WebSphere:*,type=SecurityAdmin
MBean SecurityAdmin
Management interface for Security functions.
Operation Summary | |
---|---|
void | resetLdapBindInfo( authenticates the user |
void | updateAuthDataCfg( Updates the auth data entries in runtime |
void | purgeUserFromAuthCache( Remove a user from the auth cache |
void | purgeUserFromAuthCache( Remove a user from the auth cache for a specific domain |
void | clearAuthCache() Remove all users from the auth cache |
void | clearAuthCache( Remove all users from the auth cache for a specific domain |
void | isUserInAuthCache( Validates the existence of user in the auth cache |
void | isAuthCacheEmpty( Returns if an auth cache is empty |
java.util.Map | generateKeysForKeySetGroup( Generates the LTPA keys for the LTPA KeySetGroup |
void | updateRuntimeKeys( Updates the LTPA runtime for the keys in the specified Map. |
java.util.Map | importSSOPropertiesToKeySetGroup( Imports the LTPAKeys into the configuration from a file. |
void | generateKeys( Generates the LTPA keys |
java.util.Properties | genKeys( Generates the LTPA keys without updating the Runtime |
void | exportKeys( Export the LTPAKeys from runtime to a file |
void | importKeys( Imports the LTPAKeys into the runtime from a file |
void | importLTPAKeys( Imports the LTPAKeys into the runtime |
void | checkImportLTPAKeys( Checks of the keys can be decrypted with the password |
java.util.Properties | exportLTPAKeys() Exports the LTPA keys from the runtime |
java.util.Properties | exportLTPAKeys( Exports the LTPA keys from the runtime |
Result | getUsers( getUsers from the UserRegistry |
Result | getGroups( getGroups from the UserRegistry |
java.lang.Boolean | checkPassword( authenticates the user |
java.lang.Integer | checkTokenLibFile( Validates SSL cryptographic config |
java.lang.Integer | checkKeyFile( Validates SSL key file config |
java.lang.Integer | checkTrustFile( Validates SSL trust file config |
java.lang.String | getRealm( gets the Realm |
java.lang.Boolean | checkRunAsUser( Checks if the user can be added to the runAsRole |
java.lang.String | getAccessIds( Gets the accessIds for users and groups from the active registry |
void | updateJAASCfg( Dynamic refreshing the WCCM JAAS configuration |
java.lang.String | getJAASCfg() Get the WCCM JAAS configuration |
TokenHolder | getOpaqueToken( Get the opaque authorization token. |
void | propagatePolicyToJACCProvider( Propagate the security policy to the JACC prvider. |
TokenHolder | getInitialContextToken( Get the initial context token for Kerberos. |
java.util.List | getSecureSocketLayerCipherList( Return SSL cipher list |
TokenHolder[] | getSingleSignonTokens() Get the single signon tokens for the current authenticated caller. |
java.util.List | warnForLocalOS( Check whether or not to issue a warning message during addNode. |
byte[] | getKerberosPolicy() Return the Kerberos Policy byte[] for this server containing SPN and REALM. |
Operation Detail |
---|
public void resetLdapBindInfo(
java.lang.String userId,
java.lang.String password
)
authenticates the user
userId
-
The userId to authenticate password
-
The password of the user
administrator
operator
public void updateAuthDataCfg(
java.util.HashMap newCfg
)
Updates the auth data entries in runtime
newCfg
-
The auth data config.
administrator
operator
public void purgeUserFromAuthCache(
java.lang.String realm,
java.lang.String userid
)
Remove a user from the auth cache
realm
-
The security realm. userid
-
The userid.
administrator
operator
public void purgeUserFromAuthCache(
java.lang.String realm,
java.lang.String userid,
java.lang.String domainId
)
Remove a user from the auth cache for a specific domain
realm
-
The security realm. userid
-
The userid. domainId
-
The security domain id.
administrator
operator
public void clearAuthCache()
Remove all users from the auth cache
administrator
operator
public void clearAuthCache(
java.lang.String domainId
)
Remove all users from the auth cache for a specific domain
domainId
-
The security domain id.
administrator
operator
public void isUserInAuthCache(
java.lang.String realm,
java.lang.String user,
java.lang.String secDomain
)
Validates the existence of user in the auth cache
realm
-
The security realm. user
-
The userid. secDomain
-
The security domain name.
administrator
operator
public void isAuthCacheEmpty(
java.lang.String secDomain
)
Returns if an auth cache is empty
secDomain
-
The security domain name.
