Chapter 19 The asadmin Utility
The Application Server includes a command‐line administration utility known as asadmin. Theasadmin utility is used to start and stop the Application Server, as well as manage users, resources, and applications.
This chapter contains the following sections:
The asadmin Command Usage
Use the asadmin utility to perform any administrative tasks for the Application Server. You can use this asadmin utility in place of using the Administration Console.
The asadmin utility invokes commands that identify the operation or task you wish to perform. These commands are case-sensitive. Short option arguments have a single dash (-); while long option arguments have two dashes (--). Options control how the utility performs a command. Options are also case-sensitive. Most options require argument values except boolean options which toggle to switch a feature ON or OFF. Operands appear after the argument values, and are set off by a space, a tab, or double dashes (--). The asadmin utility treats anything that comes after the options and their values as an operand.
Example 19–1 Syntax Example
asadmin command [-short_option] [short_option_argument]* [--long_option [long_option_argument]* [operand]*
asadmin create-profiler -u admin --passwordfile password.txt myprofiler
To access the man pages for the Application Server asadmin utility commands on the Solaris platform, add $AS_INSTALL/man to your MANPATH environment variable.
You can obtain overall usage information for any of the asadmin utility commands by invoking the --help option. If you specify a command, the usage information for that command is displayed. Using the --help option without a command displays a listing of all the available commands.
Example 19–2 help Command Example
asadmin --help displays general help
asadmin command --help displays help for the specified command.
This section contains the following topics:
Multi and Interactive Modes
The asadmin utility can be used in command shell invocation or multi command mode (known as the multimode command). In command shell invocation you invoke the asadmin utility from your command shell. asadmin executes the command, then exits. In multiple command mode, you invoke asadmin once, it then accepts multiple commands until you exit asadmin and return to the normal command shell invocation. Environment variables set while in multiple command mode are used for all subsequent commands until you exit multimode. You may provide commands by passing a previously prepared list of commands from a file or standard input (pipe). Additionally, you can invoke multimode from within a multimode session; once you exit the second multimode environment, you return to your original multimode environment.
You can also run the asadmin utility in interactive or non-interactive mode. By default, the interactive mode option is enabled. It prompts you for the required arguments. You can use the interactive mode option in command shell invocation under all circumstances. You can use the interactive mode option in multimode when you run one command at a time from the command prompt; and when you run in multimode from a file. Commands in multimode, when piped from an input stream, and commands invoked from another program, cannot run in the interactive mode.
Local Commands
Local commands can be executed without the presence of an administration server. However, it is required that the user be logged into the machine hosting the domain in order to execute the command and have access (permissions) for the installation and domain directories.
For commands that can be executed locally or remotely, if any one of the--host, --port, --user, and --passwordfile options are set, either in the environment or in the command line, the command will run in remote mode. Also, if none of the local options are set, either on the command line or in the environment, the command is executed locally by default. For commands that can be executed locally or remotely, if any one of the--host, --port, --user, and --passwordfile options are set, either in the environment or in the command line, the command will run in remote mode.
