Untitled | Documentation

1. Security Commands

The following is a list of security commands for user, group, and policy.

User management commands

User management commands are used to add, change, and delete users.

Command	Description
add-user	Dynamically adds a new user to the security system.
remove-user	Dynamically deletes a user from the current domain.
list-user-names	Displays a list of all users (user names) that logged onto the current domain and the lock and expiration states of each user.
show-user	Displays detailed user information.
modify-default-password-validator	Adds a new default password validator, or modify or delete the existing one.
show-default-password-validator	Displays the settings for the default password validator.
add-custom-password-validator	Defines a new class to the custom password validator.
remove-custom-password-validator	Removes a defined class from the custom password validator.
show-custom-password-validator	Displays the list of classes defined to the custom password validator.
show-subject-validation	Displays the information about the current settings for the subject validation service.
set-password	Dynamically sets the user password.
lock-user	Dynamically sets a lock on a user.
unlock-user	Dynamically releases a lock on a user.
expire-user	Sets an expiration time for a specific user.
unexpire-user	Removes the expiration time set for a specific user.

Command

Description

add-user

Dynamically adds a new user to the security system.

remove-user

Dynamically deletes a user from the current domain.

list-user-names

Displays a list of all users (user names) that logged onto the current domain and the lock and expiration states of each user.

show-user

Displays detailed user information.

modify-default-password-validator

Adds a new default password validator, or modify or delete the existing one.

show-default-password-validator

Displays the settings for the default password validator.

add-custom-password-validator

Defines a new class to the custom password validator.

remove-custom-password-validator

Removes a defined class from the custom password validator.

show-custom-password-validator

Displays the list of classes defined to the custom password validator.

show-subject-validation

Displays the information about the current settings for the subject validation service.

set-password

Dynamically sets the user password.

lock-user

Dynamically sets a lock on a user.

unlock-user

Dynamically releases a lock on a user.

expire-user

Sets an expiration time for a specific user.

unexpire-user

Removes the expiration time set for a specific user.

Group management commands

Group management commands are used to add, update, or delete groups.

Command	Description
add-group	Dynamically adds a new group to the security system.
add-user-to-group	Dynamically adds a user to a group.
remove-user-from-group	Dynamically deletes a user from a group.
remove-group	Dynamically deletes a group.
list-group-names	Displays a list of groups of the security system.
show-group	Displays detailed group information.
check-group-member	Checks if the user is registered with a group.

Command

Description

add-group

Dynamically adds a new group to the security system.

add-user-to-group

Dynamically adds a user to a group.

remove-user-from-group

Dynamically deletes a user from a group.

remove-group

Dynamically deletes a group.

list-group-names

Displays a list of groups of the security system.

show-group

Displays detailed group information.

check-group-member

Checks if the user is registered with a group.

Policy management commands

Policy commands are used to manage security system policies.

Command	Description
show-policy	Displays policies that include a context ID.
add-role	Adds a new role.
modify-role	Changes the configuration of a role.
remove-role	Deletes a role.
add-resource	Adds a new resource.
modify-resource	Changes the configuration of a resource.
remove-resource	Deletes a resource.
assign-role-to-principal	Assigns a principal to a role.
unassign-role-from-principal	Deletes a principal from a role.
assign-resource-to-role	Assigns a role to a resource.
unassign-resource-from-role	Deletes a role from a resource.

Command

Description

show-policy

Displays policies that include a context ID.

add-role

Adds a new role.

modify-role

Changes the configuration of a role.

remove-role

Deletes a role.

add-resource

Adds a new resource.

modify-resource

Changes the configuration of a resource.

remove-resource

Deletes a resource.

assign-role-to-principal

Assigns a principal to a role.

unassign-role-from-principal

Deletes a principal from a role.

assign-resource-to-role

Assigns a role to a resource.

unassign-resource-from-role

Deletes a role from a resource.

Due to the sensitive nature of the information processed by these commands, the user must have proper permissions.

1.1. Shared Options

The following options are shared by all security commands.

[-domain <domain-name>] option
- Specifies the security domain, which is the scope where JEUS applies security (default: SYSTEM_DOMAIN). For more information about the domain, refer to JEUS Security Guide.
- The description of this option is omitted from each command option description.

1.2. add-custom-password-validator

Adds a new class to the custom password validator. For information about password validation, refer to Password security settings in JEUS Security Guide.

Alias

add-custom-validator

Usage

add-custom-password-validator [-class <class-name>]

Parameters

Parameter	Description
<class-name>	Name of the class that is placed under DOMAIN_HOME/lib/application as a JAR file to be added to the custom password validator. The class must implement the jeus.util.PasswordValidator interface.

