Sun Java System Application Server 9.1 Administration Guide

Appendix C The asadmin Utility

The Application Server includes a command-line administration utility known as asadmin. Theasadmin utility is used to start and stop the Application Server, manage users, resources, and applications.

This chapter contains the following sections:

The asadmin Utility

Use the asadmin utility to perform any administrative tasks for the Application Server. You can use this asadmin utility in place of using the Administrator interface.

The asadmin utility invokes subcommands that identify the operation or task you wish to perform. Subcommands are case-sensitive. Short option arguments have a single dash (-); while long option arguments have two dashes (--). Options control how the utility performs a subcommand. Options are also case-sensitive. Most options require argument values except boolean options which toggle to switch a feature ON or OFF. Operands appear after the argument values, and are set off by a space, a tab, or double dashes (--). The asadmin utility treats anything that comes after the options and their values as an operand.

asadmin can be used in command shell invocation or multi command mode (known as multimode). In command shell invocation you invoke the asadmin utility from your command shell. asadmin executes the command, then exits. In multiple command mode, you invoke asadmin once, it then accepts multiple commands until you exit asadmin and return to the normal command shell invocation. Environment variables set while in multiple command mode are used for all subsequent commands until you exit multimode. You may provide commands by passing a previously prepared list of commands from a file or standard input (pipe). Additionally, you can invoke multimode from within a multimode session; once you exit the second multimode environment, you return to your original multimode environment.

You can also run the asadmin utility in interactive or non-interactive options. By default, the interactive option is enabled. It prompts you for the required arguments. You can use the interactive option in command shell invocation under all circumstances. You can use the interactive option in multimode when you run one subcommand at a time from the command prompt; and when you run in multimode from a file. Subcommands in multimode, when piped from an input stream, and subcommands invoked from another program, cannot run in the interactive option.

Local subcommands can be executed without the presence of an administration server. However, it is required that the user be logged into the machine hosting the domain in order to execute the subcommand and have access (permissions) for the installation and domain directories. Remote subcommands are always executed by connecting to an administration server and executing the subcommand there. A running administration server is required. All remote subcommands require the following options:

For subcommands that can be executed locally or remotely, if any one of the--host, --port, --user, and --passwordfile options are set, either in the environment or in the command line, the subcommand will run in remote mode. Additionally, for subcommands that can be executed locally or remotely, if the --local option is set to true, the subcommand will run locally. Also, if none of the local options are set, either on the command line or in the environment, the subcommand is executed locally by default. Setting the --local option to true overrides the local --host, --port, --user, and --passwordfile settings, even if specified. The subcommand will run in local mode.

Subcommands that can be executed locally accept the --domain option to specify the domain of interest which assumes the domain as the default domain if there is only one. If there is more than one domain, the --domain option is a required option. For subcommands that can be run locally or remotely, when run remotely with the--host, --port, --user, and --passwordfile options specified, the --domain option is ignored. The --domain option is ignored if the subcommand will be run in remote mode. Note that there is one administration instance per domain, so on a single machine with multiple domains, local execution must specify the domain, and remote execution must specify the --host, --port, --user, and --passwordfile options for the administration instance for that domain.

For security purposes, you can set the password for a subcommand from a file instead of entering the password at the command line. The --passwordfile option takes the file containing the passwords. The valid contents for the file are:


Example C–1 Passwordfile contents


AS_ADMIN_PASSWORD=value
AS_ADMIN_ADMINPASSWORD=value
AS_ADMIN_USERPASSWORD=value
AS_ADMIN_MASTERPASSWORD=value

If AS_ADMIN_PASSWORD has been exported to the global environment, specifying the --passwordfile option will produce a warning about using the --password option. Unset AS_ADMIN_PASSWORD to prevent this from happening. The master password is not propagated on the command line or an environment variable, but can be specified in the passwordfile.

To use the --secure option, you must use the set command to enable the security --enabled flag in the admin http-listener in the domain.xml. When you use the asadmin subcommands to create and/or delete, you must restart the server for the newly created command to take affect. Use the start-domain command to restart the server.

To access the manpages for the Application Server command-line interface subcommands on the Solaris platform, add $AS_INSTALL/man to your MANPATH environment variable.

