Linux环境下IBM WebSphere Portal v8.5独立服务器启用安全性操作记录_失败案例

本文用于记录在Linux环境下IBM WebSphere Portal v8.5独立服务器启用安全性的操作步骤；

警告信息：

其实本篇文章并没有完成启用安全性，虽然试验了很多次但是最终结果都是失败（BUILD FAILED），而且没有找到原因，甚是郁闷！特此记录操作方式和错误信息以备参考。

环境说明：

硬件环境：Lenovo E440, i7, 12GB, 500GB；

虚拟设备：VMWare WorkStation 11 + RHEL5.6 X64；

产品说明：IBM WebSphere Portal v8.5、DB2 v9.7、Tivoli Directory Server v6.3；

一、添加TDS目录后缀1、命令行方式添加后缀cd /opt/ibm/ldap/V6.3/sbin ./idscfgsuf -I idsldap -s "dc=portal,dc=xushuai,dc=org"2、图形界面方式添加后缀

TDS提供了配置工具来配置TDS实例，其中包括了对后缀的管理；

启动配置工具

方式1：可以使用idsxinst实例管理工具中的管理（Manage）进入配置工具界面；

./idsxinst

在左侧列表中选择实例，点击右侧的“Manage”按钮进入“配置工具”界面；

方式2：也可以直接使用idsxcfg命令直接进入配置工具界面；

./idsxcfg –I idsldap

使用配置工具添加目录后缀

在配置工具界面中点击左侧菜单中的“Manage suffixes”进入后缀管理界面；

在Suffix DN文本框中输入需要添加的后缀信息：

dc=portal,dc=xushuai,dc=org

然后点击右侧的“Add”按钮完成后缀添加；添加完后缀的界面如下图所示：

二、导入初始LDIF数据

安装完成的WPS提供了一份初始化用户和组的LDIF文件；

文件位置：

/opt/IBM/WebSphere/PortalServer/installer/wp.iim/ldif/PortalUsers.ldif

原始文件内容如下：

version: 1 # NOTE: you must edit this file before importing it and replace all # occurrences of the default suffix "dc=yourco,dc=com" with the suffix # that your LDAP server is configured for. dn: dc=com objectclass: domain objectclass: top # Add lines according to this scheme that correspond to your suffix dc: com dn: dc=yourco,dc=com objectclass: domain objectclass: top # Add lines according to this scheme that correspond to your suffix dc: yourco dn: cn=users,dc=yourco,dc=com objectclass: container objectclass: top cn: users dn: cn=groups,dc=yourco,dc=com objectclass: top objectclass: container cn: groups dn: uid=wpsadmin,cn=users,dc=yourco,dc=com objectclass: organizationalPerson objectclass: person objectclass: top objectclass: inetOrgPerson uid: wpsadmin userpassword: wpsadmin sn: admin givenName: wps cn: wps admin dn: uid=wpsbind,cn=users,dc=yourco,dc=com objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson uid: wpsbind userpassword: wpsbind sn: bind givenName: wps cn: wps bind dn: cn=wpsadmins,cn=groups,dc=yourco,dc=com objectclass: groupOfUniqueNames objectclass: top uniquemember: uid=wpsadmin,cn=users,dc=yourco,dc=com cn: wpsadmins

替换LDIF文件中的默认后缀“dc=yourco,dc=com”为上一步骤添加的“dc=portal,dc=xushuai,dc=org”后缀；

version: 1 # NOTE: you must edit this file before importing it and replace all # occurrences of the default suffix "dc=xushuai,dc=org" with the suffix # that your LDAP server is configured for. dn: dc=org objectclass: domain objectclass: top # Add lines according to this scheme that correspond to your suffix dc: org dn: dc=xushuai,dc=org objectclass: domain objectclass: top # Add lines according to this scheme that correspond to your suffix dc: xushuai dn: dc=portal,dc=xushuai,dc=org objectclass: domain objectclass: top # Add lines according to this scheme that correspond to your suffix dc: portal dn: cn=users,dc=portal,dc=xushuai,dc=org objectclass: container objectclass: top cn: users dn: cn=groups,dc=portal,dc=xushuai,dc=org objectclass: top objectclass: container cn: groups dn: uid=wpsadmin,cn=users,dc=portal,dc=xushuai,dc=org objectclass: organizationalPerson objectclass: person objectclass: top objectclass: inetOrgPerson uid: wpsadmin userpassword: passw0rd sn: admin givenName: wps cn: wps admin dn: uid=wpsbind,cn=users,dc=portal,dc=xushuai,dc=org objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson uid: wpsbind userpassword: passw0rd sn: bind givenName: wps cn: wps bind dn: cn=wpsadmins,cn=groups,dc=portal,dc=xushuai,dc=org objectclass: groupOfUniqueNames objectclass: top uniquemember: uid=wpsadmin,cn=users,dc=portal,dc=xushuai,dc=org cn: wpsadmins

