You can use the Jython scripting language to manage security realm
configurations with the wsadmin tool. Use the commands and parameters in the
SecurityRealmInfoCommands group to query and manage trusted realms.
Avoid trouble: If you use LocalOS as the
active user registry, verify that the users and groups used by the commands
in the SecurityRealmInfoCommands command group have a valid OMVS segment.
gotcha
Use
the following commands to manage trusted realms in your security configuration:
addTrustedRealms
The
addTrustedRealms command adds a realm or list of realms to the list of trusted
realms for global security or in a security domain.
Target
object
None.
Required parameters
- -communicationType
- Specifies whether to trusted realms to inbound or outbound communication.
Specify inbound to configure inbound communication. Specify outbound to
configure outbound communication. (String)
Optional parameters
- -securityDomainName
- Specifies the name of the security domain of interest. If you do not specify
a value for this parameter, the command uses the global security configuration.
(String)
- -realmList
- Specifies a realm or list of realms to configure as trusted realms. (String)
Separate
each realm in the list with the pipe character (|) as the following
example demonstrates: realm1|realm2|realm3
Return value
The command
does not return output.
Batch mode example
usage
- Using Jython string:
AdminTask.addTrustedRealms('-communicationType inbound -securityDomainName testDomain')
- Using Jython list:
AdminTask.addTrustedRealms(['-communicationType', 'inbound', '-securityDomainName', 'testDomain'])
Interactive mode example usage
- Using Jython:
AdminTask.addTrustedRealms('-interactive')
configureTrustedRealms
The
configureTrustedRealms command configures trusted realms. Use this command
to replace the list of trusted realms and to clear each realm from the list.
To add realms to the trusted realm list, use the addInboundTrustedRealm command.
Target object
None.
Required
parameters
- -communicationType
- Specifies whether to configure the security domains, realms, or global
security configuration for inbound or outbound communication. Specify inbound to
configure inbound communication. Specify outbound to configure outbound
communication. (String)
Optional parameters
- -securityDomainName
- Specifies the name of the security domain of interest. If you do not specify
a value for this parameter, the command uses the global security configuration.
(String)
- -realmList
- Specifies a list of realms to configure as trusted realms. (String)
Separate
each realm in the list with the pipe character (|) as the following
example demonstrates: realm1|realm2|realm3
- -trustAllRealms
- Specifies whether to trust all realms. Specify true to trust
all realms. If you specify true for this parameter, the command does
not use the -realmList parameter. (Boolean)
Return value
The command
does not return output.
Batch mode example
usage
- Using Jython string:
AdminTask.configureTrustedRealms('-communicationType inbound -realmList realm1|realm2|realm3')
- Using Jython list:
AdminTask.configureTrustedRealms(['-communicationType', 'inbound', '-realmList', 'realm1|realm2|realm3'])
Interactive mode example usage
- Using Jython string:
AdminTask.configureTrustedRealms('-interactive')
- Using Jython list:
listRegistryGroups
The
listRegistryGroups command displays the groups in the user registry that belong
to the security realm, security domain, or resource name of interest.
Target object
None.
Optional
parameters
- -securityRealmName
- Specifies name of the security realm of interest. The securityDomainName,
resourceName, and securityRealmName parameters are mutually exclusive. Do
not specify more than one of these parameters. (String)
- -resourceName
- Specifies the name of the resource of interest. The securityDomainName,
resourceName, and securityRealmName parameters are mutually exclusive. Do
not specify more than one of these parameters. (String)
- -securityDomainName
- Specifies the name of the security domain of interest. The securityDomainName,
resourceName, and securityRealmName parameters are mutually exclusive. Do
not specify more than one of these parameters.(String)
- -displayAccessIds
- Specifies whether to display the access IDs for each group. Specify true to
display the access ID and group name for each group that the command returns.
(Boolean)
- -groupFilter
- Specifies a filter that the command uses to query for groups. For example,
specify test* to return groups that begin with the test string.
By default, the command returns all groups. (String)
- -numberOfGroups
- Specifies the number of groups to return. The default number of groups
that the command displays is 20. (Integer)
Return value
The command
returns an array of group names. If you specified the -displayAccessId parameter,
the command returns an array of attribute lists which contain the group name
and group access ID.
Batch mode example usage
- Using Jython string:
AdminTask.listRegistryGroups('-securityDomainName myTestDomain -groupFilter test* -numberOfGroups 10')
- Using Jython list:
AdminTask.listRegistryGroups(['-securityDomainName', 'myTestDomain', '-groupFilter', 'test*', '-numberOfGroups', '10'])
Interactive mode example usage
- Using Jython:
AdminTask.listRegistryGroups('-interactive')
Avoid trouble: If you list the
groups in the user registry that belong to the security realm, security domain,
or resource name of interest, you must ensure that you add an OMVS segment
(where the user and group information is stored) to any group that you want
to use with WebSphere® Application
Server.
gotcha
listRegistryUsers
The
listRegistryUsers command displays the users in the user registry for a specific
security realm, resource name, or domain name.
Target
object
None.
Optional parameters
- -securityDomainName
- Specifies the name of the security domain of interest. The securityDomainName,
resourceName, and securityRealmName parameters are mutually exclusive. Do
not specify more than one of these parameters. If you do not specify the securityDomainName,
resourceName, or securityRealmName parameter, the system uses the active user
registry from the global security configuration. (String)
- -resourceName
- Specifies the name of the resource of interest. The securityDomainName,
resourceName, and securityRealmName parameters are mutually exclusive. Do
not specify more than one of these parameters. If you do not specify the securityDomainName,
resourceName, or securityRealmName parameter, the system uses the active user
registry from the global security configuration. (String)
- -securityRealmName
- Specifies the name of the security realm of interest. The securityDomainName,
resourceName, and securityRealmName parameters are mutually exclusive. Do
not specify more than one of these parameters. If you do not specify the securityDomainName,
resourceName, or securityRealmName parameter, the system uses the active user
registry from the global security configuration. (String)
- -displayAccessIds
- Specifies whether to display the access IDs for each group. Specify true to
display the access ID and group name for each group that the command returns.