Parameter

Description

<class-name>

Name of the class that is placed under DOMAIN_HOME/lib/application as a JAR file to be added to the custom password validator. The class must implement the jeus.util.PasswordValidator interface.

Example

[MASTER]domain1.adminServer> add-custom-password-validator -class MyValidator
Custom password validator [MyValidator] is added successfully.
Check the results using show-custom-password-validator.

1.3. add-group

Dynamically adds a new group to the security system. The group name must be unique within the current domain. Domain names can be checked using the list-group-names command. The group name is used to refer to a specific group during the calling process, it corresponds to the ID of the group.

Alias

addgroup

Usage

add-group <group-name>
          [-domain <domain-name>]
          [-f,--forceLock]

Parameters

Parameter Description

<group-name>

Group name.

[-f,--forceLock]

Forcibly applies the configuration changes.

Parameter	Description
<group-name>	Group name.
[-f,--forceLock]	Forcibly applies the configuration changes.

Example

[MASTER]domain1.adminServer> add-group group1
The group [group1] has been successfully added.

1.4. add-resource

Dynamically adds a new resource to the security system. The resource name and actions must be unique whithin the current domain and context. Resource names can be checked with the show-policy command.

Alias

addresource

Usage

add-resource <resource-name>
          <actions>
          [-contextid <context-id>]
          [-classname <class-name>]
          [-role <role-name>]
          [-excluded]
          [-unchecked]
          [-domain <domain-name>]
          [-f,--forceLock]

Parameters

Parameter	Description
<resource-name>	Name of a resource to add.
<actions>	Actions that will be assigned to the resource. A list of actions for a resource. Each action is separated by a blank space. For example, the jeus.server resource has "boot" and "down" as its actions. If -actions is set, actions are the second parameter of the constructor of the class configured with -classname. The default class name is jeus.security.resource.ResourcePermission, and its constructor parameters are "resource" and "actions".
[-contextid <context-id>]	Context name that distinguishes policies. The contextid is used to specify a context other than the default context.
[-classname <class-name>]	Permission class name. A class configured with -classname must be a Java class that extends the class java.security.Permission abstract. The class must have at least one constructor that receives a string type "resource" as an argument. For more information about resource permissions, refer to the jeus.security.resource.ResourcePermission class. For more information about which resource permissions are checked in JEUS, refer to JEUS Server Permissions in JEUS Security Guide.
[-role <role-name>]	A list of roles to assign the resource.
[-excluded]	Prevents anyone from getting the permission.
[-unchecked]	Allows anyone to get the permission.
[-f,--forceLock]	Forcibly applies the configuration changes.

Parameter

Description

<resource-name>

Name of a resource to add.

<actions>

Actions that will be assigned to the resource.

A list of actions for a resource. Each action is separated by a blank space. For example, the jeus.server resource has "boot" and "down" as its actions.

If -actions is set, actions are the second parameter of the constructor of the class configured with -classname. The default class name is jeus.security.resource.ResourcePermission, and its constructor parameters are "resource" and "actions".

[-contextid <context-id>]

Context name that distinguishes policies. The contextid is used to specify a context other than the default context.

[-classname <class-name>]

Permission class name.

A class configured with -classname must be a Java class that extends the class java.security.Permission abstract. The class must have at least one constructor that receives a string type "resource" as an argument.

For more information about resource permissions, refer to the jeus.security.resource.ResourcePermission class. For more information about which resource permissions are checked in JEUS, refer to JEUS Server Permissions in JEUS Security Guide.

[-role <role-name>]

A list of roles to assign the resource.

[-excluded]

Prevents anyone from getting the permission.

[-unchecked]

Allows anyone to get the permission.

[-f,--forceLock]

Forcibly applies the configuration changes.

Example

[MASTER]domain1.adminServer> add-resource resource1 jeus.*
The resource [name=resource1, actions=jeus.*] has been successfully added.

1.5. add-role

Dynamically adds a new role to the security system. The role name must be unique within the current domain. Role names can be checked with the show-policy command.

Alias

addrole

Usage

add-role <role-name>
          [-principal <principal>]
          [-classname <classname>]
          [-excluded]
          [-unchecked]
          [-actions <actions>]
          [-domain <domain-name>]
          [-f,--forceLock]

Parameters

Parameter	Description
<role-name>	Name of a role to add.
[-principal <principal>]	Principal to which the role is assigned.
[-classname <classname>]	Permission class name. A class configured with -classname must be a Java class that extends the class java.security.Permission abstract. The class must have at least one constructor that receives a string type "role" as an argument. For more information about role permissions, refer to the jeus.security.resource.RolePermission class. For more information about which role permissions are checked in JEUS, refer to JEUS Server Permissions in JEUS Security Guide.
[-excluded]	Prevents anyone from getting the permission.
[-unchecked]	Allows anyone to get the permission.
[-actions <actions>]	A list of actions for the role.
[-f,--forceLock]	Forcibly applies the configuration changes.

