本文用于记录在Linux环境下IBM WebSphere Portal v8.5独立服务器启用安全性的操作步骤;
警告信息:
其实本篇文章并没有完成启用安全性,虽然试验了很多次但是最终结果都是失败(BUILD FAILED),而且没有找到原因,甚是郁闷!特此记录操作方式和错误信息以备参考。
环境说明:
硬件环境:Lenovo E440, i7, 12GB, 500GB;
虚拟设备:VMWare WorkStation 11 + RHEL5.6 X64;
产品说明:IBM WebSphere Portal v8.5、DB2 v9.7、Tivoli Directory Server v6.3;
一、添加TDS目录后缀1、命令行方式添加后缀cd /opt/ibm/ldap/V6.3/sbin ./idscfgsuf -I idsldap -s "dc=portal,dc=xushuai,dc=org"2、图形界面方式添加后缀TDS提供了配置工具来配置TDS实例,其中包括了对后缀的管理;
启动配置工具方式1:可以使用idsxinst实例管理工具中的管理(Manage)进入配置工具界面;
./idsxinst在左侧列表中选择实例,点击右侧的“Manage”按钮进入“配置工具”界面;
方式2:也可以直接使用idsxcfg命令直接进入配置工具界面;
./idsxcfg –I idsldap使用配置工具添加目录后缀在配置工具界面中点击左侧菜单中的“Manage suffixes”进入后缀管理界面;
在Suffix DN文本框中输入需要添加的后缀信息:
dc=portal,dc=xushuai,dc=org然后点击右侧的“Add”按钮完成后缀添加;添加完后缀的界面如下图所示:
二、导入初始LDIF数据安装完成的WPS提供了一份初始化用户和组的LDIF文件;
文件位置:
/opt/IBM/WebSphere/PortalServer/installer/wp.iim/ldif/PortalUsers.ldif原始文件内容如下:
version: 1 # NOTE: you must edit this file before importing it and replace all # occurrences of the default suffix "dc=yourco,dc=com" with the suffix # that your LDAP server is configured for. dn: dc=com objectclass: domain objectclass: top # Add lines according to this scheme that correspond to your suffix dc: com dn: dc=yourco,dc=com objectclass: domain objectclass: top # Add lines according to this scheme that correspond to your suffix dc: yourco dn: cn=users,dc=yourco,dc=com objectclass: container objectclass: top cn: users dn: cn=groups,dc=yourco,dc=com objectclass: top objectclass: container cn: groups dn: uid=wpsadmin,cn=users,dc=yourco,dc=com objectclass: organizationalPerson objectclass: person objectclass: top objectclass: inetOrgPerson uid: wpsadmin userpassword: wpsadmin sn: admin givenName: wps cn: wps admin dn: uid=wpsbind,cn=users,dc=yourco,dc=com objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson uid: wpsbind userpassword: wpsbind sn: bind givenName: wps cn: wps bind dn: cn=wpsadmins,cn=groups,dc=yourco,dc=com objectclass: groupOfUniqueNames objectclass: top uniquemember: uid=wpsadmin,cn=users,dc=yourco,dc=com cn: wpsadmins替换LDIF文件中的默认后缀“dc=yourco,dc=com”为上一步骤添加的“dc=portal,dc=xushuai,dc=org”后缀;
version: 1 # NOTE: you must edit this file before importing it and replace all # occurrences of the default suffix "dc=xushuai,dc=org" with the suffix # that your LDAP server is configured for. dn: dc=org objectclass: domain objectclass: top # Add lines according to this scheme that correspond to your suffix dc: org dn: dc=xushuai,dc=org objectclass: domain objectclass: top # Add lines according to this scheme that correspond to your suffix dc: xushuai dn: dc=portal,dc=xushuai,dc=org objectclass: domain objectclass: top # Add lines according to this scheme that correspond to your suffix dc: portal dn: cn=users,dc=portal,dc=xushuai,dc=org objectclass: container objectclass: top cn: users dn: cn=groups,dc=portal,dc=xushuai,dc=org objectclass: top objectclass: container cn: groups dn: uid=wpsadmin,cn=users,dc=portal,dc=xushuai,dc=org objectclass: organizationalPerson objectclass: person objectclass: top objectclass: inetOrgPerson uid: wpsadmin userpassword: passw0rd sn: admin givenName: wps cn: wps admin dn: uid=wpsbind,cn=users,dc=portal,dc=xushuai,dc=org objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson uid: wpsbind userpassword: passw0rd sn: bind givenName: wps cn: wps bind dn: cn=wpsadmins,cn=groups,dc=portal,dc=xushuai,dc=org objectclass: groupOfUniqueNames objectclass: top uniquemember: uid=wpsadmin,cn=users,dc=portal,dc=xushuai,dc=org cn: wpsadmins完成后,将修改完成的LDIF数据上传至服务器中,此次上传至“/opt”目录。
