Use this topic to assign management resources to security
domains. Set management resources to your security domains to customize
your security configuration for a cell, server, or cluster.
Before you begin
Users assigned to the administrator role can configure
security domains. Verify that you have the appropriate administrative
role before configuring security domains. Also, create a security
domain, or copy an existing security domain before assigning resources
to a security domain.
About this task
After creating a security domain, you can map management
resources to the security domain. You can assign resources to a security
domain at the server, cell, and cluster level. Use the following steps
to assign a resource to a security domain:
Procedure
- Launch the wsadmin scripting tool using the Jython scripting
language. See the Starting the wsadmin scripting client article for
more information.
- Determine which security domain to map a resource.
Use the listSecurityDomains command to view a list of security
domains in your configuration. Specify
true for the optional
-listDescription parameter to list the description for each security
domain, as the following Jython example demonstrates:
print AdminTask.listSecurityDomains('-listDescription true')
The
command returns the following example attribute list output:
{{name myDomain}
{description {security domain for administrative applications}}}
{{name domain2}
{description {new domain for cell123}}}
- Assign a resource to a security domain.
Use
the mapResourceToSecurityDomain command to assign a management resource
to the security domain. For example, use the following Jython command
to secure all applications on the
server1 cell with the security
attributes in the
domain2 security domain:
AdminTask.mapResourceToSecurityDomain('-securityDomainName domain2 -resourceName Cell=myCell:Node=myNode:Server=server1')
- Save your configuration changes.
Use the following command example to save your configuration
changes:
AdminConfig.save()
Results
Your security domain is updated in your configuration.
All applications in the specified resource use the security attributes
specified by the security domain. If the security domain does not
contain all security attributes, then the missing attributes are obtained
from the global security configuration.
What to do next
Restart each resource that you assigned to a security
domain.