SecurityAdmin MBean

Partial ObjectName:
WebSphere:*,type=SecurityAdmin


MBean SecurityAdmin

Management interface for Security functions.


Operation Summary
voidenableHTTPTimers()
           enables the HTTP timers to use their default value
voiddisableHTTPTimers()
           disables the HTTP timers
voidresetLdapBindInfo(java.lang.String userId, java.lang.String password)
           authenticates the user
voidupdateAuthDataCfg(java.util.HashMap newCfg)
           Updates the auth data entries in runtime
voidpurgeUserFromAuthCache(java.lang.String realm, java.lang.String userid)
           Remove a user from the auth cache
voidclearAuthCache()
           Remove all users from the auth cache
java.util.MapgenerateKeysForKeySetGroup(com.ibm.websphere.management.Session session, java.lang.Boolean updateRuntime)
           Generates the LTPA keys for the LTPA KeySetGroup
voidupdateRuntimeKeys(java.util.Map keyMap)
           Updates the LTPA runtime for the keys in the specified Map.
java.util.MapimportSSOPropertiesToKeySetGroup(java.util.Properties ssoProps, byte[] passwd, com.ibm.websphere.management.Session session, java.lang.Boolean updateRuntime)
           Imports the LTPAKeys into the configuration from a file.
voidgenerateKeys(java.lang.String password)
           Generates the LTPA keys
java.util.PropertiesgenKeys(java.lang.String password)
           Generates the LTPA keys without updating the Runtime
voidexportKeys(java.lang.String fileName, java.util.Properties props)
           Export the LTPAKeys from runtime to a file
voidimportKeys(java.lang.String fileName, byte[] passwd)
           Imports the LTPAKeys into the runtime from a file
voidimportLTPAKeys(java.util.Properties ssoProps, byte[] passwd)
           Imports the LTPAKeys into the runtime
voidcheckImportLTPAKeys(java.util.Properties ssoProps, byte[] passwd)
           Checks of the keys can be decrypted with the password
java.util.PropertiesexportLTPAKeys()
           Exports the LTPA keys from the runtime
java.util.PropertiesexportLTPAKeys(byte[] password)
           Exports the LTPA keys from the runtime
com.ibm.websphere.security.ResultgetUsers(java.lang.String pattern, java.lang.Integer limit, java.util.Properties props)
           getUsers from the UserRegistry
com.ibm.websphere.security.ResultgetGroups(java.lang.String pattern, java.lang.Integer limit, java.util.Properties props)
           getGroups from the UserRegistry
java.lang.BooleancheckPassword(java.lang.String userId, java.lang.String password, java.util.Properties props)
           authenticates the user
java.lang.IntegercheckTokenLibFile(java.lang.String tokenType, java.lang.String tokenLib, java.lang.String tokenSlot, java.lang.String tokenPasswordEncoded, java.lang.String serverAlias, java.lang.String clientAlias)
           Validates SSL cryptographic config
java.lang.IntegercheckKeyFile(java.lang.String fileType, java.lang.String fileName, java.lang.String filePasswordEncoded, java.lang.String serverAlias, java.lang.String clientAlias)
           Validates SSL key file config
java.lang.IntegercheckTrustFile(java.lang.String fileType, java.lang.String fileName, java.lang.String filePasswordEncoded)
           Validates SSL trust file config
java.lang.StringgetRealm(java.util.Properties props)
           gets the Realm
java.lang.BooleancheckRunAsUser(java.util.List usrList, java.util.List grpList, java.lang.String userName, java.util.Properties props)
           Checks if the user can be added to the runAsRole
java.lang.StringgetAccessIds(boolean isUser, java.lang.String name, java.util.Properties props)
           Gets the accessIds for users and groups from the active registry
voidupdateJAASCfg(java.lang.String newCfg)
           Dynamic refreshing the WCCM JAAS configuration
java.lang.StringgetJAASCfg()
           Get the WCCM JAAS configuration
com.ibm.wsspi.security.token.TokenHoldergetOpaqueToken(com.ibm.ws.security.util.ByteArray ssoToken)
           Get the opaque authorization token.
voidpropagatePolicyToJACCProvider(java.lang.String appList)
           Propagate the security policy to the JACC prvider.
com.ibm.wsspi.security.token.TokenHoldergetInitialContextToken(com.ibm.ws.security.util.ByteArray ssoToken, java.lang.String targetServer)
           Get the initial context token for Kerberos.
java.util.ListgetSecureSocketLayerCipherList(java.lang.Boolean fipsEnabledFlag)
           Return SSL cipher list
com.ibm.wsspi.security.token.TokenHolder[]getSingleSignonTokens()
           Get the single signon tokens for the current authenticated caller.
java.util.ListwarnForLocalOS(java.lang.Boolean nodeIsZOS, java.lang.String nodeHostName)
           Check whether or not to issue a warning message during addNode.
byte[]getKerberosPolicy()
           Return the Kerberos Policy byte[] for this server containing SPN and REALM.

