JaspiManagement command group for the AdminTask object
Use the commands and parameters in the JaspiManagement command group to manage the configuration of authentication providers.
JASPI is a new specification introduced in Java Platform, Enterprise Edition 6 (Java EE 6). It enables third-party security providers to perform authentication of messages for specific messaging runtime environments. JASPI extends the Java Authentication and Authorization Service (JAAS) architecture with standardized programming interfaces to make network messages available for processing by authentication providers.
If you want to use JASPI message authentication services, you must supply an implementation of the required interfaces as defined in the JASPI specification. Read about Developing a custom authentication provider for more information on these interfaces.
When JASPI authentication providers are configured, and WebSphere Application Server receives a request message, the security runtime environment determines if the target application is configured to use JASPI authentication. If so, the runtime environment invokes the selected authentication provider to validate the received message. Otherwise, authentication of the message request is done according to the authentication mechanism provided by WebSphere Application Server for the appropriate messaging layer.
The JaspiManagement command group includes the following commands:
configureJaspi
The configureJaspi command is used to specify whether the Java Authentication SPI processing is to be enabled or disabled, and to set the default JASPI provider for a given security domain or the global security configuration.
Target object
None.
Required parameters
None.
Optional parameters
- -enabled
- Specify true to enable the JASPI configuration and false to disable the configuration.
- -defaultProviderName
- Specifies the name of an already configured JASPI provider that is to be used as the default JASPI provider for the security domain or global security configuration.
- -securityDomainName
- Specifies the name of the security domain. The command uses the global security configuration if you do not specify a value for the -securityDomainName parameter.
Return value
The command returns the object name of the JASPI configuration ID that the system creates, and is an instance of javax.management.ObjectName. The value displayed in the console is the JASPI configuration ID.
Batch mode example usage
AdminTask.configureJaspi('[-enabled true -defaultProviderName testProvider]')
$AdminTask configureJaspi {-enabled true -defaultProviderName testProvider}
Interactive mode example usage
AdminTask.configureJaspi('-interactive')
$AdminTask configureJaspi -interactive
defineJaspiProvider
The defineJaspiProvider command configures a new authentication provider for the given security domain or the global security configuration.
Target object
None.
Required parameters
- -providerName
- Specifies a name that uniquely identifies the authentication provider.
- -className
- Specifies the package-qualified name of the class that implements the authentication provider interface (javax.security.auth.message.config.AuthConfigProvider).
Optional parameters
- -description
- Specifies a textual description of the authentication provider.
- -properties
- Specifies additional custom configuration properties needed to initialize the authentication provider. This parameter is a list of key/value pairs.
- -securityDomainName
- Specifies the name of the security domain. The command uses the global security configuration if you do not specify a value for the -securityDomainName parameter.
Return value
The
command returns a map of the authentication provider configuration
attributes and their values, and is an instance of java.util.Map<java.lang.String,
java.lang.Object>
that contains the authentication provider
configuration attributes. The value displayed in the console is the
return value of the Map's toString() method.
Batch mode example usage
AdminTask.defineJaspiProvider('-providerName jaspi_provider
-className com.ibm.sample.JaspiProvider -description "Sample authentication provider"
-properties [ [debug true] [user admin] ] ')
$AdminTask defineJaspiProvider { -providerName jaspi_provider
-className com.ibm.JASPIProvider -description "Sample authentication provider"
-properties { {debug true} {user admin} } }
Interactive mode example usage
AdminTask.defineJaspiProvider('-interactive')
$AdminTask defineJaspiProvider -interactive
displayJaspiProvider
The displayJaspiProvider command displays the configuration data for one or more given authentication providers for the given security domain or the global security configuration.
Target object
None.
Required parameters
- -providerName
- Specifies the unique name(s) of the authentication provider(s) to be displayed.
Optional parameters
- -securityDomainName
- Specifies the name of the security domain. The command uses the global security configuration if you do not specify a value for the -securityDomainName parameter.
Return value
The
command displays the specified provider(s) along with their configuration
attributes and values. The data returned is displayed as an instance
of java.util.Collection<java.util.Map<java.lang.String,
java.lang.Object>>
. Each Map instance contains the configuration
attributes of an authentication provider. The value displayed in the
console is the return value of the Collection's toString() method.
Batch mode example usage
AdminTask.displayJaspiProvider('-providerName jaspi_provider')
$AdminTask displayJaspiProvider {'-providerName jaspi_provider'}
Interactive mode example usage
AdminTask.displayJaspiProvider('-interactive')
$AdminTask displayJaspiProvider -interactive
displayJaspiProviderNames
The displayJaspiProviderNames command displays the names of authentication providers in the security configuration. When the securityDomainName parameter is provided, only those providers in the given security domain are displayed. When the securityDomainName parameter is not provided, only the names of the providers in the global security configuration are displayed.