方式1:使用idsldif2db命令导入LDIF数据TDS提供了idsldif2db命令可以完成LDIF文件的数据导入,命令如下:
./idsldif2db -I idsldap -i /opt/PortalUsers.ldif方式2:使用配置工具导入LDIF数据使用如下命令启动TDS实例配置工具:
./idsxcfg –I idsldap在左侧菜单中展开“LDIF tasks”节点,点击“Import LDIF data”菜单项,进入LDIF文件导入界面;
在“Path and LDIF file name”区域,点击“Browse”按钮,切换路径选择刚才上传的PortalUsers.ldif文件;
点击“OK”按钮,返回导入界面,下拉滚动条,点击界面右下部的Import按钮;
此时,系统将自动进行数据导入,并在“Task messages”界面中显示日志信息;
完成后系统弹出成功信息;
方式3:使用LDAPBrower等工具导入LDIF数据可以使用LDAP客户端工具完成LDIF数据的导入,比较常用的LDAP客户端工具有:LDAPBrower、Apache LDAP Studio等;
本章节使用LDAPBrowser演示如何使用工具导入LDIF数据;
使用LDAPBrowser配置LDAP服务器的连接参数,连接成功后点击工具栏中的LDIF,然后选择Import,找到导入的PortalUsers.ldif文件,然后点击Import按钮完成数据导入;
导入完成后的数据如下:
三、使用配置向导生成启用安全性脚本3.1、启动配置向导服务器实例配置向导服务器实例的路径和启动命令如下:
/opt/IBM/WebSphere/AppServer/profiles/cw_profile/bin ./startServer.sh server13.2、使用配置向导生成启用安全性脚本1、登录配置向导
在浏览器中输入配置向导地址:
http://192.168.121.135:10200/ibm/wizard输入管理员账号和密码后点击登录按钮进入配置向导主界面;
2、进入独立服务器的启用安全性配置界面
在配置向导主界面中依次点击“设置独立服务器-》启用联合安全性”;
3、设置启动联合安全性的系统信息
在系统信息界面中配置门户相关的系统信息,包括操作系统类型、概要文件名称和概要文件目录信息;
系统会自动检测这些信息并自动填充表单;
目标操作系统 | Linux |
目标Portal概要文件名称 | wp_profile |
目标Portal概要文件主目录 | /opt/IBM/WebSphere/wp_profile |
确认无误后点击右侧的箭头按钮进入下一步设置界面;
4、设置启用联合安全性的安全设置
用户注册表软件 | IBM Directory Server |
是否需要在门户网站服务器与用户注册表之间使用SSL | 否,不启用SSL |
门户网站是否可以更新LDAP注册表中的条目 | 否,门户网站无法修改条目 |
使用LDAP用户注册表中存储的管理员标识 | 是,请使用LDAP用户注册表中的标识 |
确认无误后点击右侧的箭头按钮进入下一步设置界面;
5、设置启用联合安全性的基于文件的管理员
WebSphere Applicatoin Server管理员标识 | wpsadmin |
WebSphere Applicatoin Server管理员密码 | ******** |
重新输入密码 | ******** |
WebSphere Portal管理员标识 | wpsadmin |
WebSphere Portal管理员密码 | ******** |
重新输入密码 | ******** |
确认无误后点击右侧的箭头按钮进入下一步设置界面;
6、设置启用联合安全性的用户注册表信息
LDAP存储库标识 | idsldap |
LDAP主机名 | wpstds.xushuai.org |
LDAP端口 | 389 |
基本专有名称 | dc=portal,dc=xushuai,dc=org |
绑定DN | cn=root |
绑定密码 | ******** |
重新输入密码 | ******** |
LDAP中的管理员组DN | cn=wpsadmins,cn=groups,dc=portal,dc=xushuai,dc=org |
LDAP中的管理员DN | uid=wpsadmin,cn=users,dc=portal,dc=xushuai,dc=org |
LDAP中的管理员密码 | ******** |
重新输入密码 | ******** |
确认无误后点击右侧的箭头按钮进入下一步设置界面;
7、进入启用联合安全性的配置界面
在该界面中,已经完成了启用联合安全性的参数配置,系统自动生成了配置脚本;
点击“下载配置脚本”链接下载配置脚本至本地,得到名称为“WorkflowInstanceScriptsAll.zip”的配置脚本。
四、执行脚本启用安全性4.1、执行脚本启用安全性步骤步骤 | 操作内容 |
1 | 验证 LDAP 服务器设置。 脚本:ValidateFederatedLDAP |
2 | 将 LDAP 用户注册表添加到缺省联合存储库。 |
3 | 更新在其中存储新用户和组的用户注册表。 |
4 | 注册 WebSphere Application Server 调度程序任务。 |
5 | 将基于文件的 WebSphere Portal 和 WebSphere Application Server 用户和组替换为 LDAP 服务器中的用户和组。 |
6 | 完成安全更改后,重新启动服务器。 |
7 | 更新搜索管理用户。 |
8 | 更改安全模型之后,必须重新启动服务器。重新启动门户网站服务器。 |
9 | 验证所有已定义的属性是否在配置的 LDAP 用户注册表中可用。 |
10 | 手动步骤:映射属性以确保 WebSphere Portal 和 LDAP 服务器之间能够正常通信。 |
使用FTP工具将下载得到的启用安全性脚本压缩包上传至服务器;
使用unzip命令解压压缩包并给所有文件赋予执行权限;
4.3、执行启用安全性1、验证LDAP服务器设置执行scripts目录下名为“ValidateFederatedLDAP.sh”的脚本可以验证LDAP服务器设置正确性。
cd /opt/WorkflowInstanceScriptsAll/scripts ./ValidateFederatedLDAP.sh2、将LDAP用户注册表添加到缺省联合存储库执行scripts目录下名为“EnableFederatedLDAPSecurity.sh”的脚本可以将LDAP用户注册表添加到缺省联合存储库中;
cd /opt/WorkflowInstanceScriptsAll/scripts ./EnableFederatedLDAPSecurity.sh3、更新在其中存储新用户和组的用户注册表执行scripts目录下名为“SetEntityTypes.sh”脚本可以更新在其中存储新用户和组的用户注册表;
cd /opt/WorkflowInstanceScriptsAll/scripts ./SetEntityTypes.sh结果:在执行此脚本的过程中发生错误,构建失败,后续内容无法执行。试验多次均同样效果,甚是郁闷。。。
五、启用安全性错误信息在启用安全性的时候完整错误信息如下所示:
