6-8 Oracle Fusion Middleware Oracle WebLogic Scripting Tool
The following WLST online script invokes isMember on the default Authentication Provider. For information on how to run this script, see
Section 2.4.1, Invoking WLST
.
Example 6–8 Verifying Whether a User is a Member of a Group
from weblogic.management.security.authentication import GroupEditorMBean user = my_user
print Checking if +user+ is a Member of a group ... atnr=cmo.getSecurityConfiguration.getDefaultRealm.lookupAuthenticationProvider
DefaultAuthenticator if atnr.isMemberAdministrators,user,true == 0:
print user+ is not member of Administrators else:
print user+ is a member of Administrators
6.3.5 Listing Groups to Which a User Belongs
To see a list of groups that contain a user or a group, invoke the MemberGroupListerMBean.listMemberGroups method, which is extended by
the security realms AuthenticationProvider MBean. For more information, see the listMemberGroups method of the MemberGroupListerMBean in the WebLogic
Server MBean Reference.
The method requires one input parameter: memberUserOrGroupName
where memberUserOrGroupName specifies the name of an existing user or a group. WLST cannot invoke this command from the edit hierarchy, but it can invoke the
command from the serverConfig or domainConfig hierarchy. The following WLST online script invokes listMemberGroups on the default
Authentication provider. For information on how to run this script, see Section 2.4.1,
Invoking WLST .
Example 6–9 Listing Groups to Which a User Belongs
from weblogic.management.security.authentication import MemberGroupListerMBean print Listing the member groups ...
atnr=cmo.getSecurityConfiguration.getDefaultRealm.lookupAuthenticationProvider DefaultAuthenticator
x = atnr.listMemberGroupsmy_user print x
The method returns a cursor value for example, Cursor_16, which refers to a list of names. The NameLister.haveCurrent, getCurrentName, and advance
operations iterate through the returned list and retrieve the name to which the current cursor position refers. See NameListerMBean in the Oracle WebLogic Server MBean
Reference.
6.3.6 Listing Users and Groups in a Security Realm
To see a list of user or group names, you invoke a series of methods, all of which are available through the AuthenticationProvider interface:
■
The GroupReaderMBean.listGroups and UserReaderMBean.listUsers methods take two input parameters: a pattern of user or group names to search
for, and the maximum number of names that you want to retrieve.
Configuring Existing WebLogic Domains 6-9
Because a security realm can contain thousands or more of user and group names that match the pattern, the methods return a cursor, which refers to a list of
names.
For more information, see the listGroups operation in the GroupReaderMBean and the listUsers operation in the UserReaderMBean in the Oracle WebLogic
Server MBean Reference.
■
The NameLister.haveCurrent, getCurrentName, and advance operations iterate through the returned list and retrieve the name to which the current cursor
position refers. For more information, see NameListerMBean in the Oracle WebLogic Server MBean Reference.
■
The NameLister.close operation releases any server-side resources that are held on behalf of the list.
WLST cannot invoke these commands from the edit hierarchy, but it can invoke them from the serverConfig or domainConfig hierarchy.
The WLST online script in Example 6–10
lists all the users in a realm and the groups to which they belong. For information on how to run this script, see
Section 2.4.1, Invoking WLST
.
Example 6–10 Listing Users and Groups
from weblogic.management.security.authentication import UserReaderMBean from weblogic.management.security.authentication import GroupReaderMBean
realm=cmo.getSecurityConfiguration.getDefaultRealm atns = realm.getAuthenticationProviders
for i in atns: if isinstancei,UserReaderMBean:
userReader = i cursor = i.listUsers,0
print Users in realm +realm.getName+ are: while userReader.haveCurrentcursor:
print userReader.getCurrentNamecursor userReader.advancecursor
userReader.closecursor
for i in atns: if isinstancei,GroupReaderMBean:
groupReader = i cursor = i.listGroups,0
print Groups in realm are: while groupReader.haveCurrentcursor:
print groupReader.getCurrentNamecursor groupReader.advancecursor
groupReader.closecursor
6.3.7 Changing a Password