Manage security properties using SECPROP
- Last Updated: April 25, 2019
- 6 minute read
- OpenEdge
- Version 12.2
- Documentation
SECPROP is a command-line utility for managing properties in the oeablSecurity.properties file.
The oeablSecurity.properties file
The oeablSecurity.properties file provides an easy way for you to configure security properties for a PAS for OpenEdge web application. It acts as an interface to the Spring Security framework that guards the web application. Instead of changing Spring bean constructor and property settings in multiple XML files, you can manage all security properties for your web application from one location in the oeablSecurity.properties file.
Security property levels
Even though the purpose of the oeablSecurity.properties file is to secure a PAS for OpenEdge web application, the security properties are distributed and replicated across four hierarchical levels:
- In OpenEdge_Install_Directory/servers/pasoe/conf: When you install OpenEdge, a copy of the oeablSecurity.properties file is created in this directory. This is a master file that contains all security properties that can be set for a web application.
- In PASOE_instance_directory/conf: When you create a PAS for OpenEdge instance, a copy of the oeablSecurity.properties file is created in this directory from the master file. This file inherits a subset of the master file’s properties.
- In PASOE_instance_directory/ablapps/ABLApp_directory/conf: When you deploy an ABL application to a PAS for OpenEdge instance, a copy of the oeablSecurity.properties file is created in this directory. It inherits properties from the instance-level, security properties file.
- In PASOE_instance_directory/webapps/WebApp_directory/WEB-INF: When you deploy a web application for an ABL application to a PAS for OpenEdge instance, a copy of the oeablSecurity.properties file is created in this directory. It inherits properties from the ABL application-level, security properties file.
The inheritance architecture is represented in the following diagram:
A parent-child relationship exists between each level in this architecture. If you modify security properties at the parent level, then the changes are propagated to any new children.
For example, if you modify the oeablSecurity file for a PAS for OpenEdge instance, then any new ABL applications that are deployed to the instance get a copy of the updated file. Similarly, if you modify security properties at the ABL application level, then any new web applications that are created for that ABL application get an updated copy of the ABL application's oeablSecurity file.
Syntax
|
Log level
Use the following parameters listed to optionally set the logging level. By default, log messages are written to the command-line console. However, you can modify this behavior to write the log output to a file by configuring the secproputil-logging.xml file that you can find in the conf folder in a PAS for OpenEdge instance's directory, and also in the /servers/pasoe/conf directory in the OpenEdge root installation folder.
- -v
- Sets the logging level to INFO. This is the default level. Typically the -v parameter returns a single line log message for each operation performed or error thrown.
- -g
- Sets the logging level to DEBUG. The -g parameter returns debug messages about the operation that was performed or attempted and the files that were accessed. It also includes INFO-level messages.
- -t
- Sets the logging level to TRACE. The -t parameter detailed messages about each method that was called internally while attempting to perform an operation. It also includes DEBUG-level and INFO-level messages.
Operation type parameters
- -h/-help
- Displays the syntax and parameter descriptions for the SECPROP command.
- -m
- Performs list, update, add, or delete operations.
- -f
- This parameter allows you to merge an existing
oeablSecurity.propertiesproperty file with any level of an instance, such as instance level, ABL application level, and web application level. You must specify-foption to use the merge functionality. This functionality simplifies the procedure to add or update properties in theoeablSecurity.propertiesfile.For example, to merge themyoeablSecurity.propertiesfile with theclient.login.model=samlproperty, perform the following:Note: The contents ofmyoeablSecurity.propertiesfile should beclient.login.model=saml.To merge this file with an instance, type:secprop -f -i oepas1.oepas1.ROOT myoeablSecurity.propertiesTo view the update for the instance, ABL application, and web application, type:secprop -m -iaw oepas1.oepas1.ROOT client.login.modelYou can view the output as:i: client.login.model=saml a: client.login.model=anonymous w: client.login.model=anonymous - -r
- Resolves a property value across hierarchical levels. The
SECPROP utility attempts to find the property in the
oeablSecurity.propertiesfile for a specified web application, ABL application, or PAS for OpenEdge instance. If the utility does not find a properties file at the specified level, it searches in the parent-level security properties file, and then at the grandparent-level, and so on, until it reaches the root installation level. If the property is not found at any of the levels, then an error is displayed.
Filters
- -c
- List the properties in the master oeablSecurity.properties file.
- -i PASOE_instance_name
- The name of a PAS for OpenEdge instance, for example,
-i oepas1. The operation that you perform (listing, updating, adding, or deleting security properties) applies only to this PAS for OpenEdge instance. - -a PASOE_instance_name.ABLApp_name
- The name of an ABL application, for example,
-a oepas1.myABLApp. The operation that you perform (listing, updating, adding, or deleting security properties) applies only to this ABL application. - -w PASOE_instance_name.ABLApp_name.Webapp_name
- The name of a web application, for example,
-w oepas1.myABLApp.myWebApp. The operation that you perform (listing, updating, adding, or deleting security properties) applies only to this web application.
You can also concatenate filter parameters to perform operations at multiple levels simultaneously.
- -ia PASOE_instance_name.ABLApp_name
-
For example,
-ia oepas1.myABLApp. You can define operations (listing, updating, adding, or deleting security properties) that apply to the PAS for OpenEdge instance and the ABL application. - -iaw PASOE_instance_name.ABLApp_name.Webapp_name
- For example,
-iaw oepas1.myABLApp.myWebApp. You can define operations (listing, updating, adding, or deleting security properties) that apply to the PAS for OpenEdge instance, the ABL application, and the web application.
Read operations
To read the value of a property, enter the property name, for example:
|
To list all the properties of an oeablSecurity.properties file, use the all switch, for example:
|
To read the value of a property at multiple hierarchical levels,
combine i, a,
and w filter parameters, for example:
|
You can also read the values of different properties at different levels, for example:
|
To find the value of a property or to check whether the property
exists in an oeablSecurity.properties at any
of the parent levels of the specified web application, ABL application, or PAS for
OpenEdge instance, use the -r operational type
parameter, for example:
|
To find the value of different properties, use the -r operational type parameter, for example:
|
Update operations
To update the value of a property, enter the property name and value pair, for example:
|
To update the value of a property at multiple levels, combine
i, a, and
w filter parameters, for example:
|
You can also update the values of different properties at different levels, for example:
|
Add operations
To add a property, use the +
switch in conjunction with a filter parameter, for example:
|
To add a property at multiple levels, combine the i, a, and w filter parameters, for example:
|
You can also add different properties at different levels by using filter parameters:
|
Delete operations
To delete a property, use the ~
switch in conjunction with a filter parameter, for example:
|
To delete a property at multiple levels, combine the i, a, and w parameters, for example:
|
You can also delete different properties at different levels, for example:
|
Performing multiple operations
You can perform multiple operations in the same SECPROP command, using the relevant parameters and switches, for example:
|