/opt/IBM/WebSphere/ConfigEngine/config/includes/wp_security_pub.xml:1000: Update entity type failed. at com.ibm.wplc.deploy.tasks.impl.SupportedEntityTypeUpdateImpl.execute(SupportedEntityTypeUpdateImpl.java:39) at com.ibm.wplc.deploy.tasks.AbstractBaseAdminTask.executeBean(AbstractBaseAdminTask.java:541) at com.ibm.wplc.deploy.tasks.AbstractBaseAdminTask.executeTask(AbstractBaseAdminTask.java:525) at com.ibm.wplc.deploy.tasks.AbstractBaseWsAdminWrapperTask.executeTask(AbstractBaseWsAdminWrapperTask.java:395) at com.ibm.wplc.deploy.tasks.AbstractBaseAdminTask.execute(AbstractBaseAdminTask.java:175) at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275) at org.apache.tools.ant.Task.perform(Task.java:364) at org.apache.tools.ant.Target.execute(Target.java:341) at org.apache.tools.ant.Target.performTasks(Target.java:369) at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216) at org.apache.tools.ant.Project.executeTarget(Project.java:1185) at com.ibm.wps.config.tasks.AntCallTask.execute(AntCallTask.java:133) at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275) at org.apache.tools.ant.Task.perform(Task.java:364) at org.apache.tools.ant.Target.execute(Target.java:341) at org.apache.tools.ant.Target.performTasks(Target.java:369) at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216) at org.apache.tools.ant.Project.executeTarget(Project.java:1185) at com.ibm.wps.config.tasks.AntCallTask.execute(AntCallTask.java:133) at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275) at org.apache.tools.ant.Task.perform(Task.java:364) at org.apache.tools.ant.Target.execute(Target.java:341) at org.apache.tools.ant.Target.performTasks(Target.java:369) at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216) at org.apache.tools.ant.Project.executeTarget(Project.java:1185) at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:40) at org.apache.tools.ant.Project.executeTargets(Project.java:1068) at org.apache.tools.ant.Main.runBuild(Main.java:668) at org.apache.tools.ant.Main.startAnt(Main.java:187) at org.apache.tools.ant.Main.start(Main.java:150) at com.ibm.wps.config.ConfigEngine.process(ConfigEngine.java:981) at com.ibm.wps.config.ConfigEngine.main(ConfigEngine.java:219) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:618) at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java) at org.python.core.PyMethod.__call__(PyMethod.java) at org.python.core.PyObject.__call__(PyObject.java) at org.python.core.PyInstance.invoke(PyInstance.java) at org.python.pycode._pyx50.f$0(<string>:78) at org.python.pycode._pyx50.call_function(<string>) at org.python.core.PyTableCode.call(PyTableCode.java) at org.python.core.PyCode.call(PyCode.java) at org.python.core.Py.runCode(Py.java) at org.python.core.Py.exec(Py.java) at org.python.util.PythonInterpreter.exec(PythonInterpreter.java) at com.ibm.bsf.engines.jython.JythonEngine$BSFPythonInterpreter.exec(Unknown Source) at com.ibm.bsf.engines.jython.JythonEngine.exec(Unknown Source) at com.ibm.bsf.BSFManager$6.run(Unknown Source) at java.security.AccessController.doPrivileged(AccessController.java:330) at com.ibm.bsf.BSFManager.exec(Unknown Source) at com.ibm.ws.scripting.AbstractShell.executeScript(AbstractShell.java:1214) at com.ibm.ws.scripting.AbstractShell.run(AbstractShell.java:2271) at com.ibm.ws.scripting.WasxShell.main(WasxShell.java:1108) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:618) at com.ibm.wsspi.bootstrap.WSLauncher.launchMain(WSLauncher.java:234) at