05 May 2011

WLS: Listing Users and their Groups in a Security Realm

Many times I've seen the question about a WLST script for listing groups to which an user belongs.
(This works Oracle Weblogic Server - Version: 9.0 to 10.3.4)


Before running the script you need to set up the environment to your local WebLogic Server by invoking DOMAIN_NAME\bin\setDomainEnv.cmd (setDomainEnv.sh on UNIX), where DOMAIN_NAME is the directory in which you located the domain


You need to modify the line 6, where set the address, port, username and password of your WebLogic Server:

connect('weblogic','welcome1','t3://127.0.0.1:7001')

and run it with the following command line:

java weblogic.WLST groups_of_users.py
Listing groups_of_users.py:
from weblogic.management.security.authentication import UserReaderMBean
from weblogic.management.security.authentication import GroupReaderMBean
from weblogic.management.security.authentication import MemberGroupListerMBean

# connect to WLS with username/password = weblogic/welcome1
connect('weblogic','welcome1','t3://127.0.0.1:7001')

realm=cmo.getSecurityConfiguration().getDefaultRealm()
atns = realm.getAuthenticationProviders()

for i in atns:
  if isinstance(i,UserReaderMBean):
    userReader = i
    cursor = i.listUsers("*",0)
    # print '* Users in realm '+realm.getName()+' are: '
    while userReader.haveCurrent(cursor):
      # print userReader.getCurrentName(cursor)
      user = userReader.getCurrentName(cursor)

# init

      print ''

    # listings groups of user
      # print "Listing the groups of a '" + user +"'"
      atnr=cmo.getSecurityConfiguration().getDefaultRealm().lookupAuthenticationProvider("DefaultAuthenticator")
      # users? = OracleSystemUser, weblogic
      x = atnr.listMemberGroups(user)
      # print x

      # new pointers for better understanding
      groupReader = atnr
      cursor2 = x
      print "* Groups in user '" + user + "' are: "
      while groupReader.haveCurrent(cursor2):
        print groupReader.getCurrentName(cursor2)
        groupReader.advance(cursor2)
      groupReader.close(cursor2)

# end      
      
      userReader.advance(cursor)
    userReader.close(cursor)
  


Then you will get a similar output to:

* Groups in user 'weblogic' are:
Administrators

* Groups in user 'usertest1' are:
AppTesters
Monitors

1 comment :

Anonymous said...

Hi,

Thanks for post. I've been looking for a code like. But i have a one question.

I have 3 provider in my application. For example, DefaultAuthenticator, SQLAuthenticator vb.
So when i run script, return errors.

weblogic.management.utils.NotFoundException: weblogic.management.utils.NotFoundException: [Security:090255]User or Group (groupname (SQLAuthenticator))

can you help me?

My Blog List

Blog Archive

Disclaimer

The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.