Scripting Websphere 6.1 configurations, Part 6

Security

You want complexity? You can’t handle complexity! Seriously, you can’t or won’t want to, rather, after figuring out how to script your security settings in Websphere. The security settings in Websphere 6.1 became a lot more flexible (see: Dynamic Outbound SSL Bindings, yeah) but in turn became a lot more complicated and now of course you can’t just fill out the form like you could with Websphere 5.x (in RAD). So, let’s get started with some examples. Take and use as you see fit. The following script methods were written completely by Sony Mathew, who wishes there were examples like these when he started.

Note: Starting with the last post, I am removing all the logging statements for clarity.

###################################################################
#Security configuration using Custom FileRegistry.
###################################################################
class WASSecurityConfig:
PROP_KEY_USERS_FILE = “usersFile”;
PROP_KEY_GROUPS_FILE = “groupsFile”;

def __init__(self, wasDef):
self.wasDef = wasDef;

###########################################################
#Enables file based security given the users & groups file paths.
#Must contain “sys”, “password” as a user – which will become the system user id.
###########################################################
def enableGlobalSecurity(self, usersFilePath, groupsFilePath):

customUserRegistry = self.getCustomUserRegistryId();
if customUserRegistry == None:
raise AssertionError, “Unexpected: CustomUserRegistry configuration exists”;

if self.getUsersFilePropertyId() != None:
raise AssertionError, “Property [” + WASSecurityConfig.PROP_KEY_USERS_FILE + “] already exists”;

# Note: See previous posts for WASConfigParams object
params = WASConfigParams();
params.add(“description”, WASSecurityConfig.PROP_KEY_USERS_FILE);
params.add(“name”, WASSecurityConfig.PROP_KEY_USERS_FILE);
params.add(“value”, usersFilePath);
usersProp = AdminConfig.create(“Property”, customUserRegistry, params.asList());

if self.getGroupsFilePropertyId() != None:
raise AssertionError, “Property [” + WASSecurityConfig.PROP_KEY_GROUPS_FILE + “] already exists”;
params = WASConfigParams();
params.add(“description”, WASSecurityConfig.PROP_KEY_GROUPS_FILE);
params.add(“name”, WASSecurityConfig.PROP_KEY_GROUPS_FILE);
params.add(“value”, groupsFilePath);
groupsProp = AdminConfig.create(“Property”, customUserRegistry, params.asList());

params = WASConfigParams();
params.add(“primaryAdminId”, “sys”);
params.add(“realm”, “CustomRealm”);
params.add(“serverId”, “system”);
params.add(“serverPassword”, “password”);
params.add(“ignoreCase”, “false”);
params.add(“useRegistryServerId”, “true”);
AdminConfig.modify(customUserRegistry, params.asList());

security = self.getSecurityId();

params = WASConfigParams();
params.add(“enabled”, “true”);
params.add(“appEnabled”, “true”);
params.add(“enforceJava2Security”, “false”);
params.add(“activeUserRegistry”, customUserRegistry);
AdminConfig.modify(security, params.asList());

def getSecurityId(self):
return self.wasDef.findConfigId(“Security”, [], “Cell”);