You can obtain overall usage information for any of the asadmin utility subcommands by invoking the --help option. If you specify a subcommand, the usage information for that subcommand is displayed. Using the --helpoption without a subcommand displays a listing of all the available subcommands.

Common Options for Remote Commands

All the remote commands require the following common options:

Table C–1 Remote Commands Required Options

Option 

Definition 

--host

The machine name where the domain administration server is running. The default value is localhost. 

--port

The HTTP/S port for administration. This is the port to which you should point your browser in order to manage the domain. For example, http://localhost:4848. The default port number is 4848.

--user

The authorized domain administration server administrative username. If you have authenticated to a domain using the asadmin login command, then you need not specify the --user option on subsequent operations to this particular domain.

--passwordfile

The --passwordfile option specifies the name of a file containing the password entries in a specific format. The entry for the password must have the AS_ADMIN_ prefix followed by the password name in uppercase letters.

For example, to specify the domain administration server password, use an entry with the following format: AS_ADMIN_PASSWORD=password, where password is the actual administrator password. Other passwords that can be specified include AS_ADMIN_MAPPEDPASSWORD, AS_ADMIN_USERPASSWORD, and AS_ADMIN_ALIASPASSWORD.

All remote commands must specify the admin password to authenticate to the domain administration server, either through--passwordfile or asadmin login, or interactively on the command prompt. The asadmin login command can be used only to specify the admin password. For other passwords, that must be specified for remote commands, use the --passwordfile or enter them at the command prompt.

If you have authenticated to a domain using the asadmin login command, then you need not specify the admin password through the --passwordfile option on subsequent operations to this particular domain. However, this is applicable only to AS_ADMIN_PASSWORD option. You will still need to provide the other passwords, for example, AS_ADMIN_USERPASSWORD, as and when required by individual commands, such as update-file-user.

For security reasons, passwords specified as an environment variable will not be read by asadmin.

--secure

If set to true, uses SSL/TLS to communicate with the domain administration server. 

--interactive

If set to true (default), only the required password options are prompted. 

--terse

Indicates that any output data must be very concise, typically avoiding human-friendly sentences and favoring well-formatted data for consumption by a script. Default is false. 

--echo

Setting to true will echo the command line statement on the standard output. Default is false. 

--help

Displays the help text for the command. 

The Multimode Command

Use the multimode command to process the asadmin commands. The command-line interface will prompt you for a command, execute that command, display the results of the command, and then prompt you for the next command. Additionally, all the asadmin option names set in this mode are used for all the subsequent commands. You can set your environment and run commands until you exit multimode by typing “exit” or “quit.” You can also provide commands by passing a previously prepared list of commands from a file or standard input (pipe). You can invokemultimode from within a multimodesession; once you exit the second multimode environment, you return to your original multimode environment.

The Get, Set, and List Commands

The asadmin get, set and list commands work in tandem to provide a navigation mechanism for the Application Server's abstract hierarchy. There are two hierarchies: configuration and monitoring and these commands operate on both. The list command provides the fully qualified dotted names of the management components that have read-only or modifiable attributes.

The configurationhierarchy provides attributes that are modifiable; whereas the attributes of management components from monitoring hierarchy are purely read-only. The configuration hierarchy is loosely based on the domain's schema document; whereas the monitoringhierarchy is a little different.

Use the list command to reach a particular management component in the desired hierarchy. Then, invoke the getand set commands to get the names and values or set the values of the attributes of the management component at hand. Use the wildcard (*) option to fetch all matches in a given fully qualified dotted name. See the examples for further clarification of the possible navigation of the hierarchies and management components.

An application server dotted name uses the “.” (period) as a delimiter to separate the parts of a complete name. This is similar to how the “/” character is used to delimit the levels in the absolute path name of a file in the UNIX file system. The following rules apply while forming the dotted names accepted by the get, set, and list commands. Note that a specific command has some additional semantics applied.