(Boolean)
- -userFilter
- Specifies the filter that the command uses to query for users. For example,
specify test* to display each user name that starts with the test string.
By default, the command returns all users. (String)
- -numberOfUsers
- Specifies the number of users to return. The default number of groups
that the command displays is 20. (Integer)
Return value
The command
returns an array of user names. If you specify the -displayAccessId parameter,
the command returns an array of attribute lists that contain the user ID and
user access IDs.
Batch mode example usage
- Using Jython string:
AdminTask.listRegistryUsers('-securityRealmName defaultWIMFileBasedRealm -displayAccessIds true')
- Using Jython list:
AdminTask.listRegistryUsers(['-securityRealmName', 'defaultWIMFileBasedRealm', '-displayAccessIds', 'true'])
Interactive mode example usage
- Using Jython:
AdminTask.listRegistryUsers('-interactive')
Avoid trouble: If you list the
users in the user registry for a specific security realm, resource name, or
domain name, you must ensure that you add an OMVS segment (where the user
and group information is stored) to any user that you want to use with WebSphere Application
Server.
gotcha
listSecurityRealms
The
listSecurityRealms command displays each security realm from global security
configuration and the security domains.
Target
object
None.
Return value
The command
returns an array of realm names.
Batch mode
example usage
- Using Jython string:
AdminTask.listSecurityRealms()
- Using Jython list:
AdminTask.listSecurityRealms()
Interactive mode example usage
- Using Jython:
AdminTask.listSecurityRealms('-interactive')
listTrustedRealms
The
listTrustedRealms command displays a list of trusted realms for a security
domain, resource, or realm. If you do not specify a security domain, resource
name, or realm name, then the command returns a list of trusted realms from
the global security configuration. The securityRealmName, resourceName, and
securityDomainName parameters are mutually exclusive.
Target
object
None.
Required parameters
- -communicationType
- Specifies whether to list the trusted realms for inbound or outbound communication.
Specify inbound to configure inbound communication. Specify outbound to
configure outbound communication. (String)
Optional parameters
- -securityRealmName
- Specifies name of the security realm of interest. If you use this parameter,
do not use the resourceName or securityDomainName parameters. (String)
- -resourceName
- Specifies the name of the resource of interest. If you use this parameter,
do not use the securityRealmName or securityDomainName parameters. (String)
- -securityDomainName
- Specifies the name of the security domain of interest. If you use this
parameter, do not use the resourceName or securityRealmName parameters. (String)
- -expandRealmList
- Specifies whether to return each realm name when the trustAllRealms property
is enabled. Specify true to return each realm name. Specify false to
return the trustAllRealms property. (Boolean)
- -includeCurrentRealm
- Specifies whether to include the current realm in the list of trusted
realms. Specify true to include the current realm, or specify false to
exclude the current realm from the list of trusted realms. (Boolean)
Return value
The command
returns an array of trusted realm names. If the realm, resource, or security
domain of interest is configured to trust all realms, the command returns
the trustAllRealms string.
Batch mode
example usage
- Using Jython string:
AdminTask.listTrustedRealms('-communicationType inbound -resourceName myApplication')
- Using Jython list:
AdminTask.listTrustedRealms(['-communicationType', 'inbound', '-resourceName', 'myApplication'])
Interactive mode example usage
- Using Jython:
AdminTask.listTrustedRealms('-interactive')
removeTrustedRealms
The
removeTrustedRealms command removes realms from a trusted realm list in a
security domain or in the global security configuration.
Target
object
None.
Required parameters
- -communicationType
- Specifies whether to remove trusted realms from inbound or outbound communication.
Specify inbound to configure inbound communication. Specify outbound to
configure outbound communication. (String)
- -realmList
- Specifies a list of realms to remove from trusted realms. (String)
Separate
each realm in the list with the pipe character (|) as the following
example demonstrates: realm1|realm2|realm3
Optional parameters
- -securityDomainName
- Specifies the name of the security domain of interest. If you do not specify
a security domain, the command uses the global security configuration. (String)
Return value
The command
does not return output.
Batch mode example
usage
- Using Jython string:
AdminTask.removeTrustedRealms('-communicationType inbound -realmList realm1|realm2|realm3')
- Using Jython list:
AdminTask.removeTrustedRealms(['-communicationType inbound -realmList realm1|realm2|realm3'])
Interactive mode example usage
- Using Jython:
AdminTask.removeTrustedRealms('-interactive')
unconfigureTrustedRealms
The
unconfigureTrustedRealms command removes the trusted realm object from the
configuration.
Target object
None.
Required parameters
- -communicationType
- Specifies whether to unconfigure the trusted realms for inbound or outbound
communication. Specify inbound to remove inbound communication configurations.
Specify outbound to remove outbound communication configurations.
(String)
Optional parameters
- -securityDomainName
- Specifies the name of the security domain of interest. If you do not specify
a security domain, the command uses the global security configuration. (String)
Return value
The command
does not return output.
Batch mode example
usage
- Using Jython string:
AdminTask.unconfigureTrustedRealms('-communicationType inbound -securityDomainName testDomain')
- Using Jython list:
AdminTask.unconfigureTrustedRealms(['-communicationType', 'inbound', '-securityDomainName', 'testDomain'])
Interactive mode example usage
- Using Jython string:
AdminTask.unconfigureTrustedRealms('-interactive')