Remote Commands
Remote commands are always executed by connecting to an administration server and executing the command there. A running administration server is required. All the remote commands require the following common options:
Table 19–1 Remote Commands Required Options|
Short Option |
Option |
Definition |
|---|---|---|
|
-H |
--host |
The machine name where the domain administration server is running. The default value is localhost. |
|
-p |
--port |
The HTTP/S port for administration. This is the port to which you should point your browser in order to manage the domain. For example, http://localhost:4848. The default port number for Platform Edition is 4848. |
|
-u |
--user |
The authorized domain administration server administrative username. If you have authenticated to a domain using the asadmin login command, then you need not specify the --user option on subsequent operations to this particular domain. |
|
--passwordfile |
The -‐passwordfile option specifies the name of a file containing the password entries in a specific format. The entry for the password must have the AS_ADMIN_ prefix followed by the password name in uppercase letters. For example, to specify the domain administration server password, use an entry with the following format: AS_ADMIN_PASSWORD=password, where password is the actual administrator password. Other passwords that can be specified include AS_ADMIN_PASSWORD, AS_ADMIN_USERPASSWORD, and AS_ADMIN_ALIASPASSWORD, AS_ADMIN_MAPPEDPASSWORD. All remote commands must specify the admin password to authenticate to the domain administration server, either through-‐passwordfile or asadmin login, or interactively on the command prompt. The asadmin login command can be used only to specify the admin password. For other passwords, that must be specified for remote commands, use the -‐passwordfile or enter them at the command prompt. If you have authenticated to a domain using the asadmin login command, then you need not specify the admin password through the -‐passwordfile option on subsequent operations to this particular domain. However, this is applicable only to AS_ADMIN_PASSWORD option. You will still need to provide the other passwords, for example, AS_ADMIN_USERPASSWORD, as and when required by individual commands, such as update-file-user. For security reasons, passwords specified as an environment variable will not be read by asadmin. |
|
|
-s |
--secure |
If set to true, uses SSL/TLS to communicate with the domain administration server. |
|
-I |
--interactive |
If set to true (default), only the required password and user options are prompted. |
|
-t |
--terse |
Indicates that any output data must be very concise, typically avoiding human-friendly sentences and favoring well-formatted data for consumption by a script. Default is false. |
|
-e |
--echo |
Setting to true will echo the command line statement on the standard output. Default is false. |
|
-h |
--help |
Displays the help text for the command. |
The Password File
For security purposes, you can set the password for a command from a file instead of entering the password at the command line. The --passwordfile option takes the file containing the passwords. The valid contents for the file are:
Example 19–3 Passwordfile contents
AS_ADMIN_PASSWORD=value AS_ADMIN_ADMINPASSWORD=value AS_ADMIN_USERPASSWORD=value AS_ADMIN_MASTERPASSWORD=value |
Multimode Command
Use the multimode command to process the asadmin commands. The command-line interface will prompt you for a command, execute that command, display the results of the command, and then prompt you for the next command. Additionally, all the asadmin option names set in this mode are used for all the subsequent commands. You can set your environment and run commands until you exit multimode by typing “exit” or “quit.” You can also provide commands by passing a previously prepared list of commands from a file or standard input (pipe). You can invoke multimode from within a multimode session; once you exit the second multimode environment, you return to your original multimode environment.
To invoke multimode, enter asadmin multimode.
The List, Get and Set Commands
The asadmin list, get and set commands work in tandem to provide a navigation mechanism for the Application Server's dotted naming hierarchy. There are two hierarchies: configuration andmonitoring and these commands operate on both. The list command provides the fully qualified dotted names of the management components that have read-only or modifiable attributes.
The configuration hierarchy provides attributes that are modifiable; whereas the attributes of management components from themonitoring hierarchy are purely read-only. Theconfiguration hierarchy is loosely based on the domain's schema document; whereas the monitoring hierarchy is a little different.
Use the list command to reach a particular management component in the desired hierarchy. Then, invoke the getand set commands to get the names and values or set the values of the attributes of the management component at hand. Use the wildcard (*) option to fetch all matches in a given fully qualified dotted name.
An Application Server dotted name uses the “.” (period) as a delimiter to separate the parts of a complete name. This is similar to how the “/” character is used to delimit the levels in the absolute path name of a file in the UNIX file system. The following rules apply while forming the dotted names accepted by the get, set, and list commands. Note that a specific command has some additional semantics applied.
-
A . (period) always separates two sequential parts of the name.
-
A part of the name usually identifies an application server subsystem and/or its specific instance. For example: web-container, log-service, thread-pool-1, etc.
-
If any part of the name itself contains a . (period), then it must be escaped with a leading \(backslash) so that the “.” does not act like a delimiter.
-
An * (asterisk) can be used anywhere in the dotted name and it acts like the wildcard character in regular expressions. Additionally, an * can collapse all the parts of the dotted name. Long dotted name like "<classname>this.is.really.long.hierarchy </classname>" can be abbreviated to "<classname>th*.hierarchy</classname>." But note that the . always delimits the parts of the name.
-
On Solaris, quotes are needed when executing commands with * as the option value or operand.
-
The top level switch for any dotted name is -‐monitor or -m that is separately specified on a given command line. The presence or lack of this switch implies the selection of one of the two hierarchies for application server management: monitoring and configuration.