Operation Detail

enableHTTPTimers

public void enableHTTPTimers()
enables the HTTP timers to use their default value
Security Roles:
administrator
operator

disableHTTPTimers

public void disableHTTPTimers()
disables the HTTP timers
Security Roles:
administrator
operator

resetLdapBindInfo

public void resetLdapBindInfo(java.lang.String userId, java.lang.String password)
authenticates the user
Parameters:
userId - The userId to authenticate
password - The password of the user
Security Roles:
administrator
operator

updateAuthDataCfg

public void updateAuthDataCfg(java.util.HashMap newCfg)
Updates the auth data entries in runtime
Parameters:
newCfg - The auth data config.
Security Roles:
administrator
operator

purgeUserFromAuthCache

public void purgeUserFromAuthCache(java.lang.String realm, java.lang.String userid)
Remove a user from the auth cache
Parameters:
realm - The security realm.
userid - The userid.
Security Roles:
administrator
operator

clearAuthCache

public void clearAuthCache()
Remove all users from the auth cache
Security Roles:
administrator
operator

generateKeysForKeySetGroup

public java.util.Map generateKeysForKeySetGroup(com.ibm.websphere.management.Session session, java.lang.Boolean updateRuntime)
Generates the LTPA keys for the LTPA KeySetGroup
Parameters:
session - The session for making configuration changes.
updateRuntime - Determines whether to update all processes with the new Keys.
Security Roles:
administrator
operator
ResourceInstanceIdentifier:
The resource being modified for the MBean is of type Cell
The instance is identified by the value of key cell in the MBean's Object Name

updateRuntimeKeys

public void updateRuntimeKeys(java.util.Map keyMap)
Updates the LTPA runtime for the keys in the specified Map.
Parameters:
keyMap - The keys used to update the LTPA runtime.
Security Roles:
administrator
operator
ResourceInstanceIdentifier:
The resource being modified for the MBean is of type Cell
The instance is identified by the value of key cell in the MBean's Object Name

importSSOPropertiesToKeySetGroup

public java.util.Map importSSOPropertiesToKeySetGroup(java.util.Properties ssoProps, byte[] passwd, com.ibm.websphere.management.Session session, java.lang.Boolean updateRuntime)
Imports the LTPAKeys into the configuration from a file.
Parameters:
ssoProps - A properties object containing the LTPA keys to import
passwd - password in java byte array format to encrypt and decrypt the LTPA keys
session - The management session for saving configuration information.
updateRuntime - Determines whether to update all processes with the new Keys.
Security Roles:
administrator
operator
ResourceInstanceIdentifier:
The resource being modified for the MBean is of type Cell
The instance is identified by the value of key cell in the MBean's Object Name

generateKeys

public void generateKeys(java.lang.String password)
Generates the LTPA keys
Parameters:
password - The password to encrypt and decrypt the Keys
Security Roles:
administrator
operator
ResourceInstanceIdentifier:
The resource being modified for the MBean is of type Cell
The instance is identified by the value of key cell in the MBean's Object Name

genKeys

public java.util.Properties genKeys(java.lang.String password)
Generates the LTPA keys without updating the Runtime
Parameters:
password - The password to encrypt and decrypt the Keys
Security Roles:
administrator
operator
ResourceInstanceIdentifier:
The resource being modified for the MBean is of type Cell
The instance is identified by the value of key cell in the MBean's Object Name

