Creating Global Roles in 9.1 using WLST

Hi,
Did anyone try creating Global Roles in Weblogic 9.1 ?
Since in Weblogic 9.1, the Authorizer and Role Mapper providers are XACML based, I am not sure if we can use WLST offline to create global roles.
Can someone please shed some light on this.
Thanks -agreddy

As far as i know you could never create roles via WLST offline, only via WLST online.
Thanks,
-satya
BEA Blog: http://dev2dev.bea.com/blog/sghattu/

Similar Messages

WLST 92 - How to Create Global Role and Role Condition?

I'm currently using WLS 9.2 and trying to use WLST to create a global role and defining a role condition. Anyone know how to do so using WLST for WLS 9.2?
Trying to:
- create Global Role, testRole
- create condition where 'username = testuser'
thanks!

Did you find out a solution for this?

Help creating project specific ALSB Customization file using WLST

I asked this question in August in another forum and was redirected here, but never followed up. I'm hopeful someone has done this...
Is it possible to create an ALSB CUstomization file for a single project using WLST?
If so, does anyone have an example they would be wiling to share. I've been beating my head against the wall for almost 2 days (well, months now...) , and I'm REALLy starting to get a headache from it now....
We're running WLS 9.2 MP2 and ALSB 2.6 RP1
Any help is greatly appreciated,
Brian

Brian, OSB specific questions are best directed in the SOA Suite forum:
SOA Suite
It looks like there is an ALSBConfigurationMBean with a customize method, but I have not worked with it and it does not sound like that will give you precisely what you want:
http://edocs.bea.com/alsb/docs261/javadoc/com/bea/wli/sb/management/configuration/ALSBConfigurationMBean.html#customize(java.util.List)

