You can use the Jython scripting language to configure and administer security domains with the wsadmin tool. Use the commands and parameters in the SecurityDomainCommands group to create and manage security domains, assign servers and clusters to security domains as resources, and to query the security domain configuration.
Starting in WebSphere® Application Server Version 7.0, the use of security domains can be used in place of server level security configurations. If a server level security configuration is currently being used then the convertServerSecurityToSecurityDomain command can be used to covert it to a security domain.
The command creates a security domain and adds any security settings that are specified in the server level security configuration to the newly-created security domain. The server resources are mapped to the security domain.
Target object
None.
Required parameters
Optional parameters
Batch mode example usage
wsadmin> AdminTask.convertServerSecurityToSecurityDomain ('[serverResource Cell=:Node=myNode:Server=server1 -securityDomain secDomain1 -securityDomainDescription "Migrated from server security configuration" -deleteServer true ]'))
wsadmin> $AdminTask convertServerSecurityToSecurityDomain {-serverResource Cell=:Node=myNode:Server=server1 -securityDomain secDomain1 -securityDomainDescription "Migrated from server security configuration" -deleteServer true }
The copySecurityDomain command creates a new security domain by copying an existing security domain. If the security configuration defines an active user registry, provide a realm name for the newly create security domain. If you do not specify a realm name, the system creates a realm name.
Target object
None.
Required parameters
Optional parameters
Return value
The command returns the configuration ID of the new security domain.
Batch mode example usage
AdminTask.copySecurityDomain('-securityDomainName copyOfDomain2 -copyFromSecurityDomainName Domain2')
AdminTask.copySecurityDomain('-securityDomainName', 'copyOfDomain2', '-copyFromSecurityDomainName', 'Domain2')
Interactive mode example usage
AdminTask.copySecurityDomain('-interactive')
The copySecurityDomainFromGlobalSecurity command creates a security domain by copying the global security configuration. If an active user registry exists for the global security configuration, provide a realm name for the newly created security domain. If you do not specify a realm name, then the system creates a realm name.
Target object
None.
Required parameters
Optional parameters
Return value
The command returns the configuration ID of the new security domain.
Batch mode example usage
AdminTask.copySecurityDomainFromGlobalSecurity('-securityDomainName GSCopy -securityDomainDescription "copy of global security" -realmName myRealm')
AdminTask.copySecurityDomainFromGlobalSecurity('-securityDomainName', 'GSCopy', '-securityDomainDescription', '"copy of global security"', '-realmName myRealm')
Interactive mode example usage
AdminTask.copySecurityDomainFromGlobalSecurity('-interactive')
The createSecurityDomain command creates the security domain-security.xml and domain-security-map.xml files under the profile_root/config/cells/cellName/securityDomain/configurationName directory. The system creates an empty domain-security.xml file.
Target object
None.
Required parameters
Optional parameters
Return value
The command returns the configuration ID of the new security domain.
Batch mode example usage
AdminTask.createSecurityDomain('-securityDomainName newDomain -securityDomainDescription "new security domain"')
AdminTask.createSecurityDomain('-securityDomainName', 'newDomain', '-securityDomainDescription', '"new security domain"')
Interactive mode example usage
AdminTask.createSecurityDomain('-interactive')
The deleteSecurityDomain command removes the domain-security.xml and domain-security-map.xml files from the security domain directory. The command returns an error if resources are mapped to the security domain of interest. To delete the security domain when resources are mapped to the security domain of interest, specify the value for the -force parameter as true.
Target object
None.
Required parameters
Optional parameters
Return value
The command does not return output if the system successfully removes the security domain configuration.
Batch mode example usage
AdminTask.deleteSecurityDomain('-securityDomainName mySecurityDomain -force true')
AdminTask.deleteSecurityDomain('-securityDomainName', 'mySecurityDomain', '-force', 'true')
Interactive mode example usage
AdminTask.deleteSecurityDomain('-interactive')
The getSecurityDomainForResource command displays the security domain for a specific resource. If the resource is not mapped to a domain, the command does not return output.