Parameter

Description

<role-name>

Name of a role to add.

[-principal <principal>]

Principal to which the role is assigned.

[-classname <classname>]

Permission class name.

For more information about role permissions, refer to the jeus.security.resource.RolePermission class. For more information about which role permissions are checked in JEUS, refer to JEUS Server Permissions in JEUS Security Guide.

[-excluded]

Prevents anyone from getting the permission.

[-unchecked]

Allows anyone to get the permission.

[-actions <actions>]

A list of actions for the role.

[-f,--forceLock]

Forcibly applies the configuration changes.

Example

[MASTER]domain1.adminServer> add-role role1
The role [role1] has been successfully added.

1.6. add-user

Dynamically adds a new user to the security system. The user name must be unique within the current domain. User names can be checked with the list-user-names command. The user name is used to refer to a user during the calling process, it corresponds to the ID of the user.

Alias

adduser

Usage

add-user <user-name>
          [-domain <domain-name>]
          [-f,--forceLock]
          [<password>]

Parameters

Parameter Description

<user-name>

User name.

[-f,--forceLock]

Forcibly applies the configuration changes.

[<password>]

Password.

Parameter	Description
<user-name>	User name.
[-f,--forceLock]	Forcibly applies the configuration changes.
[<password>]	Password.

Example

[MASTER]domain1.adminServer> add-user user1
The user [user1] has been successfully added.

1.7. add-user-to-group

Dynamically adds a new member to a group registered with the security system.

Alias

addusertogroup

Usage

add-user-to-group <group-name>
          <user-name>
          [-domain <domain-name>]
          [-f,--forceLock]

Parameters

Parameter Description

<group-name>

Group name.

<user-name>

User name.

[-f,--forceLock]

Forcibly applies the configuration changes.

Parameter	Description
<group-name>	Group name.
<user-name>	User name.
[-f,--forceLock]	Forcibly applies the configuration changes.

Example

[MASTER]domain1.adminServer> add-user-to-group group1 user1
The user [user1] has been successfully added to the group [group1].

1.8. assign-resource-to-role

Dynamically assigns a resource and action to a role.

Alias

assignresource, assignres

Usage

assign-resource-to-role <resource-name>
          <actions>
          <role-name>
          [-contextid <context-id>]
          [-classname <classname>]
          [-domain <domain-name>]
          [-f,--forceLock]

Parameters

Parameter	Description
<resource-name>	[Dynamic] Resource name. Resource names are Java class names that represent the resource. E.g., jeus.server.
<actions>	[Dynamic] Actions assigned to the role. A list of actions for a resource. Each action is separated by a blank space. For example, the jeus.server resource has "boot" and "down" as its actions. If -actions is set, actions are the second parameter of the constructor of the class configured with -classname. The default class name is jeus.security.resource.ResourcePermission, and its constructor parameters are "resource" and "actions".
<role-name>	Role name.
[-contextid <context-id>]	Context name that distinguishes policies. The contextid is used to specify a context other than the default context.
[-classname <classname>]	[Dynamic] Permission class name. A class configured with -classname must be a Java class that extends the class java.security.Permission abstract. The class must have at least one constructor that receives a string type "role" as an argument. For more information about resource permissions, refer to the jeus.security.resource.ResourcePermission class. For more information about which resource permissions are checked in JEUS, refer to JEUS Server Permissions in JEUS Security Guide.
[-f,--forceLock]	Forcibly applies the configuration changes.

Parameter

Description

<resource-name>

[Dynamic] Resource name. Resource names are Java class names that represent the resource. E.g., jeus.server.

<actions>

[Dynamic] Actions assigned to the role.

A list of actions for a resource. Each action is separated by a blank space. For example, the jeus.server resource has "boot" and "down" as its actions.

<role-name>

Role name.

[-contextid <context-id>]

Context name that distinguishes policies. The contextid is used to specify a context other than the default context.

[-classname <classname>]

[Dynamic] Permission class name.

[-f,--forceLock]

Forcibly applies the configuration changes.

Example

[MASTER]domain1.adminServer> assign-resource-to-role jeus.* deploy-applications deployRole
The resource [name=jeus.*, actions=deploy-applications] is assigned to the role [deployRole].

