Setting the internal Repository using Scripting

Our federated repository is based on a virtual realm (A unique name defining the virtual registry as provided by the registries that are federated together and managed by the WebSphere Virtual Manager)

The realm can consist of identities in:

  • The file-based repository that is built into the system
  • One or more external repositories
  • Both the built-in, file-based repository and in one or more external repositories

It is also possible to configure the fileRegistry.xml by using Jython

Configuring a single built-in, file-based repository in a new configuration under federated repositories using wsadmin. You can use the Jython or Jacl scripting language with the wsadmin tool to configure a single built-in, file-based repository in a new configuration under Federated repositories.

Use the following steps to configure for use a single built-in, file-based repository in a new configuration for federated repositories.

  • Create the fileRegistry.xml file, which is the user registry itself, if it does not already exist. If the fileRegistry.xml file does exist, this step just adds the user to registry.
  • Start the WS Admin Tool using <was_profile_roor>/wasadmin.sh –lang Jython
  • Issue the following command in the interactive session
AdminTask.addFileRegistryAccount(‘-userId myOtherUser -password password’)

 

For more information on the addFileRegistryAccount command, see the documentation about the FileRegistryCommands command group for the AdminTask object.

 

Update the security.xml file to enable administrative security, set the activeUserRegistry to use federated repositories, and update the primaryAdmin and its password. If you already have set the virtual ream i.e. already set the virtual repository, then this might not be useful as it is really designed to issue the actions of the wizard, as per the manual steps we did earlier.

AdminTask applyWizardSettings(‘-secureApps false
-secureLocalResources false
-userRegistryType WIMUserRegistry

-customRegistryClass com.ibm.ws.wim.registry.WIMUserRegistry

-adminName wasadmin -adminPassword wasadmin)

Save your configuration changes. Enter the following commands to save the new configuration.

AdminConfig.save()

 

Note: The changes will be saved to security.xml and fileRegistry.xml as required, however for the changes to take effect for a running WAS instance, restart the application server.

What we are going to do now is configure LDAP by adding an LDAP registry to our Federated Respository. We will cover that topic after we have configured an LDAP server. In this guide, we are going to install and use ApacheDS as out LDAP provider.

 


INTRODUCTION
JEE SECURITY
GLOBAL SECURITY
UNSECURE CONSOLE
TURNING ON GLOBAL SECURITY
Security Configuration Wizard
Virtual Member Manager
ROLE MANAGEMENT
Administrative roles
DISABLING GLOBAL SECURITY
SETTING THE INTERNAL REPOSITORY USING SCRIPTING
APACHEDS
Installing ApacheDS
Adding a new partition
ADDING LDAP TO A FEDERATED REPOSITORY
FEDERATED REPOSITORIES RECAP
Security settings
Wimconfig.xml

CHANGING THE OU FOR LDAP BIND
Looking at User Groups

STANDALONE LDAP
CONFIGURING THE STANDALONE LDAP SERVER
TESTING THE CONNECTION
REVIEW OF SECURITY.XML

SUMMARY

To learn more about the courses available from The Middleware Shop, please go to http://www.themiddlewareshop.com/products to see a full list of the current courses available.

Consulting

If you or your organization require support in architecture, performance tuning, automation or simply advice, then please contact me via my support site and request a conversation, where we can discuss your requirement.

About Steve

Steve is a seasoned passionate technology professional, strategist and leader.

An expert in technical communications, and adept in almost all forms of Internet and mobile related technology, Steve has time and time again proven his tenacity to improve systems around him and deliver.

Steve has worn many hats during his career such as Chief Technical Officer, Founding Member of several business ventures, Programmer, Systems Administrator, Architect, Blogger and Published Author to name a few.

Due to 20 years Industry experience in Middleware, Programming, Networks and Internet Technologies, He combines systems knowledge with efficient working methods and inter personal skills required to build effective relationship with clients and colleagues alike. Exceeding typical expectations in any role undertaken, Steve is certain to become a valuable asset within any organisation He joins.

Key Skills

• Leadership (Team, Project, Business, People).

• Architecture (Solutions, Information, Technical, Applications).

Simply, I help you deal with CANETI: Constant And Never Ending Technological Innovation

Specific IBM WebSphere skills:

WebSphere Application Server (WAS Base, WAS ND & Liberty Profile & Liberty Runtime)

  • Automation
  • Security, SSL
  • Dev Ops
  • Architecture
  • Performance Tuning

Middleware Integration Skills:

  • .NET programming, and Architecture
  • Java Programming, and Architecture
  • SOA, SOAP and XML messaging
  • JBoss Fuse, WMQ, IIB, Mule

Integration Skills:

  • SOA
  • Process Improvement
  • ICD’s
  • Messaging Architecture
  • Governance

General Digital Architecture & Governance

  • Lightweight Architectures
  • Digital Strategy, platform stacks for example IAAS, PAAS, SAAS
  • PCI DSS

Industry Qualifications & Recognition

  • TOGAF 9.1
  • IBM Champion 2013
Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply