Configuring Existing WebLogic Domains 6-7 WLST cannot invoke this command from the edit hierarchy, but it can invoke the command from the serverConfig or domainConfig hierarchy. The following WLST online script invokes createUser on the default authentication provider. Example 6–6 Creating a User from weblogic.management.security.authentication import UserEditorMBean print Creating a user ... atnr=cmo.getSecurityConfiguration.getDefaultRealm.lookupAuthentication ProviderDefaultAuthenticator atnr.createUsernew_user,welcome1,new_admin print Created user successfully

6.3.3 Adding a User to a Group

To add a user to a group, invoke the GroupEditorMBean.addMemberToGroup method, which is extended by the security realms AuthenticationProvider MBean. For more information, see the addMemberToGroup method in the Oracle WebLogic Server MBean Reference. The method requires two input parameters: groupname username WLST cannot invoke this command from the edit hierarchy, but it can invoke the command from the serverConfig or domainConfig hierarchy. The following WLST online script invokes addMemberToGroup on the default Authentication Provider. For information on how to run this script, see Section 2.4.1, Invoking WLST . Example 6–7 Adding a User to a Group from weblogic.management.security.authentication import GroupEditorMBean print Adding a user ... atnr=cmo.getSecurityConfiguration.getDefaultRealm.lookupAuthenticationProvider DefaultAuthenticator atnr.addMemberToGroupAdministrators,my_user print Done adding a user

6.3.4 Verifying Whether a User Is a Member of a Group

To verify whether a user is a member of a group, invoke the GroupEditorMBean.isMember method, which is extended by the security realms AuthenticationProvider MBean. For more information, see the isMember method in the Oracle WebLogic Server MBean Reference. The method requires three input parameters: groupname username boolean where boolean specifies whether the command searches within child groups. If you specify true, the command returns true if the member belongs to the group that you specify or to any of the groups contained within that group. WLST cannot invoke this command from the edit hierarchy, but it can invoke the command from the serverConfig or domainConfig hierarchy. 6-8 Oracle Fusion Middleware Oracle WebLogic Scripting Tool The following WLST online script invokes isMember on the default Authentication Provider. For information on how to run this script, see Section 2.4.1, Invoking WLST . Example 6–8 Verifying Whether a User is a Member of a Group from weblogic.management.security.authentication import GroupEditorMBean user = my_user print Checking if +user+ is a Member of a group ... atnr=cmo.getSecurityConfiguration.getDefaultRealm.lookupAuthenticationProvider DefaultAuthenticator if atnr.isMemberAdministrators,user,true == 0: print user+ is not member of Administrators else: print user+ is a member of Administrators

6.3.5 Listing Groups to Which a User Belongs