1.9. assign-role-to-principal

Dynamically assigns a role to a principal. A class configured with -classname must be a Java class that extends the class java.security.Permission abstract. The class must have at least one constructor that receives a string type "role" as an argument. The default class is jeus.security.resource.RolePermission. However, for an anonymous, a role can be allocated only when it has an unchecked permission.

Alias

assignrole, assign-role

Usage

assign-role-to-principal <role-name>
          <principal>
          [-domain <domain-name>]
          [-f,--forceLock]

Parameters

Parameter Description

<role-name>

[Dynamic] Role name.

<principal>

Principal name.

[-f,--forceLock]

Forcibly applies the configuration changes.

Parameter	Description
<role-name>	[Dynamic] Role name.
<principal>	Principal name.
[-f,--forceLock]	Forcibly applies the configuration changes.

Example

[MASTER]domain1.adminServer> assign-role-to-principal AdministratorsRole user1
The role [AdministratorsRole] is assigned to the principal [user1].

1.10. check-group-member

Checks if the user is registered with a group.

Alias

checkgroupmember, ismember

Usage

check-group-member <group-name>
          <user-name>
          [-domain <domain-name>]

Parameters

Parameter Description

<group-name>

Group name.

<user-name>

User name.

Parameter	Description
<group-name>	Group name.
<user-name>	User name.

Example

[MASTER]domain1.adminServer> check-group-member group1 user1
The user [user1] is a member of the group [group1].

1.11. expire-user

Sets an expiration time on a specific user. If SubjectExpirationtValidationService is set properly, the user is valid before the expiration time. The user’s login fails before calling unexpire-user. For information about subject validation, refer to SubjectValidationService SPI.

Alias

expireuser, exuser

Usage

expire-user <user-name>
          [-domain <domain-name>]
          [-year <year>]
          [-month <month>]
          [-day <day>]
          [-hour <hour>]
          [-minute <minute>]

Parameters

Parameter	Description
<user-name>	User name.
[-year <year>]	Year of the expiration time in the format of yyyy. (Default value: current year)
[-month <month>]	Month of the expiration time in the format of MM. (Default value: current month)
[-day <day>]	Date of the expiration time in the format of dd. (Default value: current date)
[-hour <hour>]	Hour of the expiration time in the format of hh. (Default value: current hour)
[-minute <minute>]	Minute of the expiration time in the format of mm. (Default value: current minute)

Parameter

Description

<user-name>

User name.

[-year <year>]

Year of the expiration time in the format of yyyy. (Default value: current year)

[-month <month>]

Month of the expiration time in the format of MM. (Default value: current month)

[-day <day>]

Date of the expiration time in the format of dd. (Default value: current date)

[-hour <hour>]

Hour of the expiration time in the format of hh. (Default value: current hour)

[-minute <minute>]

Minute of the expiration time in the format of mm. (Default value: current minute)

Example

[MASTER]domain1.adminServer> expire-user user1 -year 2020 -month 12 -day 31 -hour 12 -minute 30
The user [user1] is valid only until [2020-12-31 12:30].

1.12. list-group-names

Displays the list of all groups in the current domain.

Alias

listgroupnames, getgroupnames

Usage

list-group-names  [-domain <domain-name>]

Example

[MASTER]domain1.adminServer> list-group-names
================================================================================
+------------------------------------------------------------------------------+
|                                  Group Name                                  |
+------------------------------------------------------------------------------+
| Administrators                                                               |
+------------------------------------------------------------------------------+
| group1                                                                       |
+------------------------------------------------------------------------------+
================================================================================

1.13. list-user-names

Displays a list of all users (user names) that logged onto the current domain and the lock and expiration states of each user.

Alias

listusernames, getusernames
Usage
```
list-user-names [-domain <domain-name>]
```

Example

[MASTER]domain1.adminServer> list-user-names
============================================================
+-----------+------------+---------------------------------+
| User Name | Lock State |         ExpiryTime State        |
+-----------+------------+---------------------------------+
| jeus      | unlocked   | Unexpired                       |
| admin     | locked     | 2020-01-01 12:00                |
+-----------+------------+---------------------------------+
============================================================

1.14. lock-user

Dynamically sets a lock on a user. If "SubjectLockoutValidationService" is properly configured on the server, all login attempts by the user fail until the unlock-user command is called.

For more information about subject validation, refer to SubjectValidationService SPI in JEUS Security Guide.

Alias

lockuser

Usage

lock-user <user-name>
          [-domain <domain-name>]

Parameters

Parameter Description

<user-name>

User name.

