SECPROP is a command-line utility that you can use to manage properties in the oeablSecurity.properties file.

What is the oeablSecurity.properties file?

The oeablSecurity.properties file provides an easy way for you to configure security properties for a PAS for OpenEdge web application. It acts as an interface to the Spring Security framework that guards the web application. Instead of changing Spring bean constructor and property settings in multiple XML files, you can manage all security properties for your web application from one single location in the oeablSecurity.properties file.

Security property levels

While the purpose of the oeablSecurity.properties file is to secure a PAS for OpenEdge web application, the security properties are distributed and replicated across four hierarchical levels:

  • In OpenEdge_Install_Directory/servers/pasoe/conf: When you install OpenEdge, a copy of the oeablSecurity.properties file is created in this directory. This is a master file that contains ALL security properties that can be set for a web application.
  • In PASOE_instance_directory/conf: When you create a PAS for OpenEdge instance, a copy of the oeablSecurity.properties file is created in this directory from the master file. This file inherits a subset of the master file’s properties.
  • In PASOE_instance_directory/ablapps/ABLApp_directory/conf: When you deploy an ABL application to a PAS for OpenEdge instance, a copy of the oeablSecurity.properties file is created in this directory. It inherits properties from the instance-level security properties file.
  • In PASOE_instance_directory/webapps/WebApp_directory/WEB-INF: When you deploy a web application for an ABL application to a PAS for OpenEdge instance, a copy of the oeablSecurity.properties file is created in this directory. It inherits properties from the ABL application-level security properties file.

The inheritance architecture is represented in the following diagram:

A parent-child relationship exists between each level in this architecture. If you modify security properties at the parent level, then the changes are propagated to any new children.

For example, if you modify the oeablSecurity file for a PAS for OpenEdge instance, any new ABL applications that are deployed to the instance get a copy of the updated file. Similarly, if you modify security properties at the ABL application level, any new web applications that are created for that ABL application get an updated copy of the ABL application's oeablSecurity file.

Note: You cannot use the SECPROP utility to modify the oeablSecurity.properties file at the top-most level; that is, in the OpenEdge_installation/servers/pasoe/conf directory. Furthermore, if you modify properties at any of the child levels, then any changes to the parent-level properties apply only to new children of the same parent.

Syntax

secprop log_level(Optional) operation_type_parameter filter operation

Log level

Use the parameters listed below to optionally set the logging level. By default, log messages are written to the command line console. However, you can modify this behavior to write the log output to a file by configuring the secproputil-logging.xml file that you can find in the conf folder in a PAS for OpenEdge instance's directory, and also in the /servers/pasoe/conf directory in the OpenEdge root installation folder.

-v
Sets the logging level to INFO. This is the default level. Typically returns a single line log message for each operation performed or error thrown.
-g
Sets the logging level to DEBUG. Returns debug messages about the operation that was performed or attempted and the files that were accessed. Also includes INFO-level messages.
-t
Sets the logging level to TRACE. Returns detailed messages about each method that was called internally while attempting to perform an operation. Also includes DEBUG and INFO-level messages.

Operation type parameters

-h/-help
Displays the syntax and parameter descriptions for the SECPROP command.
-m
Specify this parameter if you want to perform list, update, add, or delete operations.
-r
Specify this parameter to resolve a property value across hierarchical levels. The SECPROP utility starts by attempting to find the property in the oeablSecurity.properties file for specified web application, ABL application, or PAS for OpenEdge instance. If it does not find it, it searches in the parent level security properties file, and then at the grandparent level, and so on, until it reaches the root installation level. If the property is not found at any of the levels, then an error is displayed.

Filters

-c
Use this filter if you want to list properties in the master oeablSecurity.properties file.
-i PASOE_instance_name
Use this filter to specify the name of a PAS for OpenEdge instance. For example, -i oepas1. The operation that you perform (listing, updating, adding, or deleting security properties) applies only to this PAS for OpenEdge instance.
-a PASOE_instance_name.ABLApp_name
Use this filter to specify the name of an ABL application. For example, -a oepas1.myABLApp. The operation that you perform (listing, updating, adding, or deleting security properties) applies only to this ABL application.
-w PASOE_instance_name.ABLApp_name.Webapp_name
Use this filter to specify the name of a web application. For example, -w oepas1.myABLApp.myWebApp. The operation that you perform (listing, updating, adding, or deleting security properties) applies only to this web application.

