6-8 Oracle Fusion Middleware Oracle WebLogic Scripting Tool The following WLST online script invokes isMember on the default Authentication Provider. For information on how to run this script, see Section 2.4.1, Invoking WLST . Example 6–8 Verifying Whether a User is a Member of a Group from weblogic.management.security.authentication import GroupEditorMBean user = my_user print Checking if +user+ is a Member of a group ... atnr=cmo.getSecurityConfiguration.getDefaultRealm.lookupAuthenticationProvider DefaultAuthenticator if atnr.isMemberAdministrators,user,true == 0: print user+ is not member of Administrators else: print user+ is a member of Administrators

6.3.5 Listing Groups to Which a User Belongs

To see a list of groups that contain a user or a group, invoke the MemberGroupListerMBean.listMemberGroups method, which is extended by the security realms AuthenticationProvider MBean. For more information, see the listMemberGroups method of the MemberGroupListerMBean in the WebLogic Server MBean Reference. The method requires one input parameter: memberUserOrGroupName where memberUserOrGroupName specifies the name of an existing user or a group. WLST cannot invoke this command from the edit hierarchy, but it can invoke the command from the serverConfig or domainConfig hierarchy. The following WLST online script invokes listMemberGroups on the default Authentication provider. For information on how to run this script, see Section 2.4.1, Invoking WLST . Example 6–9 Listing Groups to Which a User Belongs from weblogic.management.security.authentication import MemberGroupListerMBean print Listing the member groups ... atnr=cmo.getSecurityConfiguration.getDefaultRealm.lookupAuthenticationProvider DefaultAuthenticator x = atnr.listMemberGroupsmy_user print x The method returns a cursor value for example, Cursor_16, which refers to a list of names. The NameLister.haveCurrent, getCurrentName, and advance operations iterate through the returned list and retrieve the name to which the current cursor position refers. See NameListerMBean in the Oracle WebLogic Server MBean Reference.

6.3.6 Listing Users and Groups in a Security Realm

To see a list of user or group names, you invoke a series of methods, all of which are available through the AuthenticationProvider interface: ■ The GroupReaderMBean.listGroups and UserReaderMBean.listUsers methods take two input parameters: a pattern of user or group names to search for, and the maximum number of names that you want to retrieve. Configuring Existing WebLogic Domains 6-9 Because a security realm can contain thousands or more of user and group names that match the pattern, the methods return a cursor, which refers to a list of names. For more information, see the listGroups operation in the GroupReaderMBean and the listUsers operation in the UserReaderMBean in the Oracle WebLogic Server MBean Reference. ■ The NameLister.haveCurrent, getCurrentName, and advance operations iterate through the returned list and retrieve the name to which the current cursor position refers. For more information, see NameListerMBean in the Oracle WebLogic Server MBean Reference. ■ The NameLister.close operation releases any server-side resources that are held on behalf of the list. WLST cannot invoke these commands from the edit hierarchy, but it can invoke them from the serverConfig or domainConfig hierarchy. The WLST online script in Example 6–10 lists all the users in a realm and the groups to which they belong. For information on how to run this script, see Section 2.4.1, Invoking WLST . Example 6–10 Listing Users and Groups from weblogic.management.security.authentication import UserReaderMBean from weblogic.management.security.authentication import GroupReaderMBean realm=cmo.getSecurityConfiguration.getDefaultRealm atns = realm.getAuthenticationProviders for i in atns: if isinstancei,UserReaderMBean: userReader = i cursor = i.listUsers,0 print Users in realm +realm.getName+ are: while userReader.haveCurrentcursor: print userReader.getCurrentNamecursor userReader.advancecursor userReader.closecursor for i in atns: if isinstancei,GroupReaderMBean: groupReader = i cursor = i.listGroups,0 print Groups in realm are: while groupReader.haveCurrentcursor: print groupReader.getCurrentNamecursor groupReader.advancecursor groupReader.closecursor

6.3.7 Changing a Password