-
If you happen to know the exact complete dotted name without any wildcard character, then list and get/set have a little difference in their semantics:
-
The list command treats this complete dotted name as the complete name of a parent node in the hierarchy. Upon providing this name to the list command, it simply returns the names of the immediate children at that level. For example,list server.applications.web-module will list all the web modules deployed to the domain or the default server.
-
The get and set commands treat this complete dotted name as the fully qualified name of the attribute of a node (whose dotted name itself is the name that you get when you remove the last part of this dotted name) and it gets/sets the value of that attribute. This is true if such an attribute exists. You will never start with this case because in order to find out the names of attributes of a particular node in the hierarchy, you must use the wildcard character *. For example, server.applications.web-module.JSPWiki.context-root* returns the context-root of the web-application deployed to the domain or default server.
-
The list command is the progenitor of navigational capabilities of these three commands. If you want to set or get attributes of a particular application server subsystem, you must know its dotted name. The list command is the one which can guide you to find the dotted name of that subsystem. For example, to find out the modified date (attribute) of a particular file in a large file system that starts with /. First you must find out the location of that file in the file system, and then look at its attributes. Therefore, two of the first commands to understand the hierarchies in the Application Server are: * list "*" and <command>* list * -‐monitor. Consult the get, set or list commands man pages to identify the sorted output of these commands.
Server Lifecycle Commands
The server lifecycle commands are commands that create, delete, or start, stop a domain, service (DAS), or an instance.
Table 19–2 Server Lifecycle Commands|
Command |
Definition |
|---|---|
|
create-domain |
Creates the configuration of a domain. A domain is an administrative namespace. Every domain has a configuration, which is stored in a set of files. Any number of domains, each of which has a distinct administrative identity, can be created in a given installation of the Application Server. A domain can exist independent of other domains. Any user who has access to the asadmin utility on a given system can create a domain and store its configuration in a folder of choice. By default, the domain configuration is created in the install_dir/domains directory. You can override this location to store the configuration elsewhere. |
|
delete-domain |
Deletes the named domain. The domain must already exist and must be stopped. |
|
start-domain |
Starts a domain. If the domain directory is not specified, the domain in the default install_dir/domains directory is started. If there are two or more domains, the domain_name operand must be specified. |
|
stop-domain |
Stops the Domain Administration Server of the specified domain. |
|
restore-domain |
Restores files under the domain from a backup directory. |
|
list-domains |
Lists the domain. If the domain directory is not specified, the domain in the default install_dir/domains directory is listed. If there is more than one domain, the domain_name operand must be specified. |
|
backup-domain |
Backs up files under the named domain. |
|
list-backups |
Displays the status information about all backups in the backup repository. |
|
shutdown |
Gracefully brings down the administration server and all the running instances. You must manually start the administration server to bring it up again. |
List and Status Commands
The list and status commands display the status of a deployed component.
Table 19–3 List and Status Commands|
Command |
Definition |
|
show-component-status |
Gets the status of the deployed component. The status is a string representation returned by the server. The possible status strings include status of app-name is enabled or status of app-name is disabled. |
|
list-components |
Lists all deployed Java EE 5 components. If the --type option is not specified, all components are listed. |
|
list-sub-components |
Lists EJBs or Servlets in a deployed module or in a module of the deployed application. If a module is not identified, all modules are listed. |
Deployment Commands
The deployment commands deploy an application or get the client stubs.
Table 19–4 Deployment Commands|
Command |
Definition |
|---|---|
|
deploy |
Deploys an enterprise application, web application, EJB module, connector module, or application client module. If the component is already deployed or already exists, it is forcefully redeployed if the -‐force option is set to true. |
|
deploydir |
Deploys an application directly from a development directory. The appropriate directory hierarchy and deployment descriptors conforming to the Java EE specification must exist in the deployment directory. |
|
get-client-stubs |
Gets the client stubs JAR file for an AppClient standalone module or an application containing the AppClient module, from the server machine to the local directory. The application or module should be deployed before executing this command. it is also possible to get the client stubs as part of the deploy command using --retrieve option. |
|
undeploy |
Removes the specified deployed component. |
Message Queue Administration Commands
The Message Queue administration commands allow you to manage the JMS destinations.
Table 19–5 Message Queue Commands|
Command |
Definition |
|---|---|
|
create-jmsdest |
Creates a JMS physical destination. Along with the physical destination, you use the create-jms-resource command to create a JMS destination resource that has a Name property that specifies the physical destination. |
|
delete-jmsdest |
Removes the specified JMS destination. |
|
flush-jmsdest |
Purges the messages from a physical destination in the specified target's JMS Service configuration. |
|
list-jmsdest |
Lists the JMS physical destinations. |
|
jms-ping |
Checks if the JMS service (also known as the JMS provider) is up and running. When you start the Application Server, the JMS service starts by default. Additionally, it pings only the default JMS host within the JMS service. It displays an error message when it is unable to ping a built-in JMS service. |
Resource Management Commands
The resource commands allow you to manage the various resources used in your application.
Table 19–6 Resource Management Commands|
Command |
Definition |
|---|---|
|
create-jdbc-connection-pool |
Registers a new JDBC connection pool with the specified JDBC connection pool name. |
|
delete-jdbc-connection-pool |
Deletes a JDBC connection pool. The operand identifies the JDBC connection pool to be deleted. |
|
list-jdbc-connection-pools |
Gets the JDBC connection pools that have been created. |
|
create-jdbc-resource |
Creates a new JDBC resource. |
|
delete-jdbc-resource |
Removes a JDBC resource with the specified JNDI name. |
|
list-jdbc-resources |
Displays a list of JDBC resources that have been created. |
|
create-jms-resource |
Creates a Java Message Service (JMS) connection factory resource or a JMS destination resource. |
|
delete-jms-resource |
Removes the specified JMS resource. |
|
list-jms-resources |
Lists the existing JMS resources (destination and connection factory resources). |
|
create-jndi-resource |
Registers a JNDI resource. |
|
delete-jndi-resource |
Removes the JNDI resource with the specified JNDI name. |
|
list-jndi-resources |
Identifies all the existing JNDI resources. |
|
list-jndi-entries |
Browses and queries the JNDI tree. |
|
create-javamail-resource |
Creates a JavaMail session resource. |
|
delete-javamail-resource |
Removes the specified JavaMail session resource. |
|
list-javamail-resources |
Lists the existing JavaMail session resources. |
|
create-persistence-resource |
Registers a persistence resource. |
|
delete-persistence-resource |
Removes a persistence resource. When you delete a persistence resource, the command also removes the JDBC resource if it was created using the create-persistence-resource command. |
|
list-persistence-resources |
Displays all the persistence resources. |
|
create-custom-resource |
Creates a custom resource. A custom resource specifies a custom server-wide resource object factory that implements the javax.naming.spi.ObjectFactory interface. |
|
delete-custom-resource |
Removes a custom resource. |
|
list-custom-resources |
Lists the custom resources. |
|
create-connector-connection-pool |
Adds a new connector connection pool with the specified connection pool name. |
|
delete-connector-connection-pool |
Removes the connector connection pool specified using the operand connector_connection_pool_name. |
|
list-connector-connection-pools |
Lists the connector connection pools that have been created. |
|
create-connector-resource |
Registers the connector resource with the specified JNDI name. |
|
delete-connector-resource |
Removes the connector resource with the specified JNDI name. |
|
list-connector-resources |
Gets all the connector resources. |
|
create-admin-object |
Adds the administered object that has the specified JNDI name. |
|
delete-admin-object |
Removes the administered object with the specified JNDI name. |
|
list-admin-objects |
Lists all the administered objects. |
|
create-resource-adapter-config |
Creates configuration information for the connector module. |
|
delete-resource-adapter-config |
Deletes the configuration information created in domain.xml for the connector module. |
|
list-resource-adapter-configs |
Lists the configuration information in the domain.xml for the connector module |
|
add-resources |
Creates the resources named in the specified XML file. The xml_file_path is the path to the XML file containing the resources to be created. The DOCTYPE should be specified as install_dir/lib/dtds/sun-resources_1_2.dtd in the resources.xml file. |
|
ping-connection-pool |
Tests if a connection pool is usable for both JDBC connection pools and connector connection pools. For example, if you create a new JDBC connection pool for an application that is expected to be deployed later, the JDBC pool is tested with this command before deploying the application. Before pinging a connection pool, you must create the connection pool with authentication and ensure that the Application Server or database is started. |
Application Server Configuration Commands
The configuration commands allow you to configure the operation of the Application Server. This section contains the following topics:
General Configuration Commands
These commands allow you to manage the configuration of the Application Server components.