完成后，将修改完成的LDIF数据上传至服务器中，此次上传至“/opt”目录。

方式1：使用idsldif2db命令导入LDIF数据

TDS提供了idsldif2db命令可以完成LDIF文件的数据导入，命令如下：

./idsldif2db -I idsldap -i /opt/PortalUsers.ldif

方式2：使用配置工具导入LDIF数据

使用如下命令启动TDS实例配置工具：

./idsxcfg –I idsldap

在左侧菜单中展开“LDIF tasks”节点，点击“Import LDIF data”菜单项，进入LDIF文件导入界面；

在“Path and LDIF file name”区域，点击“Browse”按钮，切换路径选择刚才上传的PortalUsers.ldif文件；

点击“OK”按钮，返回导入界面，下拉滚动条，点击界面右下部的Import按钮；

此时，系统将自动进行数据导入，并在“Task messages”界面中显示日志信息；

完成后系统弹出成功信息；

方式3：使用LDAPBrower等工具导入LDIF数据

可以使用LDAP客户端工具完成LDIF数据的导入，比较常用的LDAP客户端工具有：LDAPBrower、Apache LDAP Studio等；

本章节使用LDAPBrowser演示如何使用工具导入LDIF数据；

使用LDAPBrowser配置LDAP服务器的连接参数，连接成功后点击工具栏中的LDIF，然后选择Import，找到导入的PortalUsers.ldif文件，然后点击Import按钮完成数据导入；

导入完成后的数据如下：

三、使用配置向导生成启用安全性脚本3.1、启动配置向导服务器实例

配置向导服务器实例的路径和启动命令如下：

/opt/IBM/WebSphere/AppServer/profiles/cw_profile/bin ./startServer.sh server1

3.2、使用配置向导生成启用安全性脚本

1、登录配置向导

在浏览器中输入配置向导地址：

http://192.168.121.135:10200/ibm/wizard

输入管理员账号和密码后点击登录按钮进入配置向导主界面；

2、进入独立服务器的启用安全性配置界面

在配置向导主界面中依次点击“设置独立服务器-》启用联合安全性”；

3、设置启动联合安全性的系统信息

在系统信息界面中配置门户相关的系统信息，包括操作系统类型、概要文件名称和概要文件目录信息；

系统会自动检测这些信息并自动填充表单；

目标操作系统	Linux
目标Portal概要文件名称	wp_profile
目标Portal概要文件主目录	/opt/IBM/WebSphere/wp_profile

确认无误后点击右侧的箭头按钮进入下一步设置界面；

4、设置启用联合安全性的安全设置

用户注册表软件	IBM Directory Server
是否需要在门户网站服务器与用户注册表之间使用SSL	否，不启用SSL
门户网站是否可以更新LDAP注册表中的条目	否，门户网站无法修改条目
使用LDAP用户注册表中存储的管理员标识	是，请使用LDAP用户注册表中的标识

确认无误后点击右侧的箭头按钮进入下一步设置界面；

5、设置启用联合安全性的基于文件的管理员

WebSphere Applicatoin Server管理员标识	wpsadmin
WebSphere Applicatoin Server管理员密码	********
重新输入密码	********
WebSphere Portal管理员标识	wpsadmin
WebSphere Portal管理员密码	********
重新输入密码	********

确认无误后点击右侧的箭头按钮进入下一步设置界面；

6、设置启用联合安全性的用户注册表信息

LDAP存储库标识	idsldap
LDAP主机名	wpstds.xushuai.org
LDAP端口	389
基本专有名称	dc=portal,dc=xushuai,dc=org
绑定DN	cn=root
绑定密码	********
重新输入密码	********
LDAP中的管理员组DN	cn=wpsadmins,cn=groups,dc=portal,dc=xushuai,dc=org
LDAP中的管理员DN	uid=wpsadmin,cn=users,dc=portal,dc=xushuai,dc=org
LDAP中的管理员密码	********
重新输入密码	********