You can also concatenate filter parameters to perform operations at multiple levels simultaneously.

-ia PASOE_instance_name.ABLApp_name

For example, -ia oepas1.myABLApp. This enables you to define operations (listing, updating, adding, or deleting security properties) that apply to the PAS for OpenEdge instance as well as the ABL application.

-iaw PASOE_instance_name.ABLApp_name.Webapp_name
For example, -iaw oepas1.myABLApp.myWebApp. This enables you to define operations (listing, updating, adding, or deleting security properties) that apply to the PAS for OpenEdge instance, the ABL application, as well as the web application.

Read operations

To read the value of a property, simply enter the property name. For example:

secprop -m -i oepas1 http.all.realm

To list all the properties of an oeablSecurity.properties file, use the all switch. For example:

secprop -m -i oepas1 -all

To read the value of a property at multiple hierarchical levels, combine i, a, and w filter parameters. For example:

secprop -m -iaw oepas1.myABLApp.myWebApp http.all.realm

You can also read the values of different properties at different levels as shown in this example:

secprop -m -iaw oepas1.myABLApp.myWebApp i:http.all.realm a:OEClientPrincipalFilterKey w:OECORSFilter.allowAll

To find the value of a property or to find if the property exists in an oeablSecurity.properties at any of the parent levels of the specified web application, ABL application, or PAS for OpenEdge instance, use the -roperational type parameter. For example:

secprop -r oepas1.myABLApp.myWebApp w:OECORSFilter.allowAll

You can also use the -r operational type parameter to find the value of different properties as shown in this example:

secprop -r oepas1.myABLApp.myWebApp i:http.all.realm a:OEClientPrincipalFilterKey w:OECORSFilter.allowAll

Update operations

To update the value of a property, simply enter the property name and value pair. For example:

secprop -m -i oepas1 http.all.realm=OpenEdge

To update the value of a property at multiple levels, combine i, a, and w filter parameters. For example:

secprop -m -iaw oepas1.myABLApp.myWebApp http.all.realm=OpenEdge

You can also update the values of different properties at different levels as shown in this example:

secprop -m -iaw oepas1.myABLApp.myWebApp i:http.all.realm=OpenEdge a:OEClientPrincipalFilterKey=myKey w:OECORSFilter.allowAll=false
Note: You can update a property only if the property already exists in the oeablSecurity.properties file that you are trying to modify. If the property does not exist, then the update operation fails for that file and the SECPROP generates an error.

Add operations

To add a property, use the + switch in conjunction with a filter parameter. For example:

secprop -m -i oepas1 +i:http.all.realm=OpenEdge

To add a property at multiple levels, combine the i, a, and w filter parameters. For example:

secprop -m -iaw oepas1.myABLApp.myWebApp http.all.realm=OpenEdge

You can also add different properties at different levels by using filter parameters:

secprop -m -iaw oepas1.myABLApp.myWebApp +i:http.all.realm=OpenEdge +a:OEClientPrincipalFilter.domain=progress +w:OECORSFilter.allowAll=true
Note: You can add a property only if the property does not already exist. If the property exists in an oeablSecurity.properties file, then the add operation fails for that file and the SECPROP utility generates an error.

Delete operations

To delete a property, use the ~ switch in conjunction with a filter parameter. For example:

secprop -m -i oepas1 ~i:http.all.realm

To delete a property at multiple levels, combine the i, a, and w parameters. For example:

secprop -m -iaw oepas1.myABLApp.myWebApp http.all.realm

You can also delete different properties at different levels:

secprop -m -iaw oepas1.myABLApp.myWebApp ~i:http.all.realm ~a:OEClientPrincipalFilter.domain ~w:OECORSFilter.allowAll

Performing multiple operations

You can also perform multiple operations in the same SECPROP command, using the relevant parameters and switches as shown in this example:

secprop -m -iaw oepas1.myABLApp.myWebApp ~i:http.all.realm +a:OEClientPrincipalFilter.domain=progress w:OECORSFilter.allowAll