Solved

jacl or jython script to create Administrative group roles and assign them

Posted on 2009-07-16
24
1,437 Views
Last Modified: 2013-12-11
Hi

Can someone provide me a jacl or jython script to create Administrative group roles and assign  user roles.

I'm running WAS 6.1.

Thanks
0
Comment
Question by:ahobalrao9
24 Comments
 
LVL 41

Expert Comment

by:HonorGod
ID: 24871558
Something like this perhaps?
# role     is the name of the role

# everyone is yes or no to say if everyone has the role

# allAuth  is yes or no to say if every authenticated

#          user has the role

# users    is a LIST of strings, one for each user

# groups   is a LIST of strings, one for each group
 

# create a single role mapping

roleMapping = [role, everyone, allAuth, '|'.join(users), '|'.join(groups)]
 

# The construct '|'.join(list) converts the list of Strings

# into the single '|' separated string we need.
 

# put that role within a list.

roleMappings = [rolemapping]
 

# If we had multiple roles, we would create

# additional roleMapping values, and append

# them to roleMappings, e.g.,

# roleMappings = [role1Mapping role2mapping & roleNmapping]
 

# finally, create the list the defines the task

options=["-MapRolesToUsers", roleMappings]
 

# All that remains is to apply this to the application

AdminApp.edit(application, options)

Open in new window

0
 

Author Comment

by:ahobalrao9
ID: 24871919
Wonderful....Thanks for the prompt response.

This is exactly i'm looking for...will it be possible to send the full script,it would greatly help.

Thanks
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 24872708
I haven't written a "full script", at least not yet.

the above is from an upcoming book...

http://www.amazon.com/dp/0137009526
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 24879346
I can't do it right now... maybe later today...
0
 

Author Comment

by:ahobalrao9
ID: 24887768


Thank you ...would be reallyl great and surely helpful ...if you can..

Thanks in advance.
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 24895157
I'm working on it.  :-)

Sorry it is taking so long.
0
 

Author Comment

by:ahobalrao9
ID: 24895867

Thank you..Its fine..If you could script.

Thanks
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 24896630
0
 

Author Comment

by:ahobalrao9
ID: 24896966
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 24908709
Something like this perhaps?

To execute it:
- Open a command prompt
- "cd" to the appropriate bin directory
  e.g., > cd /d D:\IBM\WebSphere\AppServer\profiles\AppSrv00\bin
- Specify this file on the wsadmin command prompt
  e.g., > wsadmin -lang jython -modifyAppRoles.py

  This will display the program usage information.
modifyAppRoles.py.txt
0
 

Author Comment

by:ahobalrao9
ID: 24909879


Thank you and really appreciate for the script.

But i'm sorry that i could not explain the question propery.

What i'm looking for is .....to createAuthorizationGroup , mapGroupsToRoles and then mapUsersToRole.

http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/rxml_7libsecurity.html

All this is done..when we enable the global security in admin console...and need to give access to users with different authorisation roles.

Apolizise for the confusion..if i could get help in this,it would be really helpful.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 41

Expert Comment

by:HonorGod
ID: 24910701
Ah.  I'll see what I can do...  Sorry for the misunderstanding.
0
 

Author Comment

by:ahobalrao9
ID: 24910800


Thanks a lot
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 24913993
Here's a script that can be used to create, list, or delete authorization groups.

Usage information is displayed if no parameters are provided.

wsadmin -lang jython -f AuthGroups.py

I'll have to take a look at mapGroupsToRoles next.
AuthGroups.py.txt
0
 

Author Comment

by:ahobalrao9
ID: 24914369

Wonderful.....Thanks you.
0
 
LVL 41

Accepted Solution

by:
HonorGod earned 500 total points
ID: 24914789
According to understanding, once you create a role (see AuthGroups.py), you should be able to use modifyAppRoles.py (http:#a24908709) to map a group to that role.  

You need to remember that the definition of security roles must be performed by the application developer during the design, and implementation of the application.  It makes no sense to add a role to an application if the application isn't going to use that role.

Does this make sense?
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 24935200
Please explain the grade of B.  I'm confused.
0
 
LVL 18

Expert Comment

by:Andrej Pirman
ID: 24943775
By my oppinion HonorGod should at least receive grade A, or better to be additionally rewarded - he provided the complete solution!
0
 

Author Comment

by:ahobalrao9
ID: 24943788


Yes..i agree..Apolizise for my innosence.
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 24948389
Thank you.

ahobalrao9 - Thanks, and good luck.

I'll be around if you have more questions.
0
 

Author Comment

by:ahobalrao9
ID: 24954599


Thanks
0
 

Expert Comment

by:praasanth
ID: 25137103

Hi ..I'm also tring the same and able to do that.

The issue i have is..
Even before creating the group roles and user roles...i need to perform a check in the external file, if the roles defined are valid or not (say if there are any typing errors)....if so the script should exit even without creating the group roles also.
Say i'm using the same code as above and WAS 6.1.23
Any suggestion please
0
 
LVL 41

Expert Comment

by:HonorGod
ID: 25141242
open a new (related) question, and provide complete details.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Upgrading Tomcat – There are a couple of methods to upgrade Tomcat is to use The Apache Installer is to download and unzip and run the services.bat remove|install Tomcat6 Because of the App that we are working with, we can only use Tomcat 6.…
If you’re thinking to yourself “That description sounds a lot like two people doing the work that one could accomplish,” you’re not alone.
An introduction to basic programming syntax in Java by creating a simple program. Viewers can follow the tutorial as they create their first class in Java. Definitions and explanations about each element are given to help prepare viewers for future …
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now