确认无误后点击右侧的箭头按钮进入下一步设置界面；

7、进入启用联合安全性的配置界面

在该界面中，已经完成了启用联合安全性的参数配置，系统自动生成了配置脚本；

点击“下载配置脚本”链接下载配置脚本至本地，得到名称为“WorkflowInstanceScriptsAll.zip”的配置脚本。

四、执行脚本启用安全性4.1、执行脚本启用安全性步骤

步骤	操作内容
1	验证 LDAP 服务器设置。 脚本：ValidateFederatedLDAP
2	将 LDAP 用户注册表添加到缺省联合存储库。 脚本：EnableFederatedLDAPSecurity
3	更新在其中存储新用户和组的用户注册表。 脚本：SetEntityTypes
4	注册 WebSphere Application Server 调度程序任务。 脚本：ReregisterSchedulerTasks
5	将基于文件的 WebSphere Portal 和 WebSphere Application Server 用户和组替换为 LDAP 服务器中的用户和组。 脚本：ChangeWASAdminUser
6	完成安全更改后，重新启动服务器。 脚本：RecycleAfterSecurityChangeFirst
7	更新搜索管理用户。 脚本：UpdateSearchAdminUser
8	更改安全模型之后，必须重新启动服务器。重新启动门户网站服务器。 脚本：RecycleAfterSecurityChange
9	验证所有已定义的属性是否在配置的 LDAP 用户注册表中可用。 脚本：ValidateFederatedLDAPAttributes
10	手动步骤：映射属性以确保 WebSphere Portal 和 LDAP 服务器之间能够正常通信。

4.2、上传脚本并赋权

使用FTP工具将下载得到的启用安全性脚本压缩包上传至服务器；

使用unzip命令解压压缩包并给所有文件赋予执行权限；

4.3、执行启用安全性1、验证LDAP服务器设置

执行scripts目录下名为“ValidateFederatedLDAP.sh”的脚本可以验证LDAP服务器设置正确性。

cd /opt/WorkflowInstanceScriptsAll/scripts ./ValidateFederatedLDAP.sh2、将LDAP用户注册表添加到缺省联合存储库

执行scripts目录下名为“EnableFederatedLDAPSecurity.sh”的脚本可以将LDAP用户注册表添加到缺省联合存储库中；

cd /opt/WorkflowInstanceScriptsAll/scripts ./EnableFederatedLDAPSecurity.sh3、更新在其中存储新用户和组的用户注册表

