Wednesday, October 26, 2011

Oracle SOA Suite – Creating Weblogic users and assign SOA and weblogic roles through WLST


Oracle SOA Suite – Creating Weblogic users and assign SOA and weblogic roles through WLST:

WLST script can be use to create the required users in Weblogic and to assign the required SOA and weblogic roles to the user.
Here we will use the property file to configure the user details,the WLST script will create the users in the server based on the property file.
Weblogic roles control the access permission of weblogic server and the SOA roles control the access permission of the EM console.
Just edit the UserManagement.properties with the users and group details.

UserManagement_SOADomain.properties


admin.url=t3://xxxxxxxx:8000
admin.userName=weblogic
admin.password=xxxxxxx
total.username=7
#
create.user.name.1=adminuser
create.user.password.1=Test1234
create.user.description.1= This is a Backup Administrator User
#Comma seperated roles
create.user.groups.1=Administrators
create.user.soarole.1=SOAAdmin,SOADesigner

create.user.name.2=soaadminuser
create.user.password.2=Test1234
create.user.description.2= This is a SOA ADMIN User Two
#Comma seperated roles
create.user.groups.2=Deployers,Operators,Monitors,IntegrationDeployers
create.user.soarole.2=SOAAdmin

create.user.name.3=nfttestuser
create.user.password.3=Test1234
create.user.description.3= This is a Test User Three
#Comma seperated roles
create.user.groups.3=Monitors,IntegrationMonitors
create.user.soarole.3=SOAMonitor,SOAAuditViewer

create.user.name.4=devtestuser
create.user.password.4=Test1234
create.user.description.4= This is a DEV User Three
#Comma seperated roles
create.user.groups.4=Deployers,IntegrationDeployers,IntegrationMonitors,Monitors,Operators
create.user.soarole.4=SOADesigner,SOAMonitor

WLST Script:

The below WLST code snippet will create the required users and assign the corresponding roles to the user.

UserManagement_SOADomain.py

from java.io import FileInputStream
from java.util import *
from javax.management import *

domainName=raw_input('Please enter the weblogic domain name for the user creation: ')
print 'domainName:',domainName

propInputStream = FileInputStream("UserManagement_"+domainName+".properties")
configProps = Properties()
configProps.load(propInputStream)

adminURL=configProps.get("admin.url")
adminUserName=configProps.get("admin.userName")
adminPassword=configProps.get("admin.password")
realmName=configProps.get("security.realmName")
totalUsers_to_Create=configProps.get("total.username")

connect(adminUserName, adminPassword, adminURL)
serverConfig()
authenticatorPath= '/SecurityConfiguration/' + domainName + '/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator'
print authenticatorPath

cd(authenticatorPath)

print 'Creating Users . . .'

x=1
while (x <= int(totalUsers_to_Create)):
userName = configProps.get("create.user.name."+ str(x))
userPassword = configProps.get("create.user.password."+ str(x))
userDescription = configProps.get("create.user.description."+ str(x))
try:
cmo.createUser(userName , userPassword , userDescription)
print '-----------User Created With Name : ' , userName
except Exception, e:
print e
x = x + 1

print ' '
print ' '

print 'Adding Group Membership of the Users:'
y=1
while (y <= int(totalUsers_to_Create)):
grpNames = configProps.get("create.user.groups."+ str(y)).split(",")
userName = configProps.get("create.user.name."+ str(y))
for grpName in grpNames:
if grpName=='':
print ''
else:
cmo.addMemberToGroup(grpName,userName)
print 'USER:' , userName , 'Added to GROUP: ' , grpName

y=y+1

print 'Adding SOA Roles Membership of the Users:'
y=1
while (y <= int(totalUsers_to_Create)):
roleNames = configProps.get("create.user.soarole."+ str(y)).split(",")
userName = configProps.get("create.user.name."+ str(y))
for roleName in roleNames:
if roleName=='':
print ''
else:
grantAppRole(appStripe="soa-infra", appRoleName=roleName,principalClass="weblogic.security.principal.WLSUserImpl", principalName=userName)
print 'USER:' , userName , 'Added the Role: ' , roleName
y=y+1

Execute the WLST script that will create the required users and assign the corresponding roles.
>$ORACLE_HOME/common/bin/wlst.sh UserManagement_SOADomain.py

Download: UserManagement_SOADomain.properties  UserManagement_SOADomain.py

4 comments:

  1. Thanks Mate! Great post

    ReplyDelete
  2. Hi Albin,

    Thanks for the great blog. I am trying to add users to my soa-infra approle using the same steps. But every time I get 'NameError: grantAppRole' exception. Can you please help me, I would be realy very very greatful..

    Regards,
    Riya.

    ReplyDelete
    Replies
    1. make sure you are executing the WLST script by using ORACLE_HOME(SOA_HOME)/common/bin/wlst.sh

      Regards
      Albin I

      Delete
    2. Hi Albin

      Even I am getting the same error and I am executing it from Oracle_SOA home only, but stillgetting same error
      please let me know how to resolve it

      javax.management.MBeanException: javax.management.MBeanException: Cannot add principal to application role.

      Delete