Use this topic to create multiple security domains in your
configuration. By creating multiple security domains, you can configure
different security attributes for administrative and user applications
within a cell environment.
Before you begin
You must have the administrator role to configure security
domains. Also, enable global security in your environment before configuring
multiple security domains.
About this task
You can create multiple security domains to customize
your security configuration. Use multiple security domains to achieve
the following goals:
- Configure different security attributes for administrative and
user applications within a cell
- Consolidate server configurations by managing different security
configurations within a cell
- Restrict access between applications with different user registries,
or configure trust relationships between applications to support communication
across registries
Use the following steps to create a new security domain with
the wsadmin tool:
Procedure
- Launch the wsadmin scripting tool using the Jython scripting
language. See the Starting the wsadmin scripting client article for
more information.
- Create a security domain.
To create a security
domain, you can create a new security domain, copy an existing security
domain, or copy the existing global security configuration.
- Save your configuration changes.
Use the following command example to save your configuration changes:
AdminConfig.save()
What to do next
Use the wsadmin tool to map a scope to your security domain.
Additionally, you can configure security artifacts in the newly created
domain, by:
- configuring user registries.
- enabling application and Java EE
security.
- setting Lightweight Third-Party Authentication (LTPA) timeout.
- configuring System and Application Java™ Authentication and Authorization
Service (JAAS) login.
- configuring Java 2 Connector (J2C) authorization
data.
- configuring Remote Method Invocation over Internet Inter-ORB Protocol
(RMI/IIOP) security.