com.ibm.wsspi.bootstrap.WSLauncher.main(WSLauncher.java:96) at com.ibm.wsspi.bootstrap.WSLauncher.run(WSLauncher.java:77) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:618) at org.eclipse.equinox.internal.app.EclipseAppContainer.callMethodWithException(EclipseAppContainer.java:587) at org.eclipse.equinox.internal.app.EclipseAppHandle.run(EclipseAppHandle.java:198) at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.runApplication(EclipseAppLauncher.java:110) at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.start(EclipseAppLauncher.java:79) at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:369) at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:179) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:618) at org.eclipse.core.launcher.Main.invokeFramework(Main.java:340) at org.eclipse.core.launcher.Main.basicRun(Main.java:282) at org.eclipse.core.launcher.Main.run(Main.java:981) at com.ibm.wsspi.bootstrap.WSPreLauncher.launchEclipse(WSPreLauncher.java:380) at com.ibm.wsspi.bootstrap.WSPreLauncher.main(WSPreLauncher.java:151) Caused by: com.ibm.websphere.management.cmdframework.CommandException: javax.management.JMRuntimeException: CWWMN0022E: Access is denied for the getCommandMetaInfo operation on RemoteCommandMgr MBean because of insufficient or empty credentials. at com.ibm.ws.management.cmdframework.impl.ClientCommandMgr.initCommandMetadata(ClientCommandMgr.java:361) at com.ibm.ws.management.cmdframework.impl.ClientCommandMgr.createCommand(ClientCommandMgr.java:295) at com.ibm.wplc.deploy.tasks.impl.SupportedEntityTypeUpdateImpl.runUpdateCommand(SupportedEntityTypeUpdateImpl.java:56) at com.ibm.wplc.deploy.tasks.impl.SupportedEntityTypeUpdateImpl.execute(SupportedEntityTypeUpdateImpl.java:31) ... 80 more Caused by: javax.management.JMRuntimeException: CWWMN0022E: Access is denied for the getCommandMetaInfo operation on RemoteCommandMgr MBean because of insufficient or empty credentials. at com.ibm.ws.management.connector.soap.SOAPConnectorClient.handleAdminFault(SOAPConnectorClient.java:959) at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invokeTemplateOnce(SOAPConnectorClient.java:924) at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invokeTemplate(SOAPConnectorClient.java:689) at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invokeTemplate(SOAPConnectorClient.java:679) at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invoke(SOAPConnectorClient.java:665) at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invoke(SOAPConnectorClient.java:487) at com.sun.proxy.$Proxy2.invoke(Unknown Source) at com.ibm.ws.management.AdminClientImpl.invoke(AdminClientImpl.java:224) at com.ibm.ws.management.cmdframework.impl.ClientCommandMgr.initCommandMetadata(ClientCommandMgr.java:317) ... 83 more --- Nested Exception --- com.ibm.websphere.management.cmdframework.CommandException: javax.management.JMRuntimeException: CWWMN0022E: Access is denied for the getCommandMetaInfo operation on RemoteCommandMgr MBean because of insufficient or empty credentials. at com.ibm.ws.management.cmdframework.impl.ClientCommandMgr.initCommandMetadata(ClientCommandMgr.java:361) at com.ibm.ws.management.cmdframework.impl.ClientCommandMgr.createCommand(ClientCommandMgr.java:295) at com.ibm.wplc.deploy.tasks.impl.SupportedEntityTypeUpdateImpl.runUpdateCommand(SupportedEntityTypeUpdateImpl.java:56) at