05 May 2011

WLS: Listing Users and their Groups in a Security Realm

Many times I've seen the question about a WLST script for listing groups to which an user belongs.
(This works Oracle Weblogic Server - Version: 9.0 to 10.3.4)


Before running the script you need to set up the environment to your local WebLogic Server by invoking DOMAIN_NAME\bin\setDomainEnv.cmd (setDomainEnv.sh on UNIX), where DOMAIN_NAME is the directory in which you located the domain


You need to modify the line 6, where set the address, port, username and password of your WebLogic Server:

connect('weblogic','welcome1','t3://127.0.0.1:7001')

and run it with the following command line:

java weblogic.WLST groups_of_users.py
Listing groups_of_users.py:
from weblogic.management.security.authentication import UserReaderMBean
from weblogic.management.security.authentication import GroupReaderMBean
from weblogic.management.security.authentication import MemberGroupListerMBean

# connect to WLS with username/password = weblogic/welcome1
connect('weblogic','welcome1','t3://127.0.0.1:7001')

realm=cmo.getSecurityConfiguration().getDefaultRealm()
atns = realm.getAuthenticationProviders()

for i in atns:
  if isinstance(i,UserReaderMBean):
    userReader = i
    cursor = i.listUsers("*",0)
    # print '* Users in realm '+realm.getName()+' are: '
    while userReader.haveCurrent(cursor):
      # print userReader.getCurrentName(cursor)
      user = userReader.getCurrentName(cursor)

# init

      print ''

    # listings groups of user
      # print "Listing the groups of a '" + user +"'"
      atnr=cmo.getSecurityConfiguration().getDefaultRealm().lookupAuthenticationProvider("DefaultAuthenticator")
      # users? = OracleSystemUser, weblogic
      x = atnr.listMemberGroups(user)
      # print x

      # new pointers for better understanding
      groupReader = atnr
      cursor2 = x
      print "* Groups in user '" + user + "' are: "
      while groupReader.haveCurrent(cursor2):
        print groupReader.getCurrentName(cursor2)
        groupReader.advance(cursor2)
      groupReader.close(cursor2)

# end      
      
      userReader.advance(cursor)
    userReader.close(cursor)
  


Then you will get a similar output to:

* Groups in user 'weblogic' are:
Administrators

* Groups in user 'usertest1' are:
AppTesters
Monitors

My Blog List

Blog Archive

There was an error in this gadget

Disclaimer

The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.