Hi,

Jay SenSharma

Jay SenSharma

Here is a Simple example of changing the UserLockoutDuration using JMX code. This sample uses New style of MBeans so u can use this JMX code for Any WerbLogic Version from WLS9.x onwards.  Thanks to Mr. Alecomputacao for giving me an idea for write this very useful JMX code. http://middlewaremagic.com/weblogic/?p=2778#comment-1829

This JMX code illustrates that if we want to make any configuration related changes then first of all we need to get the “EditServiceMBean” object reference first of all.  This is must because from WLS9.x onwards we have Change Management Feature added as part of WebLogic Server .. It means until you dont press the “Lock & Edit” Button on the AdminConsole you cannot make any changes.

Step1). Please create a directory somewhere in your filesystem like :  “C:UserLockout”

Step2). Write the following JMX Code inside the above directory “UserLockoutTest .java”


import java.io.IOException;
import java.net.MalformedURLException;
import java.util.Hashtable;
import javax.management.Attribute;
import javax.management.MBeanServerConnection;
import javax.management.MalformedObjectNameException;
import javax.management.ObjectName;
import javax.management.remote.JMXConnector;
import javax.management.remote.JMXConnectorFactory;
import javax.management.remote.JMXServiceURL;
import javax.naming.Context;
import weblogic.management.configuration.DomainMBean;
import weblogic.management.configuration.SecurityConfigurationMBean;
import weblogic.management.runtime.RealmRuntimeMBean;
import weblogic.management.security.RealmMBean;
import weblogic.management.security.authentication.AuthenticationProviderMBean;
import weblogic.management.security.authentication.UserLockoutManagerMBean;
import weblogic.management.security.authentication.UserPasswordEditorMBean;
import weblogic.security.UserLockoutManagerRuntime;
import weblogic.security.acl.internal.DefaultRealmImpl;
import weblogic.security.providers.authentication.DefaultAuthenticatorMBean;
public class UserLockoutTest {
private static MBeanServerConnection connection;
private static JMXConnector connector;
private static final ObjectName service;
static
{
try {
service = new ObjectName("com.bea:Name=EditService,Type=weblogic.management.mbeanservers.edit.EditServiceMBean");
}
catch (MalformedObjectNameException e)
{
throw new AssertionError(e.getMessage());
}
}
public static void initConnection(String hostname, String portString, String username, String password) throws IOException,MalformedURLException
{
String protocol = "t3";
Integer portInteger = Integer.valueOf(portString);
int port = portInteger.intValue();
String jndiroot = "/jndi/";
String mserver = "weblogic.management.mbeanservers.edit";
JMXServiceURL serviceURL = new JMXServiceURL(protocol, hostname, port,jndiroot + mserver);
Hashtable h = new Hashtable();
h.put(Context.SECURITY_PRINCIPAL, username);
h.put(Context.SECURITY_CREDENTIALS, password);
h.put(JMXConnectorFactory.PROTOCOL_PROVIDER_PACKAGES,"weblogic.management.remote");
connector = JMXConnectorFactory.connect(serviceURL, h);
connection = connector.getMBeanServerConnection();
}
public ObjectName startEditSession() throws Exception
{
ObjectName cfgMgr = (ObjectName) connection.getAttribute(service,"ConfigurationManager");
ObjectName domainConfigRoot = (ObjectName)
connection.invoke(cfgMgr,"startEdit", new Object[] { new Integer(60000),new Integer(120000) }, new String[] { "java.lang.Integer","java.lang.Integer" });
if (domainConfigRoot == null)
{
throw new Exception("Somebody else is editing already");
}
return domainConfigRoot;
}
public void editUserLockoutDuration(ObjectName cfgRoot,Integer duration) throws Exception
{
Attribute newDuration = new Attribute("LockoutDuration", duration);
connection.setAttribute(cfgRoot, newDuration);
System.out.println("Changed the UserLockoutDuration to " +duration);
}
public ObjectName activate() throws Exception
{
ObjectName cfgMgr = (ObjectName) connection.getAttribute(service,"ConfigurationManager");
ObjectName task = (ObjectName) connection.invoke(cfgMgr, "activate",new Object[] { new Long(120000) }, new String[] { "java.lang.Long" });
return task;
}
public static void main(String[] args) throws Exception
{
String hostname = args[0];
String portString = args[1];
String username = args[2];
String password = args[3];
UserLockoutTest ewb = new UserLockoutTest();
System.out.println("--------------1");
initConnection(hostname, portString, username, password);
System.out.println("--------------2");
ObjectName cfgMgr = (ObjectName) connection.getAttribute(service,"ConfigurationManager");
System.out.println("--------------3");
ObjectName cfgRoot = ewb.startEditSession();
System.out.println("--------------4");
Integer duration=new Integer("2222");
ewb.editUserLockoutDuration(new ObjectName("Security:Name=myrealmUserLockoutManager"),duration);
System.out.println("--------------5");
connection.invoke(cfgMgr, "save", null, null);
System.out.println("--------------6");
ewb.activate();
connector.close();
}
}

Step3). start the WebLogic Server and check the LockOutDuration  what u see in the AdminConsole.

Home > Summary of Security Realms > myrealm > Configuration > UserLockput (Page)

Step4). Now open a command prompt and then run the “setWLSEnv.cmd” script to set the Environment like “CLASSPATH” and “PATH” in your command prtompt.

Step5). run the Above program like following:

UserLockout_JMX_Code

UserLockout_JMX_Code

Step6). Again login to AdminConsole and then Double check that the UserLockout  Duration is changed or not?

UserLocaout_Changes_AdminConsole

UserLocaout_Changes_AdminConsole

NOTE: UserLockoutDuration change is not a Dynamic Change so you will have to restart your Server sothat the changes will take effect….Because as soon as u make the changes you will see the following Message in the Server STDOUT:


<Aug 28, 2010 6:02:11 PM IST> <Warning> <Management> <BEA-141239> <The non-dynamic attribute LockoutDuration on weblogic.management.security.authentication.UserLockoutManagerMBeanImpl@860bb40f ([7001_EJB_Domain]/SecurityConfiguration[7001_EJB_Domain]/Realms[myrealm]/ UserLockoutManager[UserLockoutManager]) has been changed. This may require redeploying or rebooting configured entities>

<Aug 28, 2010 6:02:11 PM IST> <Warning> <Management> <BEA-141238> <A non-dynamic change has been made which affects the server AdminServer. This server must be rebooted in order to consume this change.>

.

.

Thanks

Jay SenSharma

If you enjoyed this post, please considerleaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.