exportKeys

public void exportKeys(java.lang.String fileName, java.util.Properties props)
Export the LTPAKeys from runtime to a file
Parameters:
fileName - A File URI to which LTPA keys to be exported
props - optional LTPA server properties
Security Roles:
administrator
operator
ResourceInstanceIdentifier:
The resource being modified for the MBean is of type Cell
The instance is identified by the value of key cell in the MBean's Object Name

importKeys

public void importKeys(java.lang.String fileName, byte[] passwd)
Imports the LTPAKeys into the runtime from a file
Parameters:
fileName - A File URI containing the LTPA keys to import
passwd - password in java byte array format to encrypt and decrypt the LTPA keys
Security Roles:
administrator
operator
ResourceInstanceIdentifier:
The resource being modified for the MBean is of type Cell
The instance is identified by the value of key cell in the MBean's Object Name

importLTPAKeys

public void importLTPAKeys(java.util.Properties ssoProps, byte[] passwd)
Imports the LTPAKeys into the runtime
Parameters:
ssoProps - A properties object containing the LTPA keys to import
passwd - password in java byte array format to encrypt and decrypt the LTPA keys
Security Roles:
administrator
operator
ResourceInstanceIdentifier:
The resource being modified for the MBean is of type Cell
The instance is identified by the value of key cell in the MBean's Object Name

checkImportLTPAKeys

public void checkImportLTPAKeys(java.util.Properties ssoProps, byte[] passwd)
Checks of the keys can be decrypted with the password
Parameters:
ssoProps - A properties object containing the LTPA keys to import
passwd - password in java byte array format to encrypt and decrypt the LTPA keys
Security Roles:
administrator
operator
ResourceInstanceIdentifier:
The resource being modified for the MBean is of type Cell
The instance is identified by the value of key cell in the MBean's Object Name

exportLTPAKeys

public java.util.Properties exportLTPAKeys()
Exports the LTPA keys from the runtime
Security Roles:
administrator
operator
ResourceInstanceIdentifier:
The resource being modified for the MBean is of type Cell
The instance is identified by the value of key cell in the MBean's Object Name

exportLTPAKeys

public java.util.Properties exportLTPAKeys(byte[] password)
Exports the LTPA keys from the runtime
Parameters:
password - password in java byte array format to encrypt and decrypt the LTPA keys
Security Roles:
administrator
operator
ResourceInstanceIdentifier:
The resource being modified for the MBean is of type Cell
The instance is identified by the value of key cell in the MBean's Object Name

getUsers

public com.ibm.websphere.security.Result getUsers(java.lang.String pattern, java.lang.Integer limit, java.util.Properties props)
getUsers from the UserRegistry
Parameters:
pattern - The pattern to search for users in the UserRegistry
limit - The maximum number of users that can be returned
props - The properties object
Security Roles:
administrator
operator

getGroups

public com.ibm.websphere.security.Result getGroups(java.lang.String pattern, java.lang.Integer limit, java.util.Properties props)
getGroups from the UserRegistry
Parameters:
pattern - The pattern to search for groups in the UserRegistry
limit - The maximum number of groups that can be returned
props - The properties object
Security Roles:
administrator
operator

checkPassword

public java.lang.Boolean checkPassword(java.lang.String userId, java.lang.String password, java.util.Properties props)
authenticates the user
Parameters:
userId - The userId to authenticate
password - The password of the user
props - The properties object
Security Roles:
administrator
operator

checkTokenLibFile

public java.lang.Integer checkTokenLibFile(java.lang.String tokenType, java.lang.String tokenLib, java.lang.String tokenSlot, java.lang.String tokenPasswordEncoded, java.lang.String serverAlias, java.lang.String clientAlias)
Validates SSL cryptographic config
Parameters:
tokenType - Token type, i.e., PKCS#11
tokenLib - The token library file name
tokenSlot - The tokenslot number
tokenPasswordEncoded - The token password in the encoded form
serverAlias - The value from com.ibm.ssl.keyStoreServerAlias
clientAlias - The value from com.ibm.ssl.keyStoreClientAlias
Security Roles:
administrator
operator
RunAs Mode:

