wsadmin Web authentication behavior
-
12-06-2021 - |
Вопрос
I've been scouring the IBM docs to try to find this but I keep coming up empty. Does anyone know the related script/command using wsadmin to configure the 'Web authentication behavior' for a WAS 7.0 setup?
The setting I'm looking at can be reached from the console from Security > Global Security > Web and SIP security > General Settings > Authenticate only when the URI is protected > Use available authentication data when an unprotected URI is accessed
Update:
Based on comments I toggled the setting and found the config that changed in {profile}/security.xml.
This is what it looked like with the "Use available authentication data when an unprotected URI is accessed" check-box unchecked:
<webAuthAttrs xmi:id="DescriptiveProperty_8" name="com.ibm.wsspi.security.web.webAuthReq" value="lazy" type="String" displayNameKey="" nlsRangeKey="" hoverHelpKey="" range="lazy,persisting,always" inclusive="false" firstClass="false"/>
and here is what it looked like once I checked it (which is what I'm trying to do with wsadmin):
<webAuthAttrs xmi:id="DescriptiveProperty_8" name="com.ibm.wsspi.security.web.webAuthReq" value="persisting" type="String" displayNameKey="" nlsRangeKey="" hoverHelpKey="" range="lazy,persisting,always" inclusive="false" firstClass="false"/>
So the question now is, how do I update this specific property using wsadmin?
Решение
Try this:
set sec [$AdminConfig getid /Security:/]
foreach descProp [$AdminConfig list DescriptiveProperty $sec] {
set name [$AdminConfig showAttribute $descProp name]
if {$name == "com.ibm.wsspi.security.web.webAuthReq"} {
puts "Updating $descProp"
$AdminConfig modify $descProp {{value persisting}}
}
}
Execute with bin/wsadmin -f webAuthReq.jacl
Другие советы
Equivalent to bkail's suggestion using Jython instead of JACL:
import java
import string
sec = AdminConfig.getid('/Security:/')
descProps = AdminConfig.list('DescriptiveProperty', sec)
lineSeparator = java.lang.System.getProperty('line.separator')
descriptiveProperties = descProps.split(lineSeparator)
for descProp in descriptiveProperties:
id = descProp[string.find(descProp, "("):string.find(descProp, ")")+1]
name = AdminConfig.showAttribute(id, 'name')
if name == "com.ibm.wsspi.security.web.webAuthReq":
print "Updating security config object with id: %s, property name: %s. Setting value to 'persisting'" % (id, name)
AdminConfig.modify(id, '[[value persisting]]')