执行scripts目录下名为“SetEntityTypes.sh”脚本可以更新在其中存储新用户和组的用户注册表；

cd /opt/WorkflowInstanceScriptsAll/scripts ./SetEntityTypes.sh

结果：在执行此脚本的过程中发生错误，构建失败，后续内容无法执行。试验多次均同样效果，甚是郁闷。。。

五、启用安全性错误信息

在启用安全性的时候完整错误信息如下所示：

/opt/IBM/WebSphere/ConfigEngine/config/includes/wp_security_pub.xml:1000: Update entity type failed. at com.ibm.wplc.deploy.tasks.impl.SupportedEntityTypeUpdateImpl.execute(SupportedEntityTypeUpdateImpl.java:39) at com.ibm.wplc.deploy.tasks.AbstractBaseAdminTask.executeBean(AbstractBaseAdminTask.java:541) at com.ibm.wplc.deploy.tasks.AbstractBaseAdminTask.executeTask(AbstractBaseAdminTask.java:525) at com.ibm.wplc.deploy.tasks.AbstractBaseWsAdminWrapperTask.executeTask(AbstractBaseWsAdminWrapperTask.java:395) at com.ibm.wplc.deploy.tasks.AbstractBaseAdminTask.execute(AbstractBaseAdminTask.java:175) at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275) at org.apache.tools.ant.Task.perform(Task.java:364) at org.apache.tools.ant.Target.execute(Target.java:341) at org.apache.tools.ant.Target.performTasks(Target.java:369) at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216) at org.apache.tools.ant.Project.executeTarget(Project.java:1185) at com.ibm.wps.config.tasks.AntCallTask.execute(AntCallTask.java:133) at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275) at org.apache.tools.ant.Task.perform(Task.java:364) at org.apache.tools.ant.Target.execute(Target.java:341) at org.apache.tools.ant.Target.performTasks(Target.java:369) at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216) at org.apache.tools.ant.Project.executeTarget(Project.java:1185) at com.ibm.wps.config.tasks.AntCallTask.execute(AntCallTask.java:133) at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275) at org.apache.tools.ant.Task.perform(Task.java:364) at org.apache.tools.ant.Target.execute(Target.java:341) at org.apache.tools.ant.Target.performTasks(Target.java:369) at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216) at org.apache.tools.ant.Project.executeTarget(Project.java:1185) at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:40) at org.apache.tools.ant.Project.executeTargets(Project.java:1068) at org.apache.tools.ant.Main.runBuild(Main.java:668) at org.apache.tools.ant.Main.startAnt(Main.java:187) at org.apache.tools.ant.Main.start(Main.java:150) at com.ibm.wps.config.ConfigEngine.process(ConfigEngine.java:981) at com.ibm.wps.config.ConfigEngine.main(ConfigEngine.java:219) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:618) at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java) at org.python.core.PyMethod.__call__(PyMethod.java) at org.python.core.PyObject.__call__(PyObject.java) at org.python.core.PyInstance.invoke(PyInstance.java) at org.python.pycode._pyx50.f$0(<string>:78) at org.python.pycode._pyx50.call_function(<string>) at org.python.core.PyTableCode.call(PyTableCode.java) at org.python.core.PyCode.call(PyCode.java) at org.python.core.Py.runCode(Py.java) at org.python.core.Py.exec(Py.java) at org.python.util.PythonInterpreter.exec(PythonInterpreter.java) at com.ibm.bsf.engines.jython.JythonEngine$BSFPythonInterpreter.exec(Unknown Source) at com.ibm.bsf.engines.jython.JythonEngine.exec(Unknown Source) at com.ibm.bsf.BSFManager$6.run(Unknown Source) at java.security.AccessController.doPrivileged(AccessController.java:330) at com.ibm.bsf.BSFManager.exec(Unknown Source) at com.ibm.ws.scripting.AbstractShell.executeScript(AbstractShell.java:1214) at com.ibm.ws.scripting.AbstractShell.run(AbstractShell.java:2271) at com.ibm.ws.scripting.WasxShell.main(WasxShell.java:1108) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:618) at com.ibm.wsspi.bootstrap.WSLauncher.launchMain(WSLauncher.java:234) at com.ibm.wsspi.bootstrap.WSLauncher.main(WSLauncher.java:96) at com.ibm.wsspi.bootstrap.WSLauncher.run(WSLauncher.java:77) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:618) at org.eclipse.equinox.internal.app.EclipseAppContainer.callMethodWithException(EclipseAppContainer.java:587) at org.eclipse.equinox.internal.app.EclipseAppHandle.run(EclipseAppHandle.java:198) at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.runApplication(EclipseAppLauncher.java:110) at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.start(EclipseAppLauncher.java:79) at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:369) at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:179) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:618) at