The MBean's methods run as System after initial authorization check is performed


checkKeyFile

public java.lang.Integer checkKeyFile(java.lang.String fileType, java.lang.String fileName, java.lang.String filePasswordEncoded, java.lang.String serverAlias, java.lang.String clientAlias)
Validates SSL key file config
Parameters:
fileType - The file type, i.e., JKS
fileName - The absolute path of the key file
filePasswordEncoded - The key file password in the encoded form
serverAlias - The value from com.ibm.ssl.keyStoreServerAlias
clientAlias - The value from com.ibm.ssl.keyStoreClientAlias
Security Roles:
administrator
operator
RunAs Mode:

The MBean's methods run as System after initial authorization check is performed


checkTrustFile

public java.lang.Integer checkTrustFile(java.lang.String fileType, java.lang.String fileName, java.lang.String filePasswordEncoded)
Validates SSL trust file config
Parameters:
fileType - The file type, i.e., JKS
fileName - The absolute path of the trust file
filePasswordEncoded - The trust file password in the encoded form
Security Roles:
administrator
operator
RunAs Mode:

The MBean's methods run as System after initial authorization check is performed


getRealm

public java.lang.String getRealm(java.util.Properties props)
gets the Realm
Parameters:
props - The properties object
Security Roles:
administrator
operator

checkRunAsUser

public java.lang.Boolean checkRunAsUser(java.util.List usrList, java.util.List grpList, java.lang.String userName, java.util.Properties props)
Checks if the user can be added to the runAsRole
Parameters:
usrList - The list of userNames
grpList - The list of groupNames
userName - The user name entered for runAsRole
props - The properties object
Security Roles:
administrator
operator

getAccessIds

public java.lang.String getAccessIds(boolean isUser, java.lang.String name, java.util.Properties props)
Gets the accessIds for users and groups from the active registry
Parameters:
isUser - true if it a user, false if it is a group
name - The name of the user or group
props - The properties object
Security Roles:
administrator
operator

updateJAASCfg

public void updateJAASCfg(java.lang.String newCfg)
Dynamic refreshing the WCCM JAAS configuration
Parameters:
newCfg - New WCCM JAAS configuration
Security Roles:
administrator
operator

getJAASCfg

public java.lang.String getJAASCfg()
Get the WCCM JAAS configuration
Security Roles:
administrator
operator
RunAs Mode:

The MBean's methods run as System after initial authorization check is performed


getOpaqueToken

public com.ibm.wsspi.security.token.TokenHolder getOpaqueToken(com.ibm.ws.security.util.ByteArray ssoToken)
Get the opaque authorization token.
Parameters:
ssoToken - The opaque token lookup key
Security Roles:
administrator
operator

propagatePolicyToJACCProvider

public void propagatePolicyToJACCProvider(java.lang.String appList)
Propagate the security policy to the JACC prvider.
Parameters:
appList - A string of colon(:) separated application names whose security policy information needs to be propagated to the JACC provider. If null is passed the security policy of all the applications in the process will be propagated.
Security Roles:
administrator
operator

getInitialContextToken

public com.ibm.wsspi.security.token.TokenHolder getInitialContextToken(com.ibm.ws.security.util.ByteArray ssoToken, java.lang.String targetServer)
Get the initial context token for Kerberos.
Parameters:
ssoToken - The opaque token lookup key
targetServer - The target server to perform initSecContext against.
Security Roles:
administrator
operator

getSecureSocketLayerCipherList

public java.util.List getSecureSocketLayerCipherList(java.lang.Boolean fipsEnabledFlag)
Return SSL cipher list
Parameters:
fipsEnabledFlag - True if FIPS is enabled, false otherwise.
Security Roles:
administrator
operator

getSingleSignonTokens

public com.ibm.wsspi.security.token.TokenHolder[] getSingleSignonTokens()
Get the single signon tokens for the current authenticated caller.
Security Roles:
administrator
operator

warnForLocalOS

public java.util.List warnForLocalOS(java.lang.Boolean nodeIsZOS, java.lang.String nodeHostName)
Check whether or not to issue a warning message during addNode.
Parameters:
nodeIsZOS - True if the node is on a zOS platform.
nodeHostName - The host name of the node being federated.
Security Roles:
administrator
operator

getKerberosPolicy

public byte[] getKerberosPolicy()
Return the Kerberos Policy byte[] for this server containing SPN and REALM.
Security Roles:
administrator
operator

Copyright IBM Corp. 1996-2005