Target object
None.
Required parameters
Optional parameters
Return value
The command returns the security domain name as a string.
Batch mode example usage
AdminTask.getSecurityDomainForResource('-resourceName Cell=:Node=myNode:Server=myServer')
AdminTask.getSecurityDomainForResource('-resourceName', 'Cell=:Node=myNode:Server=myServer')
Interactive mode example usage
AdminTask.getSecurityDomainForResource('-interactive')
The listResourcesInSecurityDomain command displays the servers or clusters that are associated with a specific security domain.
Target object
None.
Required parameters
Return value
The command returns an array that contains the names of the resources that are mapped to the security domain of interest in the format: Cell=cell name:Node=node name:Server=server name.
Batch mode example usage
AdminTask.listResourcesInSecurityDomain('-securityDomainName myDomain')
AdminTask.listResourcesInSecurityDomain('-securityDomainName', 'myDomain')
Interactive mode example usage
AdminTask.listResourcesInSecurityDomain('-interactive')
The listSecurityDomains command lists each security domain configured for the server.
Target object
None.
Optional parameters
Return value
The command returns an array that contains the names of security domains that are configured for the server. The command returns an array of attribute lists that contain the name and description for each security domain if the -listDescription parameter is specified.
Batch mode example usage
AdminTask.listSecurityDomains('-listDescription true')
AdminTask.listSecurityDomains('-listDescription', 'true')
Interactive mode example usage
AdminTask.listSecurityDomains('-interactive')
The listSecurityDomainsForResources command lists the security domains that are associated with the resources of interest.
Target object
None.
Required parameters
Return value
The command returns the list of resources specified by the -resourceNames parameter and the security domains to which each resource is mapped.
Batch mode example usage
AdminTask.listSecurityDomainsForResources('-resourceNames resource1+resource2+resource3')
AdminTask.listSecurityDomainsForResources('-resourceNames', 'resource1+resource2+resource3')
Interactive mode example usage
AdminTask.listSecurityDomainsForResources('-interactive')
The mapResourceToSecurityDomain command maps a resource to a security domain. The system adds an entry for each resource to the domain-security-map.xml file.
Target object
None.
Required parameters
Return value
The command does not return output if the system successfully assigns the resource to the security domain of interest.
Batch mode example usage
AdminTask.mapResourceToSecurityDomain('-securityDomainName mySecurityDomain -resourceName -resourceName Cell=:Node=myNode:Server=myServer')
AdminTask.mapResourceToSecurityDomain('-securityDomainName', 'mySecurityDomain', '-resourceName', '-resourceName Cell=:Node=myNode:Server=myServer')
Interactive mode example usage
AdminTask.mapResourceToSecurityDomain('-interactive')
The modifySecurityDomain command changes the description of a security domain.
Target object
None.
Required parameters
Optional parameters
Return value
The command does not return output if the system successfully modifies the security domain.
Batch mode example usage
AdminTask.modifySecurityDomain('-securityDomainName myDomain -securityDomainDescription "my new description"')
AdminTask.modifySecurityDomain('-securityDomainName', 'myDomain', '-securityDomainDescription',= '"my new description"')
Interactive mode example usage
AdminTask.modifySecurityDomain('-interactive')
The removeResourceFromSecurityDomain command removes a resource from a security domain mapping. The command removes the resource entry from the domain-security-map.xml file.
Target object
None.
Required parameters
Return value
The command does not return output if the system successfully removes the resource from the security domain.
Batch mode example usage
AdminTask.removeResourceFromSecurityDomain('-securityDomainName myDomain -resourceName Cell=:Node=myNode:Server=myServer')
AdminTask.removeResourceFromSecurityDomain('-securityDomainName', 'myDomain', '-resourceName', 'Cell=:Node=myNode:Server=myServer')
Interactive mode example usage
AdminTask.removeResourceFromSecurityDomain('-interactive')