administrator
operator
public java.util.Map generateKeysForKeySetGroup(
Session session,
java.lang.Boolean updateRuntime
)
Generates the LTPA keys for the LTPA KeySetGroup
session
-
The session for making configuration changes. updateRuntime
-
Determines whether to update all processes with the new Keys.
administrator
operator
The resource being modified for the MBean is of type Cell
The instance is identified by the value of key cell in the MBean's Object Name
>
public void updateRuntimeKeys(
java.util.Map keyMap
)
Updates the LTPA runtime for the keys in the specified Map.
keyMap
-
The keys used to update the LTPA runtime.
administrator
operator
The resource being modified for the MBean is of type Cell
The instance is identified by the value of key cell in the MBean's Object Name
>
public java.util.Map importSSOPropertiesToKeySetGroup(
java.util.Properties ssoProps,
byte[] passwd,
Session session,
java.lang.Boolean updateRuntime
)
Imports the LTPAKeys into the configuration from a file.
ssoProps
-
A properties object containing the LTPA keys to import passwd
-
password in java byte array format to encrypt and decrypt the LTPA keys session
-
The management session for saving configuration information. updateRuntime
-
Determines whether to update all processes with the new Keys.
administrator
operator
The resource being modified for the MBean is of type Cell
The instance is identified by the value of key cell in the MBean's Object Name
>
public void generateKeys(
java.lang.String password
)
Generates the LTPA keys
password
-
The password to encrypt and decrypt the Keys
administrator
operator
The resource being modified for the MBean is of type Cell
The instance is identified by the value of key cell in the MBean's Object Name
>
public java.util.Properties genKeys(
java.lang.String password
)
Generates the LTPA keys without updating the Runtime
password
-
The password to encrypt and decrypt the Keys
administrator
operator
The resource being modified for the MBean is of type Cell
The instance is identified by the value of key cell in the MBean's Object Name
>
public void exportKeys(
java.lang.String fileName,
java.util.Properties props
)
Export the LTPAKeys from runtime to a file
fileName
-
A File URI to which LTPA keys to be exported props
-
optional LTPA server properties
administrator
operator
The resource being modified for the MBean is of type Cell
The instance is identified by the value of key cell in the MBean's Object Name
>
public void importKeys(
java.lang.String fileName,
byte[] passwd
)
Imports the LTPAKeys into the runtime from a file
fileName
-
A File URI containing the LTPA keys to import passwd
-
password in java byte array format to encrypt and decrypt the LTPA keys
administrator
operator
The resource being modified for the MBean is of type Cell
The instance is identified by the value of key cell in the MBean's Object Name
>
public void importLTPAKeys(
java.util.Properties ssoProps,
byte[] passwd
)
Imports the LTPAKeys into the runtime
ssoProps
-
A properties object containing the LTPA keys to import passwd
-
password in java byte array format to encrypt and decrypt the LTPA keys
administrator
operator
The resource being modified for the MBean is of type Cell
The instance is identified by the value of key cell in the MBean's Object Name
>
public void checkImportLTPAKeys(
java.util.Properties ssoProps,
byte[] passwd
)
Checks of the keys can be decrypted with the password
ssoProps
-
A properties object containing the LTPA keys to import passwd
-
password in java byte array format to encrypt and decrypt the LTPA keys
administrator
operator
The resource being modified for the MBean is of type Cell
The instance is identified by the value of key cell in the MBean's Object Name
>
public java.util.Properties exportLTPAKeys()
Exports the LTPA keys from the runtime
administrator
operator
The resource being modified for the MBean is of type Cell
The instance is identified by the value of key cell in the MBean's Object Name
>
public java.util.Properties exportLTPAKeys(
byte[] password
)
Exports the LTPA keys from the runtime
password
-
password in java byte array format to encrypt and decrypt the LTPA keys
administrator
operator
The resource being modified for the MBean is of type Cell
The instance is identified by the value of key cell in the MBean's Object Name
>
public Result getUsers(
java.lang.String pattern,
java.lang.Integer limit,
java.util.Properties props
)
getUsers from the UserRegistry
pattern
-
The pattern to search for users in the UserRegistry limit
-
The maximum number of users that can be returned props
-
The properties object
administrator
operator
public Result getGroups(
java.lang.String pattern,
java.lang.Integer limit,
java.util.Properties props
)
getGroups from the UserRegistry
pattern