Table 19–7 General Configuration Commands|
Command |
Definition |
|
enable |
Enables the specified component. If the component is already enabled, then it is re-enabled. The component must have been deployed in order to be enabled. If it has not been deployed, then an error message is returned. |
|
disable |
Immediately disables the named component. The component must have been deployed. If the component has not been deployed, an error message is returned. |
|
export |
Marks a variable name for automatic export to the environment of subsequent commands. All subsequent commands use the variable name value as specified unless you unset them or exit multimode. |
|
get |
Gets the names and values of attributes. |
|
set |
Sets the values of one or more configurable attribute. |
|
list |
Lists the configurable element. On Solaris, quotes are needed when executing commands with * as the option value or operand. |
|
unset |
Removes one or more variables you set for the multimode environment. The variables and their associated values will no longer exist in the environment. |
HTTP, IIOP and SSL Listener Commands
The HTTP and IIOP listener commands help you manage listeners. These commands are supported in remote mode only.
Table 19–8 IIOP Listener Commands|
Command |
Definition |
|---|---|
|
create-http-listener |
Adds a new HTTP listener. |
|
delete-http-listener |
Removes the specified HTTP listener. |
|
list-http-listeners |
Lists the existing HTTP listener. |
|
create-iiop-listener |
Creates an IIOP listener. |
|
delete-iiop-listener |
Removes the specified IIOP listener. |
|
list-iiop-listeners |
Lists the existing IIOP listeners. |
|
create-ssl |
Creates and configures the SSL element in the selected HTTP listener, IIOP listener, or IIOP service to enable secure communication on that listener/service. |
|
delete-ssl |
Deletes the SSL element in the selected HTTP listener, IIOP listener, or IIOP service. |
Lifecycle and Audit Module Commands
The lifecycle and audit module commands help you control lifecycle modules and optional plug-in modules which implement audit capabilities. The commands are supported in remote mode only.
Table 19–9 Lifecycle Module Commands|
Command |
Definition |
|---|---|
|
create-lifecycle-module |
Creates a lifecycle module. The lifecycle modules provide a means of running short or long duration Java-based tasks within the Application Server environment. |
|
delete-lifecycle-module |
Removes the specified lifecycle module. |
|
list-lifecycle-modules |
Lists the existing lifecycle module. |
|
create-audit-module |
Adds the named audit module for the plug-in module that implements the audit capabilities. |
|
delete-audit-module |
Removes the named audit module. |
|
list-audit-modules |
Lists all the audit modules. |
Profiler and JVM Options Commands
The Profiler and JVM options commands allow you to administrate profilers and control these elements. These commands are supported in remote mode only.
Table 19–10 Profiler and JVM Options Commands|
Command |
Definition |
|---|---|
|
create-profiler |
Creates the profiler element. A server instance is tied to a particular profiler, by the profiler element in the Java configuration. Changing a profiler requires you to restart the server. |
|
delete-profiler |
Deletes the profiler element you specify. A server instance is tied to a particular profiler by the profiler element in the Java configuration. Changing a profiler requires you to restart the server. |
|
create-jvm-option |
Creates JVM options in the Java configuration or profiler elements of the domain.xml file. If JVM options are created for a profiler, they are used to record the settings needed to get a particular profiler going. You must restart the server for newly created JVM options to take effect. |
|
delete-jvm-option |
Removes JVM options from the Java configuration or profiler elements of the domain.xml file. |
Virtual Server Commands
The Virtual Server commands allow you to control these elements. These commands are supported in remote mode only.
Table 19–11 Virtual Server Commands|
Command |
Definition |
|---|---|
|
create-virtual-server |
Creates the named virtual server. Virtualization in the Application Server allows multiple URL domains to be served by a single HTTP server process that is listening on multiple host addresses. If the application is available at two virtual servers, they still share the same physical resource pools. |
|
delete-virtual-server |
Removes the virtual server with the specified virtual server ID. |
|
list-virtual-server |
Lists the existing virtual servers. |
Threadpool Commands
The threadpool commands allow you to control these elements. These commands are supported in remote mode only.