org.eclipse.core.launcher.Main.invokeFramework(Main.java:340) at org.eclipse.core.launcher.Main.basicRun(Main.java:282) at org.eclipse.core.launcher.Main.run(Main.java:981) at com.ibm.wsspi.bootstrap.WSPreLauncher.launchEclipse(WSPreLauncher.java:380) at com.ibm.wsspi.bootstrap.WSPreLauncher.main(WSPreLauncher.java:151) Caused by: com.ibm.websphere.management.cmdframework.CommandException: javax.management.JMRuntimeException: CWWMN0022E: Access is denied for the getCommandMetaInfo operation on RemoteCommandMgr MBean because of insufficient or empty credentials. at com.ibm.ws.management.cmdframework.impl.ClientCommandMgr.initCommandMetadata(ClientCommandMgr.java:361) at com.ibm.ws.management.cmdframework.impl.ClientCommandMgr.createCommand(ClientCommandMgr.java:295) at com.ibm.wplc.deploy.tasks.impl.SupportedEntityTypeUpdateImpl.runUpdateCommand(SupportedEntityTypeUpdateImpl.java:56) at com.ibm.wplc.deploy.tasks.impl.SupportedEntityTypeUpdateImpl.execute(SupportedEntityTypeUpdateImpl.java:31) ... 80 more Caused by: javax.management.JMRuntimeException: CWWMN0022E: Access is denied for the getCommandMetaInfo operation on RemoteCommandMgr MBean because of insufficient or empty credentials. at com.ibm.ws.management.connector.soap.SOAPConnectorClient.handleAdminFault(SOAPConnectorClient.java:959) at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invokeTemplateOnce(SOAPConnectorClient.java:924) at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invokeTemplate(SOAPConnectorClient.java:689) at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invokeTemplate(SOAPConnectorClient.java:679) at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invoke(SOAPConnectorClient.java:665) at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invoke(SOAPConnectorClient.java:487) at com.sun.proxy.$Proxy2.invoke(Unknown Source) at com.ibm.ws.management.AdminClientImpl.invoke(AdminClientImpl.java:224) at com.ibm.ws.management.cmdframework.impl.ClientCommandMgr.initCommandMetadata(ClientCommandMgr.java:317) ... 83 more --- Nested Exception --- com.ibm.websphere.management.cmdframework.CommandException: javax.management.JMRuntimeException: CWWMN0022E: Access is denied for the getCommandMetaInfo operation on RemoteCommandMgr MBean because of insufficient or empty credentials. at com.ibm.ws.management.cmdframework.impl.ClientCommandMgr.initCommandMetadata(ClientCommandMgr.java:361) at com.ibm.ws.management.cmdframework.impl.ClientCommandMgr.createCommand(ClientCommandMgr.java:295) at com.ibm.wplc.deploy.tasks.impl.SupportedEntityTypeUpdateImpl.runUpdateCommand(SupportedEntityTypeUpdateImpl.java:56) at com.ibm.wplc.deploy.tasks.impl.SupportedEntityTypeUpdateImpl.execute(SupportedEntityTypeUpdateImpl.java:31) at com.ibm.wplc.deploy.tasks.AbstractBaseAdminTask.executeBean(AbstractBaseAdminTask.java:541) at com.ibm.wplc.deploy.tasks.AbstractBaseAdminTask.executeTask(AbstractBaseAdminTask.java:525) at com.ibm.wplc.deploy.tasks.AbstractBaseWsAdminWrapperTask.executeTask(AbstractBaseWsAdminWrapperTask.java:395) at com.ibm.wplc.deploy.tasks.AbstractBaseAdminTask.execute(AbstractBaseAdminTask.java:175) at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275) at org.apache.tools.ant.Task.perform(Task.java:364) at org.apache.tools.ant.Target.execute(Target.java:341) at org.apache.tools.ant.Target.performTasks(Target.java:369) at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216) at org.apache.tools.ant.Project.executeTarget(Project.java:1185) at com.ibm.wps.config.tasks.AntCallTask.execute(AntCallTask.java:133) at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275) at org.apache.tools.ant.Task.perform(Task.java:364) at org.apache.tools.ant.Target.execute(Target.java:341) at org.apache.tools.ant.Target.performTasks(Target.java:369) at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216) at org.apache.tools.ant.Project.executeTarget(Project.java:1185) at com.ibm.wps.config.tasks.AntCallTask.execute(AntCallTask.java:133) at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275) at org.apache.tools.ant.Task.perform(Task.java:364) at org.apache.tools.ant.Target.execute(Target.java:341) at