-
The pattern to search for groups in the UserRegistry limit
-
The maximum number of groups that can be returned props
-
The properties object
administrator
operator
public java.lang.Boolean checkPassword(
java.lang.String userId,
java.lang.String password,
java.util.Properties props
)
authenticates the user
userId
-
The userId to authenticate password
-
The password of the user props
-
The properties object
administrator
operator
public java.lang.Integer checkTokenLibFile(
java.lang.String tokenType,
java.lang.String tokenLib,
java.lang.String tokenSlot,
java.lang.String tokenPasswordEncoded,
java.lang.String serverAlias,
java.lang.String clientAlias
)
Validates SSL cryptographic config
tokenType
-
Token type, i.e., PKCS#11 tokenLib
-
The token library file name tokenSlot
-
The tokenslot number tokenPasswordEncoded
-
The token password in the encoded form serverAlias
-
The value from com.ibm.ssl.keyStoreServerAlias clientAlias
-
The value from com.ibm.ssl.keyStoreClientAlias
administrator
operator
The MBean's methods run as System after initial authorization check is performed
public java.lang.Integer checkKeyFile(
java.lang.String fileType,
java.lang.String fileName,
java.lang.String filePasswordEncoded,
java.lang.String serverAlias,
java.lang.String clientAlias
)
Validates SSL key file config
fileType
-
The file type, i.e., JKS fileName
-
The absolute path of the key file filePasswordEncoded
-
The key file password in the encoded form serverAlias
-
The value from com.ibm.ssl.keyStoreServerAlias clientAlias
-
The value from com.ibm.ssl.keyStoreClientAlias
administrator
operator
The MBean's methods run as System after initial authorization check is performed
public java.lang.Integer checkTrustFile(
java.lang.String fileType,
java.lang.String fileName,
java.lang.String filePasswordEncoded
)
Validates SSL trust file config
fileType
-
The file type, i.e., JKS fileName
-
The absolute path of the trust file filePasswordEncoded
-
The trust file password in the encoded form
administrator
operator
The MBean's methods run as System after initial authorization check is performed
public java.lang.String getRealm(
java.util.Properties props
)
gets the Realm
props
-
The properties object
administrator
operator
public java.lang.Boolean checkRunAsUser(
java.util.List usrList,
java.util.List grpList,
java.lang.String userName,
java.util.Properties props
)
Checks if the user can be added to the runAsRole
usrList
-
The list of userNames grpList
-
The list of groupNames userName
-
The user name entered for runAsRole props
-
The properties object
administrator
operator
public java.lang.String getAccessIds(
boolean isUser,
java.lang.String name,
java.util.Properties props
)
Gets the accessIds for users and groups from the active registry
isUser
-
true if it a user, false if it is a group name
-
The name of the user or group props
-
The properties object
administrator
operator
public void updateJAASCfg(
java.lang.String newCfg
)
Dynamic refreshing the WCCM JAAS configuration
newCfg
-
New WCCM JAAS configuration
administrator
operator
public java.lang.String getJAASCfg()
Get the WCCM JAAS configuration
administrator
operator
The MBean's methods run as System after initial authorization check is performed
public TokenHolder getOpaqueToken(
ByteArray ssoToken
)
Get the opaque authorization token.
ssoToken
-
The opaque token lookup key
administrator
operator
public void propagatePolicyToJACCProvider(
java.lang.String appList
)
Propagate the security policy to the JACC prvider.
appList
-
A string of colon(:) separated application names whose security policy information needs to be propagated to the JACC provider. If null is passed the security policy of all the applications in the process will be propagated.
administrator
operator
public TokenHolder getInitialContextToken(
ByteArray ssoToken,
java.lang.String targetServer
)
Get the initial context token for Kerberos.
ssoToken
-
The opaque token lookup key targetServer
-
The target server to perform initSecContext against.
administrator
operator
public java.util.List getSecureSocketLayerCipherList(
java.lang.Boolean fipsEnabledFlag
)
Return SSL cipher list
fipsEnabledFlag
-
True if FIPS is enabled, false otherwise.
administrator
operator
public TokenHolder[] getSingleSignonTokens()
Get the single signon tokens for the current authenticated caller.
administrator
operator
public java.util.List warnForLocalOS(
java.lang.Boolean nodeIsZOS,
java.lang.String nodeHostName
)
Check whether or not to issue a warning message during addNode.
nodeIsZOS
-
True if the node is on a zOS platform. nodeHostName
-
The host name of the node being federated.
administrator
operator
public byte[] getKerberosPolicy()
Return the Kerberos Policy byte[] for this server containing SPN and REALM.
administrator
operator