In WebSphere® Application Server, Version 5.0.2 and later, revocation of a user from the security cache using an MBean interface is supported.
When a user is removed from authentication cache, the user can still login to WebSphere Application Server at any time. Removing the cache only removes the user from the runtime cache. It does not remove the user from the registry, nor does it lock out the user.
The following Java Command Language (JACL) revokes a user when given the realm and the user ID, and cycles through all the security administration MBean instances that are returned when run from the wsadmin command. The command also purges the user from the cache during each process.
proc revokeUser {realm userid} { global AdminControl AdminConfig if {[catch {$AdminControl queryNames WebSphere:type=SecurityAdmin,*} result]} { puts stdout "\$AdminControl queryNames WebSphere:type=SecurityAdmin,* caught an exception $result\n" return } else { if {$result != {}} { foreach secBean $result { if {$secBean != {} || $secBean != "null"} { if {[catch {$AdminControl invoke $secBean purgeUserFromAuthCache "$realm $userid"} result]} { puts stdout "\$AdminControl invoke $secBean purgeUserFromAuthCache $realm $userid caught an exception $result\n" return } else { puts stdout "\nUser $userid has been purged from the cache of process $secBean\n" } } else { puts stdout "unable to get securityAdmin Mbean, user $userid not revoked" } } } else { puts stdout "Security Mbean was not found\n" return } } return true }
In this information ... | IBM Redbooks, demos, education, and more(Index) |