Parameter	Description
<user-name>	User name.

Example

[MASTER]domain1.adminServer> lock-user user2
The user [user2] has been locked out.

1.15. modify-default-password-validator

Dynamically adds, changes, or deletes the configurations for the default password validator. For information about password validation, refer to Password security settings in JEUS Security Guide.

Alias

modify-password-validator

Usage

modify-default-password-validator [-disable]
          [-min <min-length>]
          [-max <max-length>]
          [-special <true | false>]
          [-digit <true | false>]
          [-capital <true | false>]
          [-small <true | false>]
          [-excludeID <true | false>]

Parameters

Parameter	Description
[-disable]	[Dynamic] Disables the default password validator and discards the existing settings.
[-min <min-length>]	[Dynamic] Minimum number of digits for the password. (Range: 1 - 255, default value: 1)
[-max <max-length>]	[Dynamic] Maximum number of digits for the password. (Range: 1 - 255, default value: 1)
[-special <true \| false>]	[Dynamic] Indicates whether a special character must be included in a password. (Default value: false)
[-digit <true \| false>]	[Dynamic] Indicates whether a number must be included in a password. (Default value: false)
[-capital <true \| false>]	[Dynamic] Indicates whether an uppercase letter must be included in a password. (Default value: false)
[-small <true \| false>]	[Dynamic] Indicates whether a lowercase letter must be included in a password. (Default value: false)
[-excludeID <true \| false>]	[Dynamic] Indicates whether the user ID is prevented from being part of a password. (Default value: false)

Parameter

Description

[-disable]

[Dynamic] Disables the default password validator and discards the existing settings.

[-min <min-length>]

[Dynamic] Minimum number of digits for the password.

(Range: 1 - 255, default value: 1)

[-max <max-length>]

[Dynamic] Maximum number of digits for the password.

(Range: 1 - 255, default value: 1)

[-special <true | false>]

[Dynamic] Indicates whether a special character must be included in a password. (Default value: false)

[-digit <true | false>]

[Dynamic] Indicates whether a number must be included in a password.

(Default value: false)

[-capital <true | false>]

[Dynamic] Indicates whether an uppercase letter must be included in a password.

(Default value: false)

[-small <true | false>]

[Dynamic] Indicates whether a lowercase letter must be included in a password.

(Default value: false)

[-excludeID <true | false>]

[Dynamic] Indicates whether the user ID is prevented from being part of a password. (Default value: false)

Example

[MASTER]domain1.adminServer> modify-default-password-validator -min 4 -special true
Default password validator is updated successfully.
Check the results using "show-default-password-validator or modify-default-password-validator".

1.16. modify-resource

Dynamically changes the configuration of a resource. If you need to modify the configuration of a resource assigned to a role, use AssignResourceToRole or UnassignResourceFromRole command.

Alias

modifyresource

Usage

modify-resource <resource-name>
          <actions>
          [-contextid <context-id>]
          [-classname <classname>]
          [-excluded <true | false>]
          [-unchecked <true | false>]
          [-domain <domain-name>]
          [-f,--forceLock]

Parameters

Parameter	Description
<resource-name>	Name of the resource to change the configuration.
<actions>	Action list of the resource to change the configuration.
[-contextid <context-id>]	Context name that distinguishes policies. The contextid is used to specify a context other than the default context.
[-classname <classname>]	Permission class name. A class configured with -classname must be a Java class that extends the class java.security.Permission abstract. The class must have at least one constructor that receives a string type "resource" as an argument. For more information about resource permissions, refer to the jeus.security.resource.ResourcePermission class. For more information about which resource permissions are checked in JEUS, refer to JEUS Server Permissions in JEUS Security Guide.
[-excluded <true \| false>]	Prevents anyone from getting the permission. (true\|false)
[-unchecked <true \| false>]	Allows anyone to get the permission. (true\|false)
[-f,--forceLock]	Forcibly applies the configuration changes.

Parameter

Description

<resource-name>

Name of the resource to change the configuration.

<actions>

Action list of the resource to change the configuration.

[-contextid <context-id>]

Context name that distinguishes policies. The contextid is used to specify a context other than the default context.

[-classname <classname>]

Permission class name.

[-excluded <true | false>]

Prevents anyone from getting the permission. (true|false)

[-unchecked <true | false>]

Allows anyone to get the permission. (true|false)

[-f,--forceLock]

Forcibly applies the configuration changes.

Example

[MASTER]domain1.adminServer> modify-resource resource1 jeus.* -excluded true -unchecked false
The resource [name=resource1, actions=jeus.*] has been successfully modified.