org.apache.tools.ant.Target.performTasks(Target.java:369) at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216) at org.apache.tools.ant.Project.executeTarget(Project.java:1185) at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:40) at org.apache.tools.ant.Project.executeTargets(Project.java:1068) at org.apache.tools.ant.Main.runBuild(Main.java:668) at org.apache.tools.ant.Main.startAnt(Main.java:187) at org.apache.tools.ant.Main.start(Main.java:150) at com.ibm.wps.config.ConfigEngine.process(ConfigEngine.java:981) at com.ibm.wps.config.ConfigEngine.main(ConfigEngine.java:219) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:618) at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java) at org.python.core.PyMethod.__call__(PyMethod.java) at org.python.core.PyObject.__call__(PyObject.java) at org.python.core.PyInstance.invoke(PyInstance.java) at org.python.pycode._pyx50.f$0(<string>:78) at org.python.pycode._pyx50.call_function(<string>) at org.python.core.PyTableCode.call(PyTableCode.java) at org.python.core.PyCode.call(PyCode.java) at org.python.core.Py.runCode(Py.java) at org.python.core.Py.exec(Py.java) at org.python.util.PythonInterpreter.exec(PythonInterpreter.java) at com.ibm.bsf.engines.jython.JythonEngine$BSFPythonInterpreter.exec(Unknown Source) at com.ibm.bsf.engines.jython.JythonEngine.exec(Unknown Source) at com.ibm.bsf.BSFManager$6.run(Unknown Source) at java.security.AccessController.doPrivileged(AccessController.java:330) at com.ibm.bsf.BSFManager.exec(Unknown Source) at com.ibm.ws.scripting.AbstractShell.executeScript(AbstractShell.java:1214) at com.ibm.ws.scripting.AbstractShell.run(AbstractShell.java:2271) at com.ibm.ws.scripting.WasxShell.main(WasxShell.java:1108) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:618) at com.ibm.wsspi.bootstrap.WSLauncher.launchMain(WSLauncher.java:234) at com.ibm.wsspi.bootstrap.WSLauncher.main(WSLauncher.java:96) at com.ibm.wsspi.bootstrap.WSLauncher.run(WSLauncher.java:77) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:618) at org.eclipse.equinox.internal.app.EclipseAppContainer.callMethodWithException(EclipseAppContainer.java:587) at org.eclipse.equinox.internal.app.EclipseAppHandle.run(EclipseAppHandle.java:198) at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.runApplication(EclipseAppLauncher.java:110) at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.start(EclipseAppLauncher.java:79) at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:369) at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:179) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:618) at org.eclipse.core.launcher.Main.invokeFramework(Main.java:340) at org.eclipse.core.launcher.Main.basicRun(Main.java:282) at org.eclipse.core.launcher.Main.run(Main.java:981) at com.ibm.wsspi.bootstrap.WSPreLauncher.launchEclipse(WSPreLauncher.java:380) at com.ibm.wsspi.bootstrap.WSPreLauncher.main(WSPreLauncher.java:151) Caused by: javax.management.JMRuntimeException: CWWMN0022E: Access is denied for the getCommandMetaInfo operation on RemoteCommandMgr MBean because of insufficient or empty credentials. at com.ibm.ws.management.connector.soap.SOAPConnectorClient.handleAdminFault(SOAPConnectorClient.java:959) at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invokeTemplateOnce(SOAPConnectorClient.java:924) at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invokeTemplate(SOAPConnectorClient.java:689) at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invokeTemplate(SOAPConnectorClient.java:679) at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invoke(SOAPConnectorClient.java:665) at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invoke(SOAPConnectorClient.java:487) at com.sun.proxy.$Proxy2.invoke(Unknown Source) at com.ibm.ws.management.AdminClientImpl.invoke(AdminClientImpl.java:224) at com.ibm.ws.management.cmdframework.impl.ClientCommandMgr.initCommandMetadata(ClientCommandMgr.java:317) ... 