More Kerberos config and adding trace/trace file volume

.gitignore

@@ -11,4 +11,5 @@
 gradle/.DS_Store
 liberty/.DS_Store
 websphere-traditional/.DS_Store
-websphere-traditional/build/
+websphere-traditional/build/
+/trace

README.md

@@ -24,6 +24,7 @@ This shows that DB2 won't accept user/password, because it is expecting kerberos
 
 ### WebSphere traditional
 **Not working. Needs kerberos errors investigated**   
+WAS side driver config??
 
 Also needs `./gradlew libertyPackage` run to copy the db2 driver and app to the correct directory.
 
@@ -40,8 +41,9 @@ The application can be accessed at the endpoint:
 /opt/IBM/WebSphere/AppServer/bin/wsadmin.sh -conntype NONE -lang jython
 
 ### Kerberos
-Realm: EXAMPLE.COM
+Realm: EXAMPLE.COM  
 User: db2user/[email protected]
+User: db2user/[email protected]
 
 
 ### DB2

docker-compose.yml

@@ -11,9 +11,12 @@ services:
     environment:
       - KRB5_REALM=EXAMPLE.COM
       - KRB5_KDC=kerberos
+      - ENABLE_BASIC_LOGGING=true
     networks:
       krbnet:
         ipv4_address: 10.5.0.2
+    volumes:
+      - ./trace/twas/logs:/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/logs
 #  liberty:
 #    build: liberty
 #    ports:

websphere-traditional/work/config/kerberos.py

@@ -16,4 +16,36 @@
 AdminConfig.save()
 datasourceID = AdminTask.createDatasource(providerID, '[-name DB2 -jndiName jdbc/db2ds -dataStoreHelperClassName com.ibm.websphere.rsadapter.DB2UniversalDataStoreHelper -containerManagedPersistence true -componentManagedAuthenticationAlias -configureResourceProperties [[databaseName java.lang.String TESTDB] [driverType java.lang.Integer 4] [serverName java.lang.String db2] [portNumber java.lang.Integer 50000]]]') 
 AdminConfig.create('MappingModule', datasourceID, '[[authDataAlias ""] [mappingConfigAlias KerberosMapping]]') 
+AdminConfig.save()
+#props = AdminConfig.create('J2EEResourcePropertySet', datasourceID,[]) 
+#AdminConfig.create('J2EEResourceProperty', props, '[[name "kerberosServerPrincipal"] [type "java.lang.String"] [description "For a data source that uses Kerberos security, specifies the name that is used for the data source when it is registered with the Kerberos Key Distribution Center (KDC). It should be of the format user@realm."] [value "[email protected]"] [required "false"]]')
+#AdminConfig.create('J2EEResourceProperty', props, '[[name "securityMechanism"] [type "java.lang.Integer"] [description "Specifies the DRDA security mechanism. Possible values are: 3 (CLEAR_TEXT_PASSWORD_SECURITY), 4 (USER_ONLY_SECURITY), 7 (ENCRYPTED_PASSWORD_SECURITY), 9 (ENCRYPTED_USER_AND_PASSWORD_SECURITY), or 11 (KERBEROS_SECURITY). If this property is specified, the specified security mechanism is the only mechanism that is used. If no value is specified for this property, 3 is used."] [value "11"] [required "false"]]') 
+propSet = AdminConfig.showAttribute(datasourceID, 'propertySet')
+#AdminConfig.create('J2EEResourceProperty', propSet, '[[name "kerberosServerPrincipal"] [type "java.lang.String"] [description "For a data source that uses Kerberos security, specifies the name that is used for the data source when it is registered with the Kerberos Key Distribution Center (KDC). It should be of the format user@realm."] [value "[email protected]"] [required "false"]]') 
+#AdminConfig.modify('J2EEResourceProperty', propSet, '[[name "securityMechanism"] [type "java.lang.Integer"] [description "Specifies the DRDA security mechanism. Possible values are: 3 (CLEAR_TEXT_PASSWORD_SECURITY), 4 (USER_ONLY_SECURITY), 7 (ENCRYPTED_PASSWORD_SECURITY), 9 (ENCRYPTED_USER_AND_PASSWORD_SECURITY), or 11 (KERBEROS_SECURITY). If this property is specified, the specified security mechanism is the only mechanism that is used. If no value is specified for this property, 3 is used."] [value "11"] [required "false"]]') 
+#AdminConfig.modify(propSet, '[[name "securityMechanism"] [type "java.lang.Integer"] [description "Specifies the DRDA security mechanism. Possible values are: 3 (CLEAR_TEXT_PASSWORD_SECURITY), 4 (USER_ONLY_SECURITY), 7 (ENCRYPTED_PASSWORD_SECURITY), 9 (ENCRYPTED_USER_AND_PASSWORD_SECURITY), or 11 (KERBEROS_SECURITY). If this property is specified, the specified security mechanism is the only mechanism that is used. If no value is specified for this property, 3 is used."] [value "11"] [required "false"]]')
+
+myrps = AdminConfig.list('J2EEResourceProperty', propSet).split(lineSeparator)
+for myrp in myrps: 
+  myrpname = AdminConfig.showAttribute(myrp,"name")
+  if myrpname=="kerberosServerPrincipal": 
+    myrp = myrp[myrp.find("("):len(myrp)] 
+    AdminConfig.modify(myrp, '[[name "kerberosServerPrincipal"] [type "java.lang.String"] [description "For a data source that uses Kerberos security, specifies the name that is used for the data source when it is registered with the Kerberos Key Distribution Center (KDC). It should be of the format user@realm."] [value "db2user/[email protected] "] [required "false"]]')
+  if myrpname=="securityMechanism":
+    myrp = myrp[myrp.find("("):len(myrp)]
+    AdminConfig.modify(myrp, '[[name "securityMechanism"] [type "java.lang.Integer"] [description "Specifies the DRDA security mechanism. Possible values are: 3 (CLEAR_TEXT_PASSWORD_SECURITY), 4 (USER_ONLY_SECURITY), 7 (ENCRYPTED_PASSWORD_SECURITY), 9 (ENCRYPTED_USER_AND_PASSWORD_SECURITY), or 11 (KERBEROS_SECURITY). If this property is specified, the specified security mechanism is the only mechanism that is used. If no value is specified for this property, 3 is used."] [value "11"] [required "false"]]')
+AdminConfig.save()
+
+#Set Trace
+serverName = "server1"
+print serverName
+server = AdminConfig.getid('/Server:'+serverName+'/')
+print server
+tc = AdminConfig.list('TraceService', server)
+print tc
+traceSpec = "*=info: WAS.j2c=all: RRA=all"
+print traceSpec
+attrs = [["startupTraceSpecification", traceSpec]]
+print attrs
+AdminConfig.modify(tc, attrs)
 AdminConfig.save()