1.17. modify-role

Dynamically changes the configuration of a role. To change a role assigned to the user, use AssignRoleToPrincipal or UnassignRoleFromPrincipal command.

Alias

modifyrole

Usage

modify-role <role-name>
          [-classname <classname>]
          [-excluded <true | false>]
          [-unchecked <true | false>]
          [-actions <actions>]
          [-domain <domain-name>]
          [-f,--forceLock]

Parameters

Parameter	Description
<role-name>	Name of the role to change the configuration.
[-classname <classname>]	Permission class name. A class configured with -classname must be a Java class that extends the class java.security.Permission abstract. The class must have at least one constructor that receives a string type "role" as an argument. For more information about role permissions, refer to the jeus.security.resource.RolePermission class. For more information about which role permissions are checked in JEUS, refer to JEUS Server Permissions in JEUS Security Guide.
[-excluded <true \| false>]	Prevents anyone from getting the permission. (true\|false)
[-unchecked <true \| false>]	Allows anyone to get the permission. (true\|false)
[-actions <actions>]	A list of actions for the role.
[-f,--forceLock]	Forcibly applies the configuration changes.

Parameter

Description

<role-name>

Name of the role to change the configuration.

[-classname <classname>]

Permission class name.

[-excluded <true | false>]

Prevents anyone from getting the permission. (true|false)

[-unchecked <true | false>]

Allows anyone to get the permission. (true|false)

[-actions <actions>]

A list of actions for the role.

[-f,--forceLock]

Forcibly applies the configuration changes.

Example

[MASTER]domain1.adminServer> modify-role role1 -excluded true -unchecked false
The role [role1] has been successfully modified.

1.18. remove-custom-password-validator

Deletes the class registered in Custom Password Validator. For more information about password validation, refer to Password Security Settings in JEUS Security Guide.

Alias

remove-custom-validator

Usage

remove-custom-password-validator [-class <class-name>]

Parameters

Parameter	Description
-class <class-name>	Name of the class that has been placed under DOMAIN_HOME/lib/application as a JAR file and added to the custom password validator using the add-custom-password-validator command.

Parameter

Description

-class <class-name>

Name of the class that has been placed under DOMAIN_HOME/lib/application as a JAR file and added to the custom password validator using the add-custom-password-validator command.

Example

[MASTER]domain1.adminServer> remove-custom-password-validator -class MyValidator
Custom password validator [MyValidator] is removed successfully.
Check the results using show-custom-password-validator.

1.19. remove-group

Dynamically deletes a group from the current domain. Only groups with no users can be deleted.

Alias

removegroup

Usage

remove-group <group-name>
          [-domain <domain-name>]
          [-f,--forceLock]

Parameters

Parameter Description

<group-name>

Group name.

[-f,--forceLock]

Forcibly applies the configuration changes.

Parameter	Description
<group-name>	Group name.
[-f,--forceLock]	Forcibly applies the configuration changes.

Example

[MASTER]domain1.adminServer> remove-group group1
The group [group1] has been successfully removed.

1.20. remove-resource

Dynamically deletes a resource from the current domain.

Alias

rmresource

Usage

remove-resource <resource-name>
          <actions>
          [-contextid <context-id>]
          [-domain <domain-name>]
          [-f,--forceLock]

Parameters

Parameter	Description
<resource-name>	Name of the resource to delete.
<actions>	Action list of the resource to delete.
[-contextid <context-id>]	Context name that distinguishes policies. The contextid is used to specify a context other than the default context.
[-f,--forceLock]	Forcibly applies the configuration changes.

Parameter

Description

<resource-name>

Name of the resource to delete.

<actions>

Action list of the resource to delete.

[-contextid <context-id>]

Context name that distinguishes policies. The contextid is used to specify a context other than the default context.

[-f,--forceLock]

Forcibly applies the configuration changes.

Example

[MASTER]domain1.adminServer> remove-resource resource1 jeus.*
The resource [name=resource1, actions=jeus.*] has been successfully removed.

1.21. remove-role

Dynamically deletes a role from the current domain.

Alias

rmrole

Usage

remove-role <role-name>
          [-domain <domain-name>]
          [-f,--forceLock]

Parameters

Parameter Description

<role-name>

Name of the role to delete.

[-f,--forceLock]

Forcibly applies the configuration changes.

Parameter	Description
<role-name>	Name of the role to delete.
[-f,--forceLock]	Forcibly applies the configuration changes.

Example

[MASTER]domain1.adminServer> remove-role role1
The role [role1] has been successfully removed.

1.22. remove-user

Dynamically deletes a user from the current domain.

