Retrieves, changes, or removes security domain rules. To run this command, the user must have appropriate permission within the specified domain—see “Managing security domains and policies”.
Domain rule values of null differ from unspecified values. To set a rule value to null, use the string “<null>”. If you retrieve a rule with a null value, the return value is also “<null>”.
domainrules --appserver_url URL --password password --username login [--domain domainName] [--init_ctx_factory ctxFactory] [--input_property_file inputFile] [--operation <get | set | remove | reset>] [--output_property_file outputFile] [--rule_name property] [--rule_value value]
Argument |
Datatype |
Default value |
Description |
|---|---|---|---|
* appserver_url |
string |
The URL to connect to the Enterprise Security middleware. |
|
* password |
string |
The password to use when connecting to the Enterprise Security middleware. |
|
* username |
string |
The user name to use when connecting to the Enterprise Security middleware. |
|
domain |
string |
DefaultDomain |
The name of the domain on which to perform the operation (get, set, remove, or reset). |
init_ctx_factory |
string |
com.sybase.ep.security. naming.InitialContextFactory |
The InitialContextFactory to use when connecting to the Enterprise Security middleware. |
input_property_file |
string |
A file that contains a list of rules and their values, in Java properties format; must be a readable file. Use an input property file when you want to set or remove multiple rules. To set or remove a single rule, specify rule_name and rule_value; do not use this argument. |
|
operation |
choice |
get |
The operation to perform: get, set, remove, or reset. The reset operation resets all domain rules to their default values. You cannot reset rules individually. |
output_property_file |
string |
The name of the file where the requested rules are written in Java properties format. If not specified, property names and values are written to the console. |
|
rule_name |
string |
The name of the rule to retrieve, set or remove. This argument cannot be used in conjunction with input_property_file. If you specify both, securetool displays a warning message and quits. |
|
rule_value |
string |
Sets the rule to this value. If the operation is get or remove, or if you specify an input_property_file, this property is ignored. |
Return value |
Indicates |
|---|---|
0 |
The command ran successfully; the result is true/success. |
1 |
The command failed. |
This command line example sets the domain rules specified in the /work/SECURITY/defaultdomain.txt file for the DefaultDomain, where URL is the URL to connect to the Enterprise Security middleware:
securetool domainrules --appserver_url URL --username pso --password 123qwe --operation set --input_property_file /work/Security/defaultdomain.txt
This command line example sets the auditJMSEnable domain rule to true, which sends auditing notifications to a JMS message topic:
securetool domainrules --appserver_url iiop://hostname:9000 --username pso --password 123qwe --operation set --rule_name auditJMSEnable --rule_value true
WARNING! Do not set auditJMSEnable to true until after you set up both the message service and the message topic in your application server; otherwise, you will not be able to log in to Enterprise Portal—see “Setting up JMS auditing notifications for EAServer”.
This example uses two commands to set the auditing
filters, auditIncludeFilter and auditExcludeFilter, to
define which events to audit for the domain:
securetool domainrules --appserver_url iiop://victory:9000 --username pso --password 123qwe --operation set --rule_name auditIncludeFilter --rule_value "(ResourceClass=SYSTEM.*)" securetool domainrules --appserver_url iiop://victory:9000 --username pso --password 123qwe --operation set --rule_name auditExcludeFilter --rule_value "(Decision=Permit)"