Create a ALSB 3.0 domain using WLST

Hi,
I have created a ALSB domain using config.sh and then I used the following script to create the template
# create doman template
readDomain('/usr/local/bea/user_projects/domains/z2esbadmin')
writeTemplate('/home/was/work/wlst/z2esbadminTemplate.jar')
exit()
The template jar file is created successfully without any warning/error
When I tried to create the domain using the template with the following comand:
createDomain('z2esbadminTemplate.jar','/home/was/work/user_projects/domains/z2esb', 'weblogic', 'weblogic')
exit()
I got the following error message:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Error: create() failed. Do dumpStack() to see details.
Problem invoking WLST - Traceback (innermost last):
File "/home/mcas/weblogic/wlst/createEsbDomain.py", line 1, in ?
File "/tmp/WLSTOfflineIni25221.py", line 96, in createDomain
com.bea.plateng.domain.script.jython.WLSTException: com.bea.plateng.domain.script.ScriptException: com.bea.plateng.domain.ValidateException: Property "User name" of User with original name "" is invalid. The property value is duplicated.
at com.bea.plateng.domain.script.jython.CommandExceptionHandler.handleException(CommandExceptionHandler.java:51)
at com.bea.plateng.domain.script.jython.WLScriptContext.handleException(WLScriptContext.java:1468)
at com.bea.plateng.domain.script.jython.WLScriptContext.create(WLScriptContext.java:672)
at com.bea.plateng.domain.script.jython.WLScriptContext.createDomain(WLScriptContext.java:507)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:160)
at org.python.core.PyMethod.__call__(PyMethod.java:96)
at org.python.core.PyObject.__call__(PyObject.java:248)
at org.python.core.PyObject.invoke(PyObject.java:2016)
at org.python.pycode._pyx5.createDomain$21(/tmp/WLSTOfflineIni25221.py:96)
at org.python.pycode._pyx5.call_function(/tmp/WLSTOfflineIni25221.py)
at org.python.core.PyTableCode.call(PyTableCode.java:208)
at org.python.core.PyTableCode.call(PyTableCode.java:404)
at org.python.core.PyFunction.__call__(PyFunction.java:184)
at org.python.core.PyObject.__call__(PyObject.java:314)
at org.python.pycode._pyx18.f$0(/home/mcas/weblogic/wlst/createEsbDomain.py:1)
at org.python.pycode._pyx18.call_function(/home/mcas/weblogic/wlst/createEsbDomain.py)
at org.python.core.PyTableCode.call(PyTableCode.java:208)
at org.python.core.PyCode.call(PyCode.java:14)
at org.python.core.Py.runCode(Py.java:1135)
at org.python.util.PythonInterpreter.execfile(PythonInterpreter.java:167)
at weblogic.management.scripting.WLST.main(WLST.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at weblogic.WLST.main(WLST.java:29)
Caused by: com.bea.plateng.domain.script.ScriptException: com.bea.plateng.domain.ValidateException: Property "User name" of User with original name "" is invalid. The property value is duplicated.
at com.bea.plateng.domain.script.ScriptExecutor.create(ScriptExecutor.java:897)
at com.bea.plateng.domain.script.jython.ScriptProxyFactory.deepCreateProxy4SecurityType(ScriptProxyFactory.java:135)
at com.bea.plateng.domain.script.jython.WLScriptContext.create(WLScriptContext.java:646)
... 27 more
Caused by: com.bea.plateng.domain.ValidateException: Property "User name" of User with original name "" is invalid. The property value is duplicated.
at com.bea.plateng.domain.aspect.XBeanConfigAspect.selfValidate(XBeanConfigAspect.java:630)
at com.bea.plateng.domain.aspect.AbstractConfigAspect.validate(AbstractConfigAspect.java:1130)
at com.bea.plateng.domain.aspect.AbstractConfigAspect.selfSetValue(AbstractConfigAspect.java:1615)
at com.bea.plateng.domain.aspect.AbstractConfigAspect.setValueInternal(AbstractConfigAspect.java:1574)
at com.bea.plateng.domain.aspect.AbstractConfigAspect.setValue(AbstractConfigAspect.java:748)
at com.bea.plateng.domain.aspect.AbstractConfigAspect.setValue(AbstractConfigAspect.java:757)
at com.bea.plateng.domain.aspect.FilteredConfigAspect.setValue(FilteredConfigAspect.java:431)
at com.bea.plateng.domain.operation.HTableEditOperation.createSimpleConfigAspects(HTableEditOperation.java:265)
at com.bea.plateng.domain.operation.HTableEditOperation.createSimpleConfigAspects(HTableEditOperation.java:221)
at com.bea.plateng.domain.script.ScriptExecutor.create(ScriptExecutor.java:873)
... 29 more
Caused by: java.beans.PropertyVetoException: The property value is duplicated.
at com.bea.plateng.domain.event.aspect.UniqueValueValidateListener.valueChanged(UniqueValueValidateListener.java:127)
at com.bea.plateng.domain.event.aspect.ConfigAspectValueListener.vetoableChange(ConfigAspectValueListener.java:138)
at com.bea.plateng.common.comdev.MVetoableChangeSupport.fireVetoableChange(MVetoableChangeSupport.java:189)
at com.bea.plateng.common.comdev.MVetoableChangeSupport.fireVetoableChange(MVetoableChangeSupport.java:156)
at com.bea.plateng.common.comdev.MVetoableChangeSupport.fireVetoableChange(MVetoableChangeSupport.java:139)
at com.bea.plateng.domain.aspect.XBeanConfigAspect.selfValidate(XBeanConfigAspect.java:620)
... 38 more
com.bea.plateng.domain.script.jython.WLSTException: com.bea.plateng.domain.script.jython.WLSTException: com.bea.plateng.domain.script.ScriptException: com.bea.plateng.domain.ValidateException: Property "User name" of User with original name "" is invalid. The property value is duplicated.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
I did exactly the same thing for a normal weblogic domain (not alsb) and it works fine. Do I have to do something different for creating ALSB 3.0 domain?
Thanks,
Nathan

Well, we've had exactly the same issues.
From our experience even the most trivial tasks involving ALSB/OSB, WLST and Templates fail. Not just a single error, but every time we've tried something different to work around an issue we came across the script blew up with yet another error. After a couple of painful days we came to the conclusion that at least with WL10/ALSB3 templates and scripting are just too premature and too buggy to be of any use.
And at least from the ALSB Release Notes and Metalink it doesn't look like these issues have been addressed with subsequent releases.
We've resorted to creating the domain from scratch instead of using templates of our own domains created with the config wizard.
Cheers,
Jan

How to create a JMS persistent file store using WLST in WLS 9.0?