Alias

removeuser

Usage

remove-user <user-name>
          [-domain <domain-name>]
          [-f,--forceLock]

Parameters

Parameter Description

<user-name>

User name.

[-f,--forceLock]

Forcibly applies the configuration changes.

Parameter	Description
<user-name>	User name.
[-f,--forceLock]	Forcibly applies the configuration changes.

Example

[MASTER]domain1.adminServer> remove-user user1
The user [user1] has been successfully removed.

1.23. remove-user-from-group

Dynamically deletes a user member from a group in the current domain.

Alias

removeuserfromgroup

Usage

remove-user-from-group <group-name>
          <user-name>
          [-domain <domain-name>]
          [-f,--forceLock]

Parameters

Parameter Description

<group-name>

Group name.

<user-name>

User name.

[-f,--forceLock]

Forcibly applies the configuration changes.

Parameter	Description
<group-name>	Group name.
<user-name>	User name.
[-f,--forceLock]	Forcibly applies the configuration changes.

Example

[MASTER]domain1.adminServer> remove-user-from-group group1 user1
The user [user1] has been successfully removed from the group [group1].

1.24. set-password

Dynamically sets the user password. The password must be created using plain characters without any encryption or encoding. The password can be encrypted using the -algorithm option. The user must login again with a new password.

This command deletes all previous passwords set for the user.

Alias

setpassword

Usage

set-password <user-name>
          <password>
          [-algorithm <algorithm>]
          [-domain <domain-name>]
          [-f,--forceLock]

Parameters

Parameter	Description
<user-name>	User name.
<password>	[Dynamic] User password.
[-algorithm < algorithm>]	[Dynamic] Password encryption algorithms. Input options: AES base64 DES DESede Blowfish SEED SHA
[-f,--forceLock]	Forcibly applies the configuration changes.

Parameter

Description

<user-name>

User name.

<password>

[Dynamic] User password.

[-algorithm < algorithm>]

[Dynamic] Password encryption algorithms.

Input options:

AES
base64
DES
DESede
Blowfish
SEED
SHA

[-f,--forceLock]

Forcibly applies the configuration changes.

Example

[MASTER]domain1.adminServer> set-password user1 pass1 -algorithm AES
The password is set for [user1].

1.25. show-custom-password-validator

Displays the current custom password validator settings. For more information about password validation, refer to Password Security Settings in JEUS Security Guide.

Alias

show-custom-validator
Usage
```
show-custom-password-validator
```

Example

[MASTER]domain1.adminServer> show-custom-password-validator
================================================================================
+------------------------------------------------------------------------------+
|                     custom password validator class names                    |
+------------------------------------------------------------------------------+
| MyValidator                                                                  |
+------------------------------------------------------------------------------+
================================================================================

1.26. show-default-password-validator

Displays the current default password validator settings. For more information about password validation, refer to Password Security Settings in JEUS Security Guide.

Alias

show-password-validator
Usage
```
show-default-password-validator
```

Example

[MASTER]domain1.adminServer> show-default-password-validator
================================================================================
+----------------------------------------------------------------------+-------+
|                               property                               | value |
+----------------------------------------------------------------------+-------+
| min length                                                           |     4 |
| max length                                                           |   255 |
| include special characters                                           | true  |
| include digit characters                                             | false |
| include capital characters                                           | false |
| include small characters                                             | false |
| exclude user id                                                      | false |
+----------------------------------------------------------------------+-------+
================================================================================

1.27. show-subject-validation

Displays the current subject validation service settings. For more information about subject validation, refer to [Subject Validation] menu in JEUS Security Guide.

Alias

ssv
Usage
```
show-subject-validation
```

Example

[MASTER]domain1.adminServer> show-subject-validation
================================================================================
+--------------------------+---------------------------------------------------+
|           Type           |                     Class name                    |
+--------------------------+---------------------------------------------------+
| DefaultSubjectValidation | jeus.security.impl.expiration.SubjectExpirationVa |
|                          |lidationService                                    |
+--------------------------+---------------------------------------------------+
| DefaultSubjectValidation | jeus.security.impl.lockout.SubjectLockoutValidati |
|                          |onService                                          |
+--------------------------+---------------------------------------------------+
================================================================================

1.28. show-group

Displays detailed group information.

Alias

showgroup, getgroup

Usage

show-group <group-name>
          [-domain <domain-name>]

Parameters

Parameter Description

<group-name>

Group name.

Parameter	Description
<group-name>	Group name.

Example

[MASTER]domain1.adminServer> show-group Administrators
Administrators(members:Principal admin,Principal user1)

1.29. show-policy

Displays policies that include a context ID. If a context-id is not specified, it is set to "default".