com.ibm.wplc.deploy.tasks.impl.SupportedEntityTypeUpdateImpl.execute(SupportedEntityTypeUpdateImpl.java:31) at com.ibm.wplc.deploy.tasks.AbstractBaseAdminTask.executeBean(AbstractBaseAdminTask.java:541) at com.ibm.wplc.deploy.tasks.AbstractBaseAdminTask.executeTask(AbstractBaseAdminTask.java:525) at com.ibm.wplc.deploy.tasks.AbstractBaseWsAdminWrapperTask.executeTask(AbstractBaseWsAdminWrapperTask.java:395) at com.ibm.wplc.deploy.tasks.AbstractBaseAdminTask.execute(AbstractBaseAdminTask.java:175) at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275) at org.apache.tools.ant.Task.perform(Task.java:364) at org.apache.tools.ant.Target.execute(Target.java:341) at org.apache.tools.ant.Target.performTasks(Target.java:369) at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216) at org.apache.tools.ant.Project.executeTarget(Project.java:1185) at com.ibm.wps.config.tasks.AntCallTask.execute(AntCallTask.java:133) at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275) at org.apache.tools.ant.Task.perform(Task.java:364) at org.apache.tools.ant.Target.execute(Target.java:341) at org.apache.tools.ant.Target.performTasks(Target.java:369) at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216) at org.apache.tools.ant.Project.executeTarget(Project.java:1185) at com.ibm.wps.config.tasks.AntCallTask.execute(AntCallTask.java:133) at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275) at org.apache.tools.ant.Task.perform(Task.java:364) at org.apache.tools.ant.Target.execute(Target.java:341) at org.apache.tools.ant.Target.performTasks(Target.java:369) at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216) at org.apache.tools.ant.Project.executeTarget(Project.java:1185) at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:40) at org.apache.tools.ant.Project.executeTargets(Project.java:1068) at org.apache.tools.ant.Main.runBuild(Main.java:668) at org.apache.tools.ant.Main.startAnt(Main.java:187) at org.apache.tools.ant.Main.start(Main.java:150) at com.ibm.wps.config.ConfigEngine.process(ConfigEngine.java:981) at com.ibm.wps.config.ConfigEngine.main(ConfigEngine.java:219) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:618) at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java) at org.python.core.PyMethod.__call__(PyMethod.java) at org.python.core.PyObject.__call__(PyObject.java) at org.python.core.PyInstance.invoke(PyInstance.java) at org.python.pycode._pyx50.f$0(<string>:78) at org.python.pycode._pyx50.call_function(<string>) at org.python.core.PyTableCode.call(PyTableCode.java) at org.python.core.PyCode.call(PyCode.java) at org.python.core.Py.runCode(Py.java) at org.python.core.Py.exec(Py.java) at org.python.util.PythonInterpreter.exec(PythonInterpreter.java) at com.ibm.bsf.engines.jython.JythonEngine$BSFPythonInterpreter.exec(Unknown Source) at com.ibm.bsf.engines.jython.JythonEngine.exec(Unknown Source) at com.ibm.bsf.BSFManager$6.run(Unknown Source) at java.security.AccessController.doPrivileged(AccessController.java:330) at com.ibm.bsf.BSFManager.exec(Unknown Source) at com.ibm.ws.scripting.AbstractShell.executeScript(AbstractShell.java:1214) at com.ibm.ws.scripting.AbstractShell.run(AbstractShell.java:2271) at com.ibm.ws.scripting.WasxShell.main(WasxShell.java:1108) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:618) at com.ibm.wsspi.bootstrap.WSLauncher.launchMain(WSLauncher.java:234) at