# # Install Security Settings. # #################################################################### # Patrick Finnegan 29/01/2007. V1. #################################################################### ###################################### # List current Security settings. ###################################### proc installSecurity { propertiesFile } { global AdminConfig # display procedure arguments. putsLog "proc - [info level 0 ]" foreach i [ info args installSecurity ] { upvar 0 $i ilocal set propertiesArray($i) $ilocal } putsLog "properties are.................." foreach { a b } [ array get propertiesArray ] { putsLog [ format "%-35s %s" "$a" "$b" ] } # get the Security object and display the current Security setting. # there may be more than one security object. Get the one at cell level. set cellName [ $AdminConfig showAttribute [ $AdminConfig list Cell ] name ] set securityId [$AdminConfig getid /Cell:$cellName/Security:/] putsLog "existing security propperties are:............" set securityId [$AdminConfig getid /Cell:$cellName/Security:/] putsLog [ format "%-5s %-30s %-50s" " " enabled [ $AdminConfig showAttribute $securityId enabled ]] putsLog [ format "%-5s %-30s %-50s" " " enforceJava2Security [ $AdminConfig showAttribute $securityId enforceJava2Security ]] putsLog [ format "%-5s %-30s %-50s" " " appEnabled [ $AdminConfig showAttribute $securityId appEnabled ]] putsLog [ format "%-5s %-30s %-50s" " " cacheTimeout [ $AdminConfig showAttribute $securityId cacheTimeout ]] putsLog [ format "%-5s %-30s %-50s" " " activeUserRegistryId [ $AdminConfig showAttribute $securityId activeUserRegistry ]] putsLog "new security properties are:............" if { [ catch { hashMapList $propertiesFile } r ] == 0 } { set propertiesList $r foreach a $propertiesList { putsLog [ format "%-5s %-40s %-s" " " [ lindex $a 0 ] [ lindex $a 1 ] ] } } else { return -code error $r } # call the hashMap proc which returns a Property object populated with property file values. if { [ catch { hashMap $propertiesFile } r ] == 0 } { set PropertyI $r } else { return -code error $r } # set the Security properties. set attrList [ setSecurityProperties $PropertyI ] putsLog "New Attributes: $attrList" if { [ catch { $AdminConfig modify $securityId $attrList } r ] == 0 } { putsLog "************************************" putsLog "Security modified successfully:" putsLog $r putsLog "************************************" } else { putsLog "************************************" putsLog "ERROR: problem modifying Security" putsLog $r putsLog "************************************" return -code error $r } } ###################################### # set Security Properties. ###################################### proc setSecurityProperties { PropertyI } { global AdminConfig putsLog "proc - [info level 0 ]" foreach i [ info args setProperties ] { upvar 0 $i ilocal set propertiesArray($i) $ilocal } putsLog "procedure arguments are: .................." foreach { a b } [ array get propertiesArray ] { putsLog [ format "%-35s %s" "$a" "$b" ] } set enabled [ list enabled [ $PropertyI getProperty security.enabled ] ] set enforceJava2Security [ list enforceJava2Security [ $PropertyI getProperty security.enforceJava2Security ] ] set appEnabled [ list appEnabled [ $PropertyI getProperty security.appEnabled ] ] set cacheTimeout [ list cacheTimeout [ $PropertyI getProperty security.cacheTimeout ] ] if { [ catch { $AdminConfig list LDAPUserRegistry } r ] == 0 } { set LDAPUserRegistryId $r } else { putsLog "problem accessing LDAP user registry ID." putsLog $r putsLog "************************************" return -code error $r } set activeUserRegistry [ list activeUserRegistry $LDAPUserRegistryId ] set attrList [ list $enabled $enforceJava2Security $appEnabled $cacheTimeout $activeUserRegistry ] return $attrList }