Table 19–12 Threadpool Commands|
Command |
Definition |
|---|---|
|
create-threadpool |
Creates a threadpool with the specified name. You can specify maximum and minimum number of threads in the pool, the number of work queues, and the idle timeout of a thread. The created thread pool can be used for servicing IIOP requests and for resource adapters to service work management requests. A created thread pool can be used in multiple resource adapters. |
|
delete-threadpool |
Removes the threadpool with the named ID. |
|
list-threadpools |
Lists all the thread pools. |
Transaction and Timer Commands
The transaction and timer commands allow you to control the transaction and timer subsystems; allowing you to suspend any inflight transactions. These commands are supported in remote mode only.
Table 19–13 Transaction Commands|
Command |
Definition |
|---|---|
|
freeze-transaction |
Freezes the transaction subsystem during which time all the inflight transactions are suspended. Invoke this command before rolling back any inflight transactions. Invoking this command on an already frozen transaction subsystem has no effect. |
|
unfreeze-transaction |
Resumes all the suspended inflight transactions. Invoke this command on an already frozen transaction. |
|
recover-transactions |
Manually recovers pending transactions. |
|
rollback-transaction |
Rolls back the named transaction. |
|
list-timers |
Lists the timers owned by a specific server instance |
User Management Commands
These user commands are to administer the users support by the file realm authentication. These commands are supported in remote mode only.
Table 19–14 User Management Commands|
Command |
Definition |
|---|---|
|
create-file-user |
Creates an entry in the keyfile with the specified username, password, and groups. Multiple groups can be created by separating them with a colon (:). |
|
delete-file-user |
Deletes the entry in the keyfile with the specified username. |
|
update-file-user |
Updates an existing entry in the keyfile using the specified user_name, user_password and groups. Multiple groups can be entered by separating them, with a colon (:). |
|
list-file-users |
Creates a list of file users supported by file realm authentication. |
|
list-file-groups |
Lists the users and groups supported by the file realm authentication. This command lists available groups in the file user. |
Monitoring Data Commands
The monitoring data commands allow you to monitor the server. These commands are supported in remote mode only.
Table 19–15 Monitoring Data Commands|
Command |
Definition |
|---|---|
|
start-callflow-monitoring |
Collects and correlates data from Web container, EJB container and JDBC to provide a complete call flow/path of a request. Data is collected only if callflow-monitoring is ON. |
|
stop-callflow-monitoring |
Disables collection of call flow information of a request. |
Database Commands
The database commands allow you to start and stop the Java DB database (based on Apache Derby). These commands are supported in local mode only.
Table 19–16 Database Commands|
Command |
Definition |
|---|---|
|
start-database |
Starts the Java DB server that is available with the Application Server. Use this command only for working with applications deployed to the Application Server. |
|
stop-database |
Stops a process of the Java DB server. Java DB server is available with the Application Server. |
Diagnostic and Logging Commands
The diagnostic and logging commands help you troubleshoot problems with the Application Server. These commands are supported in remote mode only.
Table 19–17 Diagnostic and Logging Commands|
Command |
Definition |
|---|---|
|
generate-diagnostic-report |
Generates an HTML report that contains pointers or navigational links to an application server installation details such as configuration details, logging details, or process specific information for an application server instance. |
|
generate-jvm-report |
Displays the threads (dump of stack trace), classes and memory for a given target instance, including the Domain Administration Service. This command works only with the application server instance processes. This command replaces the traditional techniques like sending ctrl+break or kill -3 signals to application server processes. The command will not work if the target server instance is not running. |
|
display-error-statistics |
Displays a summary list of severities and warnings in server.log since the last server restart. |
|
display-error-distribution |
Displays distribution of errors from instance server.log at module level.™ |
|
display-log-records |
Displays all the error messages for a given module at a given timestamp. |
Web Service Commands
The web service commands allow you to monitor a deployed web service and manage transformation rules.
Table 19–18 Web Service Commands|
Command |
Definition |
|---|---|
|
configure-webservice-management |
Configure the monitoring or the maxhistorysize attributes of a deployed web service endpoint. |
|
create-transformation-rule |
Creates an XSLT transformation rule that can be applied to a web service operation. The rule can be applied to a request, a response, or both. |
|
delete-transformation-rule |
Deletes an XSLT transformation rule of a given web service. |
|
list-transformation-rules |
Lists all the transformation rules of a given web service in the order they are applied. |
|
publish-to-registry |
Publishes the web service artifacts to registry servers. |
|
unpublish-from-registry |
Unpublishes the web service artifacts from the registry servers. |
|
list-registry-locations |
Displays a list of configured web service entry access points. |
Security Service Commands
These security commands are used to control the security mapping for the connector connection pool. These commands are supported in remote mode only.
