LTPA keys to import
passwd - password in java byte array format to encrypt and decrypt the LTPA keys
Security Roles:
administrator
configurator

checkImportLTPAKeys

public void checkImportLTPAKeys(java.util.Properties ssoProps, [B passwd)
Checks of the keys can be decrypted with the password
Parameters:
ssoProps - A properties object containing the LTPA keys to import
passwd - password in java byte array format to encrypt and decrypt the LTPA keys
Security Roles:
administrator
configurator

exportLTPAKeys

public java.util.Properties exportLTPAKeys()
Exports the LTPA keys from the runtime
Security Roles:
administrator
configurator

getUsers

public com.ibm.websphere.security.Result getUsers(java.lang.String pattern, java.lang.Integer limit, java.util.Properties props)
getUsers from the UserRegistry
Parameters:
pattern - The pattern to search for users in the UserRegistry
limit - The maximum number of users that can be returned
props - The properties object
Security Roles:
administrator
configurator

getGroups

public com.ibm.websphere.security.Result getGroups(java.lang.String pattern, java.lang.Integer limit, java.util.Properties props)
getGroups from the UserRegistry
Parameters:
pattern - The pattern to search for groups in the UserRegistry
limit - The maximum number of groups that can be returned
props - The properties object
Security Roles:
administrator
configurator

checkPassword

public java.lang.Boolean checkPassword(java.lang.String userId, java.lang.String password, java.util.Properties props)
authenticates the user
Parameters:
userId - The userId to authenticate
password - The password of the user
props - The properties object
Security Roles:
administrator
configurator

checkTokenLibFile

public java.lang.Integer checkTokenLibFile(java.lang.String tokenType, java.lang.String tokenLib, java.lang.String tokenSlot, java.lang.String tokenPasswordEncoded, java.lang.String serverAlias, java.lang.String clientAlias)
Validates SSL cryptographic config
Parameters:
tokenType - Token type, i.e., PKCS#11
tokenLib - The token library file name
tokenSlot - The tokenslot number
tokenPasswordEncoded - The token password in the encoded form
serverAlias - The value from com.ibm.ssl.keyStoreServerAlias
clientAlias - The value from com.ibm.ssl.keyStoreClientAlias
Security Roles:
administrator
configurator

checkKeyFile

public java.lang.Integer checkKeyFile(java.lang.String fileType, java.lang.String fileName, java.lang.String filePasswordEncoded, java.lang.String serverAlias, java.lang.String clientAlias)
Validates SSL key file config
Parameters:
fileType - The file type, i.e., JKS
fileName - The absolute path of the key file
filePasswordEncoded - The key file password in the encoded form
serverAlias - The value from com.ibm.ssl.keyStoreServerAlias
clientAlias - The value from com.ibm.ssl.keyStoreClientAlias
Security Roles:
administrator
configurator

checkTrustFile

public java.lang.Integer checkTrustFile(java.lang.String fileType, java.lang.String fileName, java.lang.String filePasswordEncoded)
Validates SSL trust file config
Parameters:
fileType - The file type, i.e., JKS
fileName - The absolute path of the trust file
filePasswordEncoded - The trust file password in the encoded form
Security Roles:
administrator
configurator

getRealm

public java.lang.String getRealm(java.util.Properties props)
gets the Realm
Parameters:
props - The properties object
Security Roles:
administrator
configurator

checkRunAsUser

public java.lang.Boolean checkRunAsUser(java.util.List usrList, java.util.List grpList, java.lang.String userName, java.util.Properties props)
Checks if the user can be added to the runAsRole
Parameters:
usrList - The list of userNames
grpList - The list of groupNames
userName - The user name entered for runAsRole
props - The properties object
Security Roles:
administrator
configurator

getAccessIds

public java.lang.String getAccessIds(boolean isUser, java.lang.String name, java.util.Properties props)
Gets the accessIds for users and groups from the active registry
Parameters:
isUser - true if it a user, false if it is a group
name - The name of the user or group
props - The properties object
Security Roles:
administrator
configurator

updateJAASCfg

public void updateJAASCfg(java.lang.String newCfg)
Dynamic refreshing the WCCM JAAS configuration
Parameters:
newCfg - New WCCM JAAS configuration
Security Roles:
administrator
configurator

getJAASCfg

public java.lang.String getJAASCfg()
Get the WCCM JAAS configuration
Security Roles:
administrator
configurator

getOpaqueToken

public com.ibm.wsspi.security.token.TokenHolder getOpaqueToken(com.ibm.ws.security.util.ByteArray ssoToken)
Get the opaque authorization token.
Parameters:
ssoToken - The opaque token lookup key
Security Roles:
administrator
configurator

propagatePolicyToJACCProvider

public void propagatePolicyToJACCProvider(java.lang.String appList)
Propagate the security policy to the JACC prvider.
Parameters:
appList - A string of colon(:) separated application names whose security policy information needs to be propagated to the JACC provider. If null is passed the security policy of all the applications in the process will be propagated.
Security Roles:
administrator
configurator

getInitialContextToken

public com.ibm.wsspi.security.token.TokenHolder getInitialContextToken(com.ibm.ws.security.util.ByteArray ssoToken, java.lang.String targetServer)
Get the initial context token for Kerberos.
Parameters:
ssoToken - The opaque token lookup key
targetServer - The target server to perform initSecContext against.
Security Roles:
administrator
configurator

getSecureSocketLayerCipherList

public java.util.List getSecureSocketLayerCipherList(java.lang.Boolean fipsEnabledFlag)
Return SSL cipher list
Parameters:
fipsEnabledFlag - True if FIPS is enabled, false otherwise.
Security Roles:
administrator
configurator

getSingleSignonTokens

public com.ibm.wsspi.security.token.TokenHolder[] getSingleSignonTokens()
Get the single signon tokens for the current authenticated caller.
Security Roles:
administrator
configurator
monitor
operator

Copyright IBM Corp. 1996-2005