05 May 2011

WLS: Listing Users and their Groups in a Security Realm

Many times I've seen the question about a WLST script for listing groups to which an user belongs.
(This works Oracle Weblogic Server - Version: 9.0 to 10.3.4)


Before running the script you need to set up the environment to your local WebLogic Server by invoking DOMAIN_NAME\bin\setDomainEnv.cmd (setDomainEnv.sh on UNIX), where DOMAIN_NAME is the directory in which you located the domain


You need to modify the line 6, where set the address, port, username and password of your WebLogic Server:

connect('weblogic','welcome1','t3://127.0.0.1:7001')

and run it with the following command line:

java weblogic.WLST groups_of_users.py
Listing groups_of_users.py:
from weblogic.management.security.authentication import UserReaderMBean
from weblogic.management.security.authentication import GroupReaderMBean
from weblogic.management.security.authentication import MemberGroupListerMBean

# connect to WLS with username/password = weblogic/welcome1
connect('weblogic','welcome1','t3://127.0.0.1:7001')

realm=cmo.getSecurityConfiguration().getDefaultRealm()
atns = realm.getAuthenticationProviders()

for i in atns:
  if isinstance(i,UserReaderMBean):
    userReader = i
    cursor = i.listUsers("*",0)
    # print '* Users in realm '+realm.getName()+' are: '
    while userReader.haveCurrent(cursor):
      # print userReader.getCurrentName(cursor)
      user = userReader.getCurrentName(cursor)

# init

      print ''

    # listings groups of user
      # print "Listing the groups of a '" + user +"'"
      atnr=cmo.getSecurityConfiguration().getDefaultRealm().lookupAuthenticationProvider("DefaultAuthenticator")
      # users? = OracleSystemUser, weblogic
      x = atnr.listMemberGroups(user)
      # print x

      # new pointers for better understanding
      groupReader = atnr
      cursor2 = x
      print "* Groups in user '" + user + "' are: "
      while groupReader.haveCurrent(cursor2):
        print groupReader.getCurrentName(cursor2)
        groupReader.advance(cursor2)
      groupReader.close(cursor2)

# end      
      
      userReader.advance(cursor)
    userReader.close(cursor)
  


Then you will get a similar output to:

* Groups in user 'weblogic' are:
Administrators

* Groups in user 'usertest1' are:
AppTesters
Monitors

Blog Archive

Disclaimer

The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.