Table 19–19 Security Commands|
Command |
Definition |
|---|---|
|
create-connector-security-map |
Creates a security map for the specified connector connection pool. If the security map is not present, a new one is created. Also, use this command to map the caller identity of the application (principal or user group) to a suitable enterprise information system (EIS) principal in container-managed transaction-based scenarios. One or more named security maps may be associated with a connector connection pool. The connector security map configuration supports the use of the wild card asterisk (*) to indicate all users or all user groups. For this command to succeed, you must have first created a connector connection pool. The EIS is any system that holds the data of an organization. It can be a mainframe, a messaging system, a database system, or an application. |
|
delete-connector-security-map |
Deletes a security map for the specified connector connection pool. |
|
update-connector-security-map |
Modifies a security map for the specified connector connection pool. |
|
list-connector-security-maps |
Lists the security maps belonging to the specified connector connection pool. |
|
create-message-security-provider |
Enables administrators to create a provider-config sub-element for the given message layer (message-security-config element of domain.xml, the file that specifies parameters and properties to the Application Server). |
|
delete-message-security-provide |
Enables administrators to delete a provider-config sub-element for the given message layer (message-security-config element of domain.xml, the file that specifies parameters and properties to the Application Server). |
|
list-message-security-providers |
Enables administrators to list all security message providers (provider-config sub-elements) for the given message layer (message-security-config element of domain.xml). |
|
create-auth-realm |
Adds the named authentication realm. |
|
delete-auth-realm |
Removes the named authentication realm. |
|
list-auth-realms |
Lists the existing authentication realms. |
Password Commands
The password commands allow you to manage passwords and ensure security for the Application Server.
Table 19–20 Password Commands|
Command |
Definition |
|---|---|
|
create-password-alias |
Creates an alias for a password and stores it in domain.xml. An alias is a token of the form ${ALIAS=password-alias-password}. The password corresponding to the alias name is stored in an encrypted form. This command takes both a secure interactive form (in which the user is prompted for all information) and a more script-friendly form, in which the password is propagated on the command line. |
|
delete-password-alias |
Deletes a password alias. |
|
update-password-alias |
Updates the password alias IDs in the named target. |
|
list-password-aliases |
Lists all password aliases. |
|
change-admin-password |
This remote command modifies the admin password. This command is interactive in that the user is prompted for the old and new admin password (with confirmation). |
|
change-master-password |
This local command is used to modify the master password. This command is interactive in that the user is prompted for the old and new master password. This command will not work unless the server is stopped. |
Verify domain.xml Command
The XML verify command verifies the content of the domain.xml file.
Table 19–21 Verify domain.xml Command|
Command |
Definition |
|---|---|
|
verify-domain-xml |
Verifies the content of the domain.xml file. |
Miscellaneous Commands
The miscellaneous commands allow you to manage various aspects of the Application Server.
Table 19–22 Miscellaneous Commands|
Command |
Definition |
|---|---|
|
login |
Lets you log into a domain. If various application server domains are created on various machines (locally), asadmin invocation from any of these machines can manage the domains located elsewhere (remotely). This comes in handy especially when a particular machine is chosen as an administration client and it manages multiple domains and servers. asadmin commands that are used to manage domains located elsewhere are called remote commands. The asadmin login command eases the administration of such remote domains. The login command runs only in the interactive mode. It prompts you for the admin user name and password. On successful login, the file .asadminpass will be created in the user's home directory. This is the same file that is modified by the create-domain command while using the -‐savelogin option. The domain must be running for this command to run. |
|
version |
Displays the version information. If the command cannot communicate with the administration server with the given user/password and host/port, then the command will retrieve the version locally and display a warning message. |
|
help |
Displays a list of all the asadmin utility commands. Specify the command to display the usage information for that command |
|
install-license |
Prevents unauthorized use of the Application Server. Allows you to install the license file. |
- © 2010, Oracle Corporation and/or its affiliates