The list command is the progenitor of navigational capabilities of these three commands. If you want to set or get attributes of a particular application server subsystem, you must know its dotted name. The list command is the one which can guide you to find the dotted name of that subsystem. For example, to find out the modified date (attribute) of a particular file in a large file system that starts with /. First you must find out the location of that file in the file system, and then look at its attributes. Therefore, two of the first commands to understand the hierarchies in appserver are: * list "*" and <command>* list * --monitor. Consult the get set or list commands manpages to identify the sorted output of these commands.

Server Lifecycle Commands

The server lifecycle commands are commands that create, delete, or start, stop a domain, or an instance.

Table C–2 Server Lifecycle Commands

Command 

Definition 

create-domain

Creates the configuration of a domain. A domain is an administrative namespace. Every domain has a configuration, which is stored in a set of files. Any number of domains each of which has a distinct administrative identity can be created in a given installation of application server. A domain can exist independent of other domains. Any user who has access to the asadmin script on a given system can create a domain and store its configuration in a folder of choice. By default, the domain configuration is created in the install_dir/domains directory. You can override this location to store the configuration elsewhere.

delete-domain

Deletes the named domain. The domain must already exist and must be stopped. 

start-domain

Starts a domain. If the domain directory is not specified, the domain in the default install_dir/domains directory is started. If there are two or more domains, the domain_name operand must be specified.

stop-domain

Stops the Domain Administration Server of the specified domain. 

restore-domain

Restores files under the domain from a backup directory. 

list-domains

Lists the domain. If the domain directory is not specified, the domain in the default install_dir/domains directory is listed. If there is more than one domain, the domain_name operand must be specified.

backup-domain

Backs up files under the named domain. 

login

Lets you log in to a domain. If various application server domains are created on various machines (locally), asadmin invocation from any of these machines can manage the domains located elsewhere (remotely). This comes in handy especially when a particular machine is chosen as an administration client and it manages multiple domains and servers. asadmin commands that are used to manage domains located elsewhere are called remote commands. The asadmin login command eases the administration of such remote domains. The login command runs only in the interactive mode. It prompts you for the admin user name and password. On successful login, the file .asadminpass will be created in the user's home directory. This is the same file that is modified during the create-domain command while using the --savelogin option. The domain must be running for this command to run.

create-instance

Creates a new server instance residing on a local or remote machine. 

delete-instance

Deletes the server instance. This command can be run remotely or locally. The user authenticates using the password identified for the administration server. Additionally, the instance must already exist within the domain served by the administration server. Use this command with discretion since it is destructive and cannot be undone. 

List and Status Commands

The list and status commands display the status of a deployed component.

Table C–3 List and Status Commands

Command 

Definition 

show-component-status

Gets the status of the deployed component. The status is a string representation returned by the server. The possible status strings include status of app-name is enabled or status of app-name is disabled.

list-components

Lists all deployed Java EE 5 components. If the --typeoption is not specified, all components are listed.

list-sub-components

Lists EJBs or Servlets in a deployed module or in a module of the deployed application. If a module is not identified, all modules are listed. 

enable

Enables the specified component. If the component is already enabled, then it is re-enabled. The component must have been deployed in order to be enabled. If it has not been deployed, then an error message is returned. 

disable

Immediately disables the named component. The component must have been deployed. If the component has not been deployed, an error message is returned. 

export

Marks a variable name for automatic export to the environment of subsequent commands. All subsequent commands use the variable name value as specified unless you unset them or exit multimode. 

get

Gets the names and values of attributes. 

set

Sets the values of one or more configurable attribute. 

list

Lists the configurable element. On Solaris, quotes are needed when executing commands with * as the option value or operand.

unset

Removes one or more variables you set for the multimode environment. The variables and their associated values will no longer exist in the environment. 

Deployment Commands

The deployment commands deploy an application or get the client stubs.

Table C–4 Deployment Commands

Command 

Definition 

deploy

Deploys an enterprise application, web application, EJB module, connector module, or application client module. If the component is already deployed or already exists, it is forcefully redeployed if the --force option is set to true.

deploydir

Deploys an application directly from a development directory. The appropriate directory hierarchy and deployment descriptors conforming to the Java EE specification must exist in the deployment directory. 

get-client-stubs

Gets the client stubs JAR file for an AppClient standalone module or an application containing the AppClient module, from the server machine to the local directory. The application or module should be deployed before executing this command.