Alias

showpolicy, getpolicy

Usage

show-policy [-contextid <context-id>]
          [-domain <domain-name>]

Parameters

Parameter Description

[-contextid <context-id>]

Context name that distinguishes policies.

Parameter	Description
[-contextid <context-id>]	Context name that distinguishes policies.

Example

[MASTER]domain1.adminServer> show-policy
______________POLICY_______________
ROLE PERMISSIONS:
PERMISSION MAP
--------------
Excluded permissions:
(none)

Unchecked permissions:
(jeus.security.resource.RolePermission jndiUser)

Checked permissions:
Permission owner:
Principal user1
Permissions of owner:
(jeus.security.resource.RolePermission AdministratorsRole)

Permission owner:
Principal anonymous
Permissions of owner:
(jeus.security.resource.RolePermission jndiUser)

Unassigned permissions:


RESOURCE PERMISSIONS:
Context id: default
PERMISSION MAP
--------------
Excluded permissions:
(none)
Unchecked permissions:
(none)

Checked permissions:
Permission owner:
Role jndiUser
Permissions of owner:
(jeus.security.resource.ResourcePermission jeus.jndi.* lookup)

Permission owner:
Role AdministratorsRole
Permissions of owner:
(jeus.security.resource.ResourcePermission jeus.* *)

Unassigned permissions:

1.30. show-user

Displays detailed user information.

Alias

showuser, getuser

Usage

show-user <user-name>
          [-domain <domain-name>]

Parameters

Parameter Description

<user-name>

User name.

Parameter	Description
<user-name>	User name.

Example

[MASTER]domain1.adminServer> show-user user1
[SUBJECT]
Description: No description
Domain: SYSTEM_DOMAIN
Main principal: Principal user1
Principals: [Principal user1,Administrators(members:Principal admin,Principal user1)]
Public credentials: []

1.31. unassign-role-from-principal

Dynamically deletes a role from a principal.

Alias

unassignrole, unassign-role

Usage

unassign-role-from-principal <principal>
          <role-name>
          [-domain <domain-name>]
          [-f,--forceLock]

Parameters

Parameter Description

<principal>

Principal name.

<role-name>

[Dynamic] Role name.

[-f,--forceLock]

Forcibly applies the configuration changes.

Parameter	Description
<principal>	Principal name.
<role-name>	[Dynamic] Role name.
[-f,--forceLock]	Forcibly applies the configuration changes.

Example

[MASTER]domain1.adminServer> unassign-role-from-principal jeus jndiuser
The role [jndiuser] has been successfully unassigned from the principal [jeus].

1.32. unassign-resource-from-role

Dynamically deletes a resource from a role. The role cannot access the resource.

Alias

unassignresource, usassignres

Usage

unassign-resource-from-role <resource-name>
          <actions>
          <role-name>
          [-contextid <context-id>]
          [-domain <domain-name>]
          [-f,--forceLock]

Parameters

Parameter	Description
<resource-name>	[Dynamic] Resource name.
<actions>	[Dynamic] List of actions for the resource.
<role-name>	Role name.
[-contextid <context-id>]	[Dynamic] Context name that distinguishes policies.
[-f,--forceLock]	Forcibly applies the configuration changes.

Parameter

Description

<resource-name>

[Dynamic] Resource name.

<actions>

[Dynamic] List of actions for the resource.

<role-name>

Role name.

[-contextid <context-id>]

[Dynamic] Context name that distinguishes policies.

[-f,--forceLock]

Forcibly applies the configuration changes.

Example

[MASTER]domain1.adminServer> unassign-resource-from-role jeus.* -actions deploy-applications deployRole
The resource [name=jeus.*, actions=deploy-applications] has been successfully unassigned from the role [deployRole].

1.33. unexpire-user

Removes an expiration time that has been specified with expire-user.

Alias

unexpireuser, unexuser

Usage

unexpire-user <user-name>
            [-domain <domain-name>]

Parameters

Parameter Description

<user-name>

User name.

Parameter	Description
<user-name>	User name.

Example

[MASTER]domain1.adminServer> unexpire-user user2
The expiry time for user [user2] is canceled.

1.34. unlock-user

Releases a lock that has been set using lock-user.

Alias

unlockuser

Usage

unlock-user  <user-name>
          [-domain <domain-name>]

Parameters

Parameter Description

<user-name>

User name.

Parameter	Description
<user-name>	User name.

Example

[MASTER]domain1.adminServer> unlock-user user2
The user [user2] has been successfully unlocked.