Anybody have a good example of this? When I try to create a fileStore and set it on my jms server I am getting the following error: "TypeError: setPersistentStore(): 1st arg can't be coerced to weblogic.management.configuration.PersistentStoreMBean'
Thanks :)

Hi,
First Create Persistent Store ( FileStore / JDBCStore).
File Store Creation is as follows:
Store = create("PStore","FileStore")
Set it's File Directory and Targets.
then Create JMS Server and set its Persistent Store as File Store. Set JMS Server Target.

OSB - Creating SLA Alerts using WLST

Hi,
I'd like to create SLA Alerts on proxy services using WLST rather than via the service bus console.
The MBean described at:
http://download.oracle.com/docs/cd/E13159_01/osb/docs10gr3/javadoc/com/bea/wli/sb/management/configuration/ProxyServiceConfigurationMBean.html
only seem to allow enabling or disabling SLA alerts not creating them.
Can anyone point me in the right direction?
Thanks
Nick

Please refer -
http://blogs.oracle.com/MarkSmith/entry/osb_alerts_purging_is_essentia
From the blog -
The components that make up WLDF will be targeted to a single managed server in a clustered environment or to the Admin server in a single server environment. To establish what managed server this is, check to see where the WLI Aggregator application is targeted to. The WLDF data will be stored under this single managed server in the following location: //domain_name/servers/server_name/data/store/diagnostics/Check that on which server WLI Aggregator application is targeted and connect to that server from your script.
Regards,
Anuj

Setting global roles via command line

I have lots of global roles defined. today I use the admin console to create them
leaving room for typo errors, missing one or more roles. Is there a way to use
a command line tool to accomplish this just like I can set the autheticator provider
parameters ?
please help
premS

"Satya Ghattu" <[email protected]> wrote in message
news:[email protected]..
Cross posting to security newsgroup.
premS wrote:
I have lots of global roles defined. today I use the admin console to
create them
leaving room for typo errors, missing one or more roles. Is there a wayto use
a command line tool to accomplish this just like I can set theautheticator provider
parameters ?
Unfortunately, the expression language is not public so that makes it
difficult. There have
been a fair amount of requests for this functionality. We will probably look
to do something
with XACML in the long term.

Automatic Generation of JMS event generator using WLST script

is there any way to create and deploy JMS event generator using WLST script. i am using weblogic server 10.3.1

You could see this informantion here:
http://docs.oracle.com/cd/E14981_01/wli/docs1031/deploy/cluster.html#wp1519038

How to create database roles ?

Hi ,
i am trying to create database roles,
what is the best way to do that ?
I want to be able to create the following database roles on my local machine:
CSDExec
CSDAdmin
TCFBurOps
TCFAreaLieutenants
TCFCourtSupervisors
More to this problem, each role will be accessing an X number of tables , not all.
Also, I will be creating the same roles on the Dev Box at the client site.
What is the best way to do it in ?
Should I use a procedure, package, etc.
Please help me with examples:
This is my first time creating database roles.
I am using SQL Developer
thanks,

Hi,
For things like that, I use SQL*Plus scripts, containing the CREATE ROLE and GRANT commands.
Often, in the Development database, I build these scripts a little at a time, commenting out commands after I've done them. Then, when I'm ready to make the changes in the Test and Production databases, I remove the comments.
For example, on Monday I may create a role and grant some privileges, so I write and run a script like this:
CREATE ROLE     firbolig_user;
GRANT SELECT      ON table_x      TO firbolig_user;
GRANT EXECUTE      ON pkg_a      TO firbolig_user;On Tuesday, I create another table, and schange the script to this:
/*     ***** This section has already been done in Development *****
CREATE ROLE     firbolig_user;
GRANT SELECT      ON table_x      TO firbolig_user;
GRANT EXECUTE      ON pkg_a      TO firbolig_user;
GRANT SELECT      ON table_y      TO firbolig_user;and run it.
On Wednesday, I decide I need another role, so I change the script to this:
/*     ***** This section has already been done in Development *****
CREATE ROLE     firbolig_user;
GRANT SELECT      ON table_x      TO firbolig_user;
GRANT SELECT      ON table_y      TO firbolig_user;
GRANT EXECUTE      ON pkg_a      TO firbolig_user;
CREATE ROLE     firbolig_admin;
GRANT          firbolig_user     TO firbolig_admin;
GRANT SELECT, INSERT, UPDATE, DELETE
          ON table_x     TO firbolig_admin;
GRANT SELECT     ON table_z     TO firbolig_admin;
GRANT SELECT     ON x_seq     TO firbolig_admin;and run it.
I continue like that through the development process.
Then, when I'm ready to move to the Test database, I remove the comment lines and run the entire script in Test.