Version Commands

The version commands return the version string, display a list of all the asadmin commands, and allow you to install the license file.

Table C–5 Version Commands

Command 

Definition 

version

Displays the version information. If the command cannot communicate with the administration server with the given user/password and host/port, then the command will retrieve the version locally and display a warning message. 

help

Displays a list of all the asadmin utility commands. Specify the command to display the usage information for that command

install-license

Prevents unauthorized use of the Application Server. Allows you to install the license file. 

shutdown

Gracefully brings down the administration server and all the running instances. You must manually start the administration server to bring it up again. 

Message Queue Administration Commands

The Message Queue administration commands allow you to manage the JMS destinations.

Table C–6 Message Queue Commands

Command 

Definition 

create-jmsdest

Creates a JMS physical destination. Along with the physical destination, you use the create-jms-resource command to create a JMS destination resource that has a Name property that specifies the physical destination.

delete-jmsdest

Removes the specified JMS destination. 

flush-jmsdest

Purges the messages from a physical destination in the specified target's JMS Service configuration.  

list-jmsdest

Lists the JMS physical destinations. 

jms-ping

Checks if the JMS service (also known as the JMS provider) is up and running. When you start the Application Server, the JMS service starts by default. Additionally, it pings only the default JMS host within the JMS service. It displays an error message when it is unable to ping a built-in JMS service. 

Resource Management Commands

The resource commands allow you to manage the various resources used in your application.

Table C–7 Resource Management Commands

Command 

Definition 

create-jdbc-connection-pool

Registers a new JDBC connection pool with the specified JDBC connection pool name. 

delete-jdbc-connection-pool

Deletes a JDBC connection pool. The operand identifies the JDBC connection pool to be deleted. 

list-jdbc-connection-pools

Gets the JDBC connection pools that have been created. 

create-jdbc-resource

Creates a new JDBC resource. 

delete-jdbc-resource

Removes a JDBC resource with the specified JNDI name. 

list-jdbc-resources

Displays a list of JDBC resources that have been created. 

create-jms-resource

Creates a Java Message Service (JMS) connection factory resource or a JMS destination resource. 

delete-jms-resource

Removes the specified JMS resource. 

list-jms-resources

Lists the existing JMS resources (destination and connection factory resources). 

create-jndi-resource

Registers a JNDI resource. 

delete-jndi-resource

Removes the JNDI resource with the specified JNDI name. 

list-jndi-resources

Identifies all the existing JNDI resources. 

list-jndi-entries

Browses and queries the JNDI tree. 

create-javamail-resource

Creates a JavaMail session resource. 

delete-javamail-resource

Removes the specified JavaMail session resource. 

list-javamail-resources

Lists the existing JavaMail session resources. 

create-persistence-resource

Registers a persistence resource. 

delete-persistence-resource

Removes a persistence resource. When you delete a persistence resource, the command also removes the JDBC resource if it was created using the create-persistence-resource command.

list-persistence-resources

Displays all the persistence resources. 

create-custom-resource

Creates a custom resource. A custom resource specifies a custom server-wide resource object factory that implements the javax.naming.spi.ObjectFactory interface.

delete-custom-resource

Removes a custom resource. 

list-custom-resources

Lists the custom resources. 

create-connector-connection-pool

Adds a new connector connection pool with the specified connection pool name. 

delete-connector-connection-pool

Removes the connector connection pool specified using the operand connector_connection_pool_name.

list-connector-connection-pools

Lists the connector connection pools that have been created. 

create-connector-resource

Registers the connector resource with the specified JNDI name. 

delete-connector-resource

Removes the connector resource with the specified JNDI name. 

list-connector-resources

Gets all the connector resources. 

create-admin-object

Creates the administered object that has a specified JNDI name. 

delete-admin-object

Removes the administered object with the specified JNDI name. 

list-admin-objects

Lists all the administered objects. 

create-resource-adapter-config

Creates configuration information for the connector module. 

delete-resource-adapter-config

Deletes the configuration information created in domain.xml for the connector module.

list-resource-adapter-configs

lists the configuration information in the domain.xml for the connector module

add-resources

Creates the resources named in the specified XML file. The xml_file_path is the path to the XML file containing the resources to be created. The DOCTYPE should be specified as install_dir/lib/dtds/sun-resources_1_2.dtd in the resources.xml file.

ping-connection-pool

tests if a connection pool is usable for both JDBC connection pools and connector connection pools. For example, if you create a new JDBC connection pool for an application that is expected to be deployed later, the JDBC pool is tested with this command before deploying the application. Before pinging a connection pool, you must create the connection pool with authentication and ensure that the enterprise server or database is started. 