com.ibm.wsspi.bootstrap.WSLauncher.main(WSLauncher.java:96) at com.ibm.wsspi.bootstrap.WSLauncher.run(WSLauncher.java:77) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:618) at org.eclipse.equinox.internal.app.EclipseAppContainer.callMethodWithException(EclipseAppContainer.java:587) at org.eclipse.equinox.internal.app.EclipseAppHandle.run(EclipseAppHandle.java:198) at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.runApplication(EclipseAppLauncher.java:110) at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.start(EclipseAppLauncher.java:79) at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:369) at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:179) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:618) at org.eclipse.core.launcher.Main.invokeFramework(Main.java:340) at org.eclipse.core.launcher.Main.basicRun(Main.java:282) at org.eclipse.core.launcher.Main.run(Main.java:981) at com.ibm.wsspi.bootstrap.WSPreLauncher.launchEclipse(WSPreLauncher.java:380) at com.ibm.wsspi.bootstrap.WSPreLauncher.main(WSPreLauncher.java:151) Caused by: javax.management.JMRuntimeException: CWWMN0022E: Access is denied for the getCommandMetaInfo operation on RemoteCommandMgr MBean because of insufficient or empty credentials. at com.ibm.ws.management.connector.soap.SOAPConnectorClient.handleAdminFault(SOAPConnectorClient.java:959) at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invokeTemplateOnce(SOAPConnectorClient.java:924) at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invokeTemplate(SOAPConnectorClient.java:689) at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invokeTemplate(SOAPConnectorClient.java:679) at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invoke(SOAPConnectorClient.java:665) at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invoke(SOAPConnectorClient.java:487) at com.sun.proxy.$Proxy2.invoke(Unknown Source) at com.ibm.ws.management.AdminClientImpl.invoke(AdminClientImpl.java:224) at com.ibm.ws.management.cmdframework.impl.ClientCommandMgr.initCommandMetadata(ClientCommandMgr.java:317) ... 83 more Failed ANT script: /opt/IBM/WebSphere/ConfigEngine/config/includes/wp_security_pub.xml:1000: Failed target: commit-admin-changes Failed task: Task name could not be determined. Please check the line number below for target details. Probable failed component: ConfigEngine ------ Target Stack Trace ------ commit-admin-changes wp-update-entitytype wp-update-entitytypes wp-set-entitytypes ------Target Excerpt ------ 950: wasuser="${WasUserid}" 951: waspassword="${WasPassword}" 952: name="${realmName}" 953: deleteBaseEntry="${temp.delete.baseDN}"> 954: </wplc-delete-realm-baseentry> 955: </then> 956: <else> 957: <echo message="Base entries for realm '${realmName}' propRealmBaseEntryList: '${propRealmBaseEntryList}' does not contain '${temp.delete.baseDN}'. Nothing to do"/> 958: </else> 959: </if> 960: 961: </target> 962: 963: <!-- query realm --> 964: <target name="wp-query-realm"> 965: <wplc-query-realm 966: cell="${CellName}" 967: wasuser="${WasUserid}" 968: waspassword="${WasPassword}"> 969: </wplc-query-realm> 970: </target> 971: 972: <!-- query realm base entry --> 973: <target name="wp-query-realm-baseentry"> 974: <wplc-query-realm-baseentry 975: cell="${CellName}" 976: wasuser="${WasUserid}" 977: waspassword="${WasPassword}" 978: name="${realmName}"> 979: </wplc-query-realm-baseentry> 980: </target> 981: 982: 983: <!