Creating a Global Role using weblogic.Admin command

Hi,
Does anyone have an example of creating a global role using the weblogic.Admin commands? I think I have to use the INVOKE command with the DefaultRoleMapper and createRole method, but I'm not quite sure what the rest of the syntax is.
Thanks,
Gabriel

Gabriel,
The following works for me:
weblogic.Admin -url t3://localhost:80 -username weblogic -password weblogic INVOKE -mbean "Security:Name=myrealmDefaultRoleMapper" -method createRole "" "MyGlobalRole" "Grp(Administrators)" ""
The null first parameter identifies this role as a global role.
The second param is the name of the role.
The third parameter is the policy expression. Here, I've mapped the role to the Administrators group. You can also map it to users or a combo of the two. For example, to map it to the "weblogic" user, use "Usr(weblogic)" as the policy expression. If you leave this parameter empty, the role will be created but will not be mapped to anything.
I'm not sure what the fourth parameter is for. It's not defined in the RoleEditorMBean docs but not including it causes an error. I suspect it's a description field because WLS does not seem to care what you put there.
HTH,
Mike

How to create a global role with WLST in WL 10

Hi All:
The approach in the protect_resources.py found in dev2dev, doesn't work. I've managed to convert the user and group creation to work with WL 10, but I can't for the life of me figure out how to create the role. There doesn't seem to be a createRole() on what I would think are the appropriate MBeans in poking around.
Anyone know how to do this, or will I have to come up with a screen scraping solution that does this via the weblogic console, where it's so easy to do so?
TIA
Forrest

Not having X's programing background I think of an action reference as something that tells Photoshop what to do. And yes it is like a little action that you write instead of record. For example the code that I and X posted could also be written like this
var ref = new ActionReference();
ref.putProperty( charIDToTypeID( "Prpr" ), stringIDToTypeID('tool') );// what key to get
ref.putEnumerated( charIDToTypeID("capp"), charIDToTypeID("Ordn"), charIDToTypeID("Trgt") );// where to get it from
var cTool = executeActionGet(ref);// in this case returns a one key descriptor
var cToolTypeID = cTool.getEnumerationType( stringIDToTypeID('tool') );// get the value of that key
alert( typeIDToStringID( cToolTypeID ) );// make that value readable
Most of the ordinals you will see will be target as Photoshop likes whatever you are working on to be active. You sometimes see next or previous. I can't recall seeing a 'normal ordinal' like first or second.
There is not much in the way of documentation. Most of what I know comes from looking at the scriptlistner log, xtools and X himself, and a little bit of code I put together for exploring action descriptors and action list. It's not as nice as X's getterdemo but works more the way I think. It sends it's output to the ESTK console window
var ref = new ActionReference();
ref.putEnumerated( charIDToTypeID("Lyr "), charIDToTypeID("Ordn"), charIDToTypeID("Trgt") );
var desc = executeActionGet(ref)
var c = desc.count ;
//for(var i=0;i<c;i++){ // to enumerate list
// $.writeln('Key '+i+' = '+desc.getType(i))
for(var i=0;i<c;i++){ //enumerate descriptor's keys
$.writeln('Key '+i+' = '+typeIDToStringID(desc.getKey(i))+': '+desc.getType(desc.getKey(i)))

How to create global Contact list using OSX Server Contacts Service?

My goal is to create a global contact list for the use of my department at work. We currently have 5 MBP's and a Mac Mini Server running OSX Server.
I have read so many forum posts and so called "solutions" that my head is completly spinning... like a record... right round... you get the idea.
I talked with Apple Support, and they are going to walk me through the process of changing our network from "local" to a legitimate internet network. Enabling DNS and setting up open directory are some of the steps, and all in all i was impressed with the support i received. We did a complete walkthough of all the steps it would take to change everything, without actually making any changes (because I could not shut down the company server at the time I called).
All that being said, I have been reading that actually creating and sharing a global contact list (and enabling specific user access for read/write for said list) is not as simple as Apple is telling me. I have read so many horror stories about not being able to edit the list, having duplicate lists and entries, and many other problems. It seems that this "Contact Service" is not really what its billed as.
Im just looking for someone who has this already setup to shine some light on my questions/concerns. I have scoured the internet for information, and either i'm looking in the wrong place or I just happen to have the WORST possible combination of OS X versions, server versions and so on. I would expect a company who charges such high prices for its products to design them to ACTUALLY WORK how they are advertised to work!
Thanks in advance and a thousand kudos to anybody that can help!!!
-John