Configuration Commands

The configuration commands allow you to construct IIOP listeners, lifecycle modules, HTTP and IIOP listeners, profilers, and other subsystems.

This section contains the following topics:

HTTP and IIOP Listener Commands

The HTTP and IIOP listener commands help you manage listeners. These commands are supported in remote mode only.

Table C–8 IIOP Listener Commands

Command 

Definition 

create-http-listener

Adds a new HTTP listener socket. 

delete-http-listener

Removes the specified HTTP listener. 

list-http-listeners

Lists the existing HTTP listener. 

create-iiop-listener

Creates an IIOP listener. 

delete-iiop-listener

Removes the specified IIOP listener. 

list-iiop-listeners

Lists the existing IIOP listeners. 

Lifecycle and Audit Module Commands

The lifecycle and audit module commands help you control lifecycle modules and optional plugin modules which implement audit capabilities. The commands are supported in remote mode only.

Table C–9 Lifecycle Module Commands

Command 

Definition 

create-lifecycle-module

Creates a lifecycle module. The lifecycle modules provide a means of running short or long duration Java-based tasks within the application server environment. 

delete-lifecycle-module

Removes the specified lifecycle module. 

list-lifecycle-modules

Lists the existing lifecycle module. 

create-audit-module

Adds the named audit module for the plug-in module that implements the audit capabilities. 

delete-audit-module

Removes the named audit module. 

list-audit-modules

Lists all the audit modules. 

Profiler and SSL Commands

The Profiler and SSL commands allow you to administrate profilers and SSL client configurations. These commands are supported in remote mode only.

Table C–10 Profiler and SSL Commands

Command 

Definition 

create-profiler

Creates the profiler element. A server instance is tied to a particular profiler, by the profiler element in the Java configuration. Changing a profiler requires you to restart the server. 

delete-profiler

Deletes the profiler element you specify. A server instance is tied to a particular profiler by the profiler element in the Java configuration. Changing a profiler requires you to restart the server. 

create-ssl

Creates and configures the SSL element in the selected HTTP listener, IIOP listener, or IIOP service to enable secure communication on that listener/service. 

delete-ssl

Deletes the SSL element in the selected HTTP listener, IIOP listener, or IIOP service. 

JVM Options and Virtual Server Commands

The JVM options and Virtual Server commands allow you to control these elements. These commands are supported in remote mode only.

Table C–11 JVM Options and Virtual Server Commands

Command 

Definition 

create-jvm-option

Creates JVM options in the Java configuration or profiler elements of the domain.xml file. If JVM options are created for a profiler, they are used to record the settings needed to get a particular profiler going. You must restart the server for newly created JVM options to take effect.

delete-jvm-option

Removes JVM options from the Java configuration or profiler elements of the domain.xml file.

create-virtual-server

Creates the named virtual server. Virtualization in the Application Server allows multiple URL domains to be served by a single HTTP server process that is listening on multiple host addresses. If the application is available at two virtual servers, they still share the same physical resource pools. 

delete-virtual-server

Removes the virtual server with the specified virtual server ID. 

Threadpool and Auth-Realm Commands

The threadpool and auth-realm commands allow you to control these elements. These commands are supported in remote mode only.

Table C–12 Threadpool and Auth-Realm Commands

Command 

Definition 

create-threadpool

Creates a threadpool with the specified name. You can specify maximum and minimum number of threads in the pool, the number of work queues, and the idle timeout of a thread. The created thread pool can be used for servicing IIOP requests and for resource adapters to service work management requests. A created thread pool can be used in multiple resource adapters. 

delete-threadpool

Removes the threadpool with the named ID. 

list-threadpools

Lists all the thread pools. 

create-auth-realm

Adds the named authentication realm. 

delete-auth-realm

Removes the named authentication realm. 