When the securityDomainName parameter is provided with the getEffectiveProviderNames parameter set to false, only the list of authentication providers for the given security domain are displayed. The getEffectiveProviderNames parameter only has an effect when used with the securityDomainName parameter; it is ignored if the securityDomainName provider is not provided.
Target object
None.
Required parameters
None.
Optional parameters
- -getEffectiveProviderNames
- Specify true to get the list of effective authentication provider names or false to get just the list of authentication providers for the security domain configuration. The default value for getEffectiveProviderName is false.
- -securityDomainName
- Specifies the name of the security domain. The command uses the global security configuration if you do not specify a value for the -securityDomainName parameter.
Return value
The
command returns a list of JASPI provider names. The data returned
is displayed as an instance of java.util.Collection<java.lang.String>
.
Batch mode example usage
AdminTask.displayJaspiProviderNames()
$AdminTask displayJaspiProviderNames
Interactive mode example usage
AdminTask.displayJaspiProviderNames('-interactive')
$AdminTask displayJaspiProviderNames -interactive
getJaspiInfo
The getJaspiInfo command displays information about the JASPI configuration for the given security domain or the global security configuration.
Target object
None.
Required parameters
None.
Optional parameters
- -securityDomainName
- Specifies the name of the security domain. The command uses the global security configuration if you do not specify a value for the -securityDomainName parameter.
Return value
The
command returns an indication of whether Java Authentication
SPI processing is enabled. If the command is issued for a specific
security domain and a value is customized for the domain, the command
returns a value to indicate whether JASPI processing is enabled. If
the command is issued for a specific domain and a value is not customized
for the domain, it returns an empty list to indicate that the configuration
is inherited from the global security configuration. The data returned
is displayed as an instance of java.util.Map<java.lang.String,
java.lang.Object>
that contains the JASPI configuration attributes.
The value displayed in the console is the return value of the Map's
toString() method.
wsadmin>$AdminTask getJaspiInfo
{defaultProviderName=null, enabled=false}
Batch mode example usage
AdminTask.getJaspiInfo()
$AdminTask getJaspiInfo
Interactive mode example usage
AdminTask.getJaspiInfo('-interactive')
$AdminTask getJaspiInfo -interactive
modifyJaspiProvider
The modifyJaspiProvider command modifies configuration data for a given authentication provider for the given security domain or the global security configuration.
Target object
None.
Required parameters
- -providerName
- Specifies a name that uniquely identifies the authentication provider.
Optional parameters
- -className
- Specifies the package-qualified name of the class that implements the authentication provider interface (javax.security.auth.message.config.AuthConfigProvider).
- -description
- Specifies a textual description of the authentication provider.
- -properties
- Specifies additional custom configuration properties needed to initialize the authentication provider. This parameter is a list of key/value pairs.
- -securityDomainName
- Specifies the name of the security domain. The command uses the global security configuration if you do not specify a value for the -securityDomainName parameter.
Return value
An
instance of java.util.Map<java.lang.String, java.lang.Object>
that
contains any modified configuration attributes in the given authentication
provider or any given associated authentication modules. The value
displayed in the console is the return value of the Map's toString()
method.
Batch mode example usage
AdminTask.modifyJaspiProvider('-providerName jaspi_provider
-properties [ [debug false] ] ')
$AdminTask modifyJaspiProvider { -providerName jaspi_provider
-properties { {debug false} } }
Interactive mode example usage
AdminTask.modifyJaspiProvider('-interactive')
$AdminTask modifyJaspiProvider -interactive
removeJaspiProvider
The removeJaspiProvider command removes one or more authentication providers from the security configuration for the given security domain or the global security configuration.
Target object
None.
Required parameters
- -providerName
- Specifies the unique name(s) of the authentication provider(s) to be removed.
Optional parameters
- -securityDomainName
- Specifies the name of the security domain. The command uses the global security configuration if you do not specify a value for the -securityDomainName parameter.
Return value
None.
Batch mode example usage
AdminTask.removeJaspiProvider('-providerName jaspi_provider')
AdminTask.removeJaspiProvider( '[-providerName [ Provider1;Provider2 ] ]' )
$AdminTask removeJaspiProvider {'-providerName jaspi_provider'}
$AdminTask removeJaspiProvider {-providerName {Provider1 Provider2 } }
Interactive mode example usage
AdminTask.removeJaspiProvider('-interactive')
$AdminTask removeJaspiProvider -interactive
unconfigureJaspi
The unconfigureJaspi command is used to remove the JASPI configuration and all of its associated providers from a security domain.
Target object
None.
Required parameters
- -securityDomainName
- Specifies the name of the security domain. The command uses the global security configuration if you do not specify a value for the -securityDomainName parameter.
Optional parameters
None.
Return value
None.
Batch mode example usage
AdminTask.unconfigureJaspi('-securityDomainName domain1')
$AdminTask unconfigureJaspi {-securityDomainName domain1}
Interactive mode example usage
AdminTask.unconfigureJaspi('-interactive')
$AdminTask unconfigureJaspi -interactive