2

I've been scouring the IBM docs to try to find this but I keep coming up empty. Does anyone know the related script/command using wsadmin to configure the 'Web authentication behavior' for a WAS 7.0 setup?

The setting I'm looking at can be reached from the console from Security > Global Security > Web and SIP security > General Settings > Authenticate only when the URI is protected > Use available authentication data when an unprotected URI is accessed

Update:

Based on comments I toggled the setting and found the config that changed in {profile}/security.xml.

This is what it looked like with the "Use available authentication data when an unprotected URI is accessed" check-box unchecked:

<webAuthAttrs xmi:id="DescriptiveProperty_8" name="com.ibm.wsspi.security.web.webAuthReq" value="lazy" type="String" displayNameKey="" nlsRangeKey="" hoverHelpKey="" range="lazy,persisting,always" inclusive="false" firstClass="false"/>

and here is what it looked like once I checked it (which is what I'm trying to do with wsadmin):

<webAuthAttrs xmi:id="DescriptiveProperty_8" name="com.ibm.wsspi.security.web.webAuthReq" value="persisting" type="String" displayNameKey="" nlsRangeKey="" hoverHelpKey="" range="lazy,persisting,always" inclusive="false" firstClass="false"/>

So the question now is, how do I update this specific property using wsadmin?

FGreg
  • 14,110
  • 10
  • 68
  • 110
  • I don't know the answer, but if you change the setting in the console and check the PROFILE_HOME/wstemp/ directory, you should find the updated config, which you can compare against PROFILE_HOME/config/. – Brett Kail Jun 01 '12 at 19:53
  • Thanks for the comment. Based on your suggestion I changed the setting and found that this setting in security.xml changed: ``. Is there a way to set this using wsadmin then? – FGreg Jun 01 '12 at 20:08
  • That looks the same as mine, so I'd suggest updating the question with the before/after. Anyway, in wsadmin jacl, you want something like `set sec [$AdminConfig getid /Security:/]`, then loop over `$AdminConfig list DescriptiveProperty $sec`, then `set name [$AdminConfig getAttribute $dc name]`, then look for one that equals `com.ibm.wsspi.security.web.webAuthReq`, then `$AdminConfig update $dc [[...]]` based on whatever you're trying to set. – Brett Kail Jun 01 '12 at 20:18

2 Answers2

2

Equivalent to bkail's suggestion using Jython instead of JACL:

import java
import string

sec = AdminConfig.getid('/Security:/')
descProps = AdminConfig.list('DescriptiveProperty', sec)
lineSeparator = java.lang.System.getProperty('line.separator')
descriptiveProperties = descProps.split(lineSeparator)
for descProp in descriptiveProperties:
    id = descProp[string.find(descProp, "("):string.find(descProp, ")")+1]
    name = AdminConfig.showAttribute(id, 'name')
    if name == "com.ibm.wsspi.security.web.webAuthReq":
        print "Updating security config object with id: %s, property name: %s. Setting value to 'persisting'" % (id, name)
        AdminConfig.modify(id, '[[value persisting]]')
FGreg
  • 14,110
  • 10
  • 68
  • 110
1

Try this:

set sec [$AdminConfig getid /Security:/]
foreach descProp [$AdminConfig list DescriptiveProperty $sec] {
  set name [$AdminConfig showAttribute $descProp name]
  if {$name == "com.ibm.wsspi.security.web.webAuthReq"} {
    puts "Updating $descProp"
    $AdminConfig modify $descProp {{value persisting}}
  }
}

Execute with bin/wsadmin -f webAuthReq.jacl

Brett Kail
  • 33,593
  • 2
  • 85
  • 90
  • I didn't actually test your code as I was using jython (I know I didn't mention that up front). I used your approach though and got it working so I'm giving you the answer. See my answer below for an equivalent example in jython. – FGreg Jun 06 '12 at 15:47