Transaction and Timer Commands

The transaction and timer commands allow you to control the transaction and timer subsystems; allowing you to suspend any inflight transactions. These commands are supported in remote mode only.

Table C–13 Transaction Commands

Command 

Definition 

freeze-transaction

Freezes the transaction subsystem during which time all the inflight transactions are suspended. Invoke this command before rolling back any inflight transactions. Invoking this command on an already frozen transaction subsystem has no effect. 

unfreeze-transaction

Resumes all the suspended inflight transactions. Invoke this command on an already frozen transaction. 

recover-transactions

Manually recovers pending transactions. 

rollback-transaction

Rolls back the named transaction. 

unpublish-from-registry

 

list-timers

Lists the timers owned by a specific server instance  

Registry Commands

The registry commands allow you to publish or unpublish webservice artifacts.

Table C–14 Transaction Commands

Command 

Definition 

publish-to-registry

Publishes the web service artifacts to registries. 

unpublish-from-registry

Unpublishes the web service artifacts from the registries. 

list-registry-locations

 

User Management Commands

These user commands are to administer the users support by the file realm authentication. These commands are supported in remote mode only.

Table C–15 User Management Commands

Command 

Definition 

create-file-user

Creates an entry in the keyfile with the specified username, password, and groups. Multiple groups can be created by separating them with a colon (:).

delete-file-user

Deletes the entry in the keyfile with the specified username. 

update-file-user

Updates an existing entry in the keyfile using the specified user_name, user_password and groups. Multiple groups can be entered by separating them, with a colon (:).

list-file-users

Creates a list of file users supported by file realm authentication. 

list-file-groups

Administers file users and groups supported by the file realm authentication. This command lists available groups in the file user. 

Rules and Monitoring Commands

Rules and monitoring commands allow you to manage rules and monitor the server. These commands are supported in remote mode only.

Table C–16 Rules and Monitoring Commands

Command 

Definition 

create-management-rule

Creates a new management rule to intelligently self-manage the application server installation and deployed applications.  

delete-management-rule

Removes the management rule you specify. 

create-transformation-rule

Creates an XSLT transformation rule that can be applied to a webservice operation. The rule can be applied either to a request or to a response. 

delete-transformation-rule

Deletes an XSLT transformation rule of a given web service. 

start-callflow-monitoring

Collects and correlates data from Web container, EJB container and JDBC to provide a complete call flow/path of a request. Data is collected only if callflow-monitoring is ON.

stop-callflow-monitoring

Disables collection of call flow information of a request. 

Database Commands

The database commands allow you to start and stop the Java DB database (based on Apache Derby. These commands are supported in local mode only.

Table C–17 Database Commands

Command 

Definition 

start-database 

Starts the Java DB server that is available with the Application Server. Use this command only for working with applications deployed to the Application Server. 

stop-database 

Stops a process of the Java DB server. Java DB server is available with the Application Server. 

Diagnostic and Logging Commands

The diagnostic and logging commands help you troubleshoot problems with the application server. These commands are supported in remote mode only.

Table C–18 Diagnostic and Logging Commands

Command 

Definition 

generate-diagnostic-report

Generates an HTML report that contains pointers or navigational links to an application server installation details such as configuration details, logging details, or process specific information for an application server instance. 

display-error-statistics

Displays a summary list of severities and warnings in server.log since the last server restart.

display-error-distribution

Displays distribution of errors from instance server.log at module level.

display-log-records

Displays all the error messages for a given module at a given timestamp. 

Web Service Commands

The web service commands allow you to monitor a deployed web service and manage transformation rules.

Table C–19 Web Service Commands

Command 

Definition 

configure-webservice-management

configure the monitoring or the maxhistory attributes of a deployed web service.

create-transformation-rule

Creates an XSLT transformation rule that can be applied to a web service operation. The rule can be applied either to a request or to a response. 

delete-transformation-rule

Deletes an XSLT transformation rule of a given web service. 

list-transformation-rules

Lists all the transformation rules of a given web service in the order they are applied. 

publish-to-registry

Publishes the web service artifacts to registries. 

unpublish-from-registry

Unpublishes the web service artifacts from the registries. 

list-registry-locations

Displays a list of configured web service registry access points. 

