Search code examples
scriptingjythonwebsphere-7wsadmin

wsadmin application install leaves out Security role to user/group mapping

I am facing an issue while installing my application's .ear file from the wsadmin command line, using the below command (see below) -- which I copied as is from the Websphere's "View administrative scripting command for last action" , after I tried to do this manually from the console. The issue is after deployment completes and I go to the application , I don't see the "Security role to user/group mapping" link under Detailed Properties , but I do see this when I install the app from the console whilst I accept all default values using the Fast Path approach . PS : I am using Websphere 7.0.0.23 on a Windows 2008 R2 64 bit machine. Also, if I leave out all the options in the AdminApp.install() command and just use AdminApp.install('C:\pathToMyEar') I see the Security mapping link , but then I need to at the least pass the application's name , without which the name ends up being some random string.

AdminApp.install('C:/fakepath/myApplication.ear', '[ -nopreCompileJSPs -distributeApp -nouseMetaDataFromBinary -nodeployejb -appname myApplicationRestEAR -createMBeansForResources -noreloadEnabled -nodeployws -validateinstall warn -noprocessEmbeddedConfig -filepermission ..dll=755#..so=755#..a=755#..sl=755 -noallowDispatchRemoteInclude -noallowServiceRemoteInclude -asyncRequestDispatchType DISABLED -nouseAutoLink -MapModulesToServers [[ myApplicationRest myApplicationRest.war,WEB-INF/web.xml WebSphere:cell=TestNode01Cell,node=TestNode01,server=server1 ]] -MapRolesToUsers [[ security AppDeploymentOption.No AppDeploymentOption.Yes "" "" AppDeploymentOption.No "" "" ]]]' )

Many thanks , Chethan

Solution

  • It looks like there are some extra arguments at the end of the -MapRolesToUsers block. I'm not sure if those are throwing off wsadmin. Here's the IBM documentation on MapRolesToUsers (source):

    AdminApp.install('myapp.ear', '[-MapRolesToUsers [["All Role" No Yes "" ""]["Every Role" Yes No "" ""] [DenyAllRole No No user1 group1]]]')

where {{"All Role" No Yes "" ""} corresponds to the following:

"All Role"  Represents the role name
No          Indicates to allow access to everyone (yes/no)
Yes         Indicates to allow access to all authenticated users (yes/no)
""          Indicates the mapped users
""          Indicates the mapped groups

    Try changing the MapRolesToUsers block to this:

     -MapRolesToUsers [[ security AppDeploymentOption.No AppDeploymentOption.Yes "" "" ]]