-- set default realm --> 984: <target name="wp-default-realm" depends="validate-default-realm"> 985: 986: <wplc-default-realm 987: cell="${CellName}" 988: wasuser="${WasUserid}" 989: waspassword="${WasPassword}" 990: name="${defaultRealmName}"> 991: </wplc-default-realm> 992: </target> 993: 994: <!-- update entity type --> 995: <target name="wp-update-entitytype"> 996: <wplc-update-supported-entitytype 997: cell="${CellName}" 998: wasuser="${WasUserid}" 999: waspassword="${WasPassword}" 1000:**> name="${entityTypeName}"> 1001: <attribute name="defaultParent" value="${defaultParent}"/> 1002: <attribute name="rdnProperties" value="${rdnProperties}"/> 1003: </wplc-update-supported-entitytype> 1004: </target> 1005: 1006: <!-- update 3 entity types --> 1007: <target name="wp-update-entitytypes"> 1008: <antcall target="wp-update-entitytype" > 1009: <param name="entityTypeName" value="PersonAccount"/> 1010: <param name="defaultParent" value="${personAccountParent}"/> 1011: <param name="rdnProperties" value="${personAccountRdnProperties}"/> 1012: </antcall> 1013: <antcall target="wp-update-entitytype" > 1014: <param name="entityTypeName" value="Group"/> 1015: <param name="defaultParent" value="${groupParent}"/> 1016: <param name="rdnProperties" value="${groupRdnProperties}"/> 1017: </antcall> 1018: </target> 1019: 1020: <!-- set entity type --> 1021: <target name="wp-set-entitytype"> 1022: <antcall target="wp-update-entitytype" > 1023: <param name="entityTypeName" value="${entityTypeName}"/> 1024: <param name="defaultParent" value="${defaultParent}"/> 1025: <param name="rdnProperties" value=""/> 1026: </antcall> 1027: <antcall target="wp-update-entitytype" > 1028: <param name="entityTypeName" value="${entityTypeName}"/> 1029: <param name="defaultParent" value="${defaultParent}"/> 1030: <param name="rdnProperties" value="${rdnProperties}"/> 1031: </antcall> 1032: </target> 1033: 1034: 1035: <!-- set 3 entity types --> 1036: <target name="wp-set-entitytypes"> 1037: <!-- delete old RDN entries --> 1038: <property name="localPersonAccountRdnProperties" value="${personAccountRdnProperties}" overwrite="true"/> 1039: <property name="localGroupRdnProperties" value="${groupRdnProperties}" overwrite="true"/> 1040: <antcall target="wp-update-entitytypes" > 1041: <param name="personAccountRdnProperties" value=""/> 1042: <param name="groupRdnProperties" value=""/> 1043: </antcall> 1044: 1045: <!-- add RDN entries --> 1046: <antcall target="wp-update-entitytypes" > 1047: <param name="personAccountRdnProperties" value="${localPersonAccountRdnProperties}"/> 1048: <param name="groupRdnProperties" value="${localGroupRdnProperties}"/> 1049: </antcall> 1050: ------- Properties and values used in the failed target ------- os.arch=amd64 WasUserid=wpsadmin entityTypeName=PersonAccount WasPassword=PASSWORD_REMOVED ConfigEngineSoapTimeout=${ConfigEngineSoapTimeout} EngineRootDir=/opt/IBM/WebSphere/ConfigEngine rdnProperties= enableAawsiTrace=${enableAawsiTrace} EngineInstallLocation=/opt/IBM/WebSphere/wp_profile/ConfigEngine WasRemoteHostName=wps85srv WasSoapPort=10033 CellName=wps85srvCell defaultParent=o=defaultWIMFileBasedRealm错误信息提炼:
CWWMN0022E: Access is denied for the getCommandMetaInfo operation on RemoteCommandMgr MBean because of insufficient or empty credentials.
如果觉得我的文章对您有用,请点赞。您的支持将鼓励我继续创作!
赞0
添加新评论0 条评论