That sounds like one viable option...
The only problem is that I'm not sure how that would behave once the client MBP's are taken off site and connect to the network over a VPN or something of that sort.
I figure since we have purchased the Server App and it contains the Contacts Service, I should try and get it to work that way (through that specific service on the server app).
I would really prefer to not have to install yet another piece of software just to do something that should already work (or have the ability to be configured to work). None of us here are "Power Users", and we are all learning as we go and I got the role of the "IT Guy" when it comes to setting everything up. I'm dealing with lifetime Windows users here, and I feel there is a need to keep everything literally as easy as possible to use.
I will keep your solution in the front of my mind though, as it sounds like that may work. I am not exactly 100% familiar with the OSX Server or the Mac OS yet, and I'm not positive where you would add the users (I couldn't just sit down and do what you suggested, i unfortunately would need a step by step solution so I don't fuss up our entire system).
If you feel like giving a step by step, that would be awesome just for future reference or for anyone else having similar problems. If not, I don't blame you at all.
Thanks for your reply, and if I find a clear-cut solution I will post it here!
Thanks,
J_Semp

How to create Users/Roles for ldap in weblogic without using admin console

Is it possible to create Users/Roles for ldap in weblogic without using admin console? if possible what are the files i need to modify in DefaultDomain?
or is there any ant script for creating USers/Roles?
Regards,
Raghu.
Edited by: user9942600 on Jul 2, 2009 1:00 AM
Edited by: user9942600 on Jul 2, 2009 1:58 AM

Hi..
You can use wlst or jmx to perform all security config etc.. same as if it were perfomred from the admin console..
.e.g. wlst create user
..after connecting to admin server
serverConfig()
cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator")
cmo.createUser("userName","Password","UserDesc")
..for adding/configuring a role
cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/RoleMappers/XACMLRoleMapper")
cmo.createRole('','roleName', 'userName')
...see the mbean docs for all the different attributes, operations etc..
..Mark.

Create a Generic Data Source and deploy a webservice on a domain using WLST

Hello for everyone,
I usually create generic data sources and deploy webservices on a wls domain by using the Administrator Console. I wonder if you can pass me a script sample to do this task by using WSLT. On the other hand, if you can pass me a "quick start" guide about WLST, this would be very helpful.
Additionally, may I be able to create groups, application roles and users to a domain by using WLST?
Thanks for your help.

You can use standard infoobjects as well..
You can create a view on those R/3 tables and use this view for creating a generic datsource in RSO2 transaction..
Check the below pdf for delta in generic datasources
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/84bf4d68-0601-0010-13b5-b062adbb3e33

How to create an RDBMS event generator using wlst on weblogic 10.3

how to create an RDBMS event generator using wlst on weblogic 10.3, i got a code fragment needing class "com.bea.wli.management.configuration.RDBMSEventGenChannelConfiguration"
but i can' t find this class in classpath on weblogic 10.3, pls help me, thanks. code sample is better.

Hi,
RDBMS Event Generator Channel Rule Definition
When you are creating channel rule definitions in the WebLogic Integration Administration Console, it is recommended that you do not use the Back button if you want to resubmit the details on a page.
You should always use the navigation links provided and create a new channel rule definition.
http://download.oracle.com/docs/cd/E13214_01/wli/docs85/deploy/cluster.html
http://download.oracle.com/docs/cd/E13214_01/wli/docs81/relnotes/relnotesLimit.html
http://otndnld.oracle.co.jp/document/products/owli/docs10gr3/pdf/deploy.pdf
This problem has been seen in the past when defining the channel rule for an RDBMS Event Generator if schema name was specified with the incorrect case (i.e. lowercase when it should have been uppercase or vice versa). To that end, it is suggested to change the case of the schema when creating the channel rule
Regards,
Kal

Creating Global Roles in 9.1 using WLST

Similar Messages

Maybe you are looking for