Security Service Commands

These security commands are used to control the security mapping for the connector connection pool. These commands are supported in remote mode only.

Table C–20 Security Commands

Command 

Definition 

create-connector-security-map

Creates a security map for the specified connector connection pool. If the security map is not present, a new one is created. Also, use this command to map the caller identity of the application (principal or user group) to a suitable enterprise information system (EIS) principal in container-managed transaction-based scenarios. One or more named security maps may be associated with a connector connection pool. The connector security map configuration supports the use of the wild card asterisk (*) to indicate all users or all user groups. For this command to succeed, you must have first created a connector connection pool. The EIS is any system that holds the data of an organization. It can be a mainframe, a messaging system, a database system, or an application.

delete-connector-security-map

Deletes a security map for the specified connector connection pool. 

update-connector-security-map

Modifies a security map for the specified connector connection pool. 

list-connector-security-map

Lists the security maps belonging to the specified connector connection pool. 

create-message-security-provider

Enables administrators to create a provider-config sub-element for the given message layer (message-security-config element of domain.xml, the file that specifies parameters and properties to the Application Server).

delete-message-security-provide

Enables administrators to delete a provider-config sub-element for the given message layer (message-security-config element of domain.xml, the file that specifies parameters and properties to the Application Server).

list-message-security-providers

Enables administrators to list all security message providers (provider-config sub-elements) for the given message layer (message-security-config element of domain.xml).

Password Commands

The password commands allow you to manage passwords and ensure security for the application server.

Table C–21 Password Commands

Command 

Definition 

create-password-alias

Creates an alias for a password and stores it in domain.xml. An alias is a token of the form ${ALIAS=password-alias-password}. The password corresponding to the alias name is stored in an encrypted form. This command takes both a secure interactive form (in which the user is prompted for all information) and a more script-friendly form, in which the password is propagated on the command line.

delete-password-alias

Deletes a password alias. 

update-password-alias

Updates the password alias IDs in the named target. 

list-password-aliases

Lists all password aliases. 

change-admin-password

This remote command modifies the admin password. This command is interactive in that the user is prompted for the old and new admin password (with confirmation). 

change-master-password

This local command is used to modify the master password. This command is interactive in that the user is prompted for the old and new master password. This command will not work unless the server is stopped. 

Verify Command

The XML verifier command verifies the content of the domain.xml file.

Table C–22 Verify Command

Command 

Definition 

verify-domain-xml

Verifies the content of the domain.xml file.

Custom MBean Commands

The MBean commands allow you to manage and register custom MBeans. The commands are supported in remote mode only.

Table C–23 Custom MBean Commands

Command 

Definition 

create-mbean

Creates and registers a custom MBean. If the target MBeanServer is not running, the MBean is not registered.

delete-mbean

Deletes a custom MBean. Ensure that the target MBeanServer is running.

list-mbeans

Lists the custom mbeans for the specified target. 

Service Command

The service command allows you to configure the starting of the Domain Administration Server (DAS).

Table C–24 Service Command

Command 

Definition 

create-service

Configures the starting of a DAS on an unattended boot. On Solaris 10, this command uses the Service Management Facility (SMF). This is a local command and must be run as the OS-level user with superuser privileges. It is available only for Solaris 10. When the service is created, the user has to start, enable, disable, delete, or stop the service. The DAS must be stored on a folder to which the super-user has access. The configuration cannot be stored on a network file system. The service is created such that it is controlled by the OS-level user, who owns the folder where the configuration of the DAS resides. To run this command, you must have solaris.smf.* authorization.

Property Command

Shared server instances will often need to override attributes defined in their referenced configuration. Any configuration attribute in a server instance can be overridden through a system property of the corresponding name. Use the system property commands to manage these shared server instances.

Table C–25 Property Command

Command 

Definition 

create-system-property

Creates one system property of the domain, configuration, or server instance, at a time. 

delete-system-property

Removes one system property of a domain, configuration, or server instance. 

list-system-properties

Displays the system properties of a domain, configuration, or server instance.