83 more Failed ANT script: /opt/IBM/WebSphere/ConfigEngine/config/includes/wp_security_pub.xml:1000: Failed target: commit-admin-changes Failed task: Task name could not be determined. Please check the line number below for target details. Probable failed component: ConfigEngine ------ Target Stack Trace ------ commit-admin-changes wp-update-entitytype wp-update-entitytypes wp-set-entitytypes ------Target Excerpt ------ 950: wasuser="${WasUserid}" 951: waspassword="${WasPassword}" 952: name="${realmName}" 953: deleteBaseEntry="${temp.delete.baseDN}"> 954: </wplc-delete-realm-baseentry> 955: </then> 956: <else> 957: <echo message="Base entries for realm '${realmName}' propRealmBaseEntryList: '${propRealmBaseEntryList}' does not contain '${temp.delete.baseDN}'. Nothing to do"/> 958: </else> 959: </if> 960: 961: </target> 962: 963: <!-- query realm --> 964: <target name="wp-query-realm"> 965: <wplc-query-realm 966: cell="${CellName}" 967: wasuser="${WasUserid}" 968: waspassword="${WasPassword}"> 969: </wplc-query-realm> 970: </target> 971: 972: <!-- query realm base entry --> 973: <target name="wp-query-realm-baseentry"> 974: <wplc-query-realm-baseentry 975: cell="${CellName}" 976: wasuser="${WasUserid}" 977: waspassword="${WasPassword}" 978: name="${realmName}"> 979: </wplc-query-realm-baseentry> 980: </target> 981: 982: 983: <!-- set default realm --> 984: <target name="wp-default-realm" depends="validate-default-realm"> 985: 986: <wplc-default-realm 987: cell="${CellName}" 988: wasuser="${WasUserid}" 989: waspassword="${WasPassword}" 990: name="${defaultRealmName}"> 991: </wplc-default-realm> 992: </target> 993: 994: <!-- update entity type --> 995: <target name="wp-update-entitytype"> 996: <wplc-update-supported-entitytype 997: cell="${CellName}" 998: wasuser="${WasUserid}" 999: waspassword="${WasPassword}" 1000:**> name="${entityTypeName}"> 1001: <attribute name="defaultParent" value="${defaultParent}"/> 1002: <attribute name="rdnProperties" value="${rdnProperties}"/> 1003: </wplc-update-supported-entitytype> 1004: </target> 1005: 1006: <!-- update 3 entity types --> 1007: <target name="wp-update-entitytypes"> 1008: <antcall target="wp-update-entitytype" > 1009: <param name="entityTypeName" value="PersonAccount"/> 1010: <param name="defaultParent" value="${personAccountParent}"/> 1011: <param name="rdnProperties" value="${personAccountRdnProperties}"/> 1012: </antcall> 1013: <antcall target="wp-update-entitytype" > 1014: <param name="entityTypeName" value="Group"/> 1015: <param name="defaultParent" value="${groupParent}"/> 1016: <param name="rdnProperties" value="${groupRdnProperties}"/> 1017: </antcall> 1018: </target> 1019: 1020: <!-- set entity type --> 1021: <target name="wp-set-entitytype"> 1022: <antcall target="wp-update-entitytype" > 1023: <param name="entityTypeName" value="${entityTypeName}"/> 1024: <param name="defaultParent" value="${defaultParent}"/> 1025: <param name="rdnProperties" value=""/> 1026: </antcall> 1027: <antcall target="wp-update-entitytype" > 1028: <param name="entityTypeName" value="${entityTypeName}"/> 1029: <param name="defaultParent" value="${defaultParent}"/> 1030: <param name="rdnProperties" value="${rdnProperties}"/> 1031: </antcall> 1032: </target> 1033: 1034: 1035: <!-- set 3 entity types --> 1036: <target name="wp-set-entitytypes"> 1037: <!-- delete old RDN entries --> 1038: <property name="localPersonAccountRdnProperties" value="${personAccountRdnProperties}" overwrite="true"/> 1039: <property name="localGroupRdnProperties" value="${groupRdnProperties}" overwrite="true"/> 1040: <antcall target="wp-update-entitytypes" > 1041: <param name="personAccountRdnProperties" value=""/> 1042: <param name="groupRdnProperties" value=""/> 1043: </antcall> 1044: 1045: <!-- add RDN entries --> 1046: <antcall target="wp-update-entitytypes" > 1047: <param name="personAccountRdnProperties" value="${localPersonAccountRdnProperties}"/> 1048: <param name="groupRdnProperties" value="${localGroupRdnProperties}"/> 1049: </antcall> 1050: ------- Properties and values used in the failed target ------- os.arch=amd64 WasUserid=wpsadmin entityTypeName=PersonAccount WasPassword=PASSWORD_REMOVED ConfigEngineSoapTimeout=${ConfigEngineSoapTimeout} EngineRootDir=/opt/IBM/WebSphere/ConfigEngine rdnProperties= enableAawsiTrace=${enableAawsiTrace} EngineInstallLocation=/opt/IBM/WebSphere/wp_profile/ConfigEngine WasRemoteHostName=wps85srv WasSoapPort=10033 CellName=wps85srvCell defaultParent=o=defaultWIMFileBasedRealm

错误信息提炼：

CWWMN0022E: Access is denied for the getCommandMetaInfo operation on RemoteCommandMgr MBean because of insufficient or empty credentials.