Ravish Mody

Today one of our subscribers Sai using comment asked how to list out users which are in default Authenticator only, hence we have just created a script which would do the same and would also show you all the Authenticator’s list of users if you want by just setting one flag as true (show.all.authenticator.userlist) inside your “details.properties” file. This way everyone can get what they want.

As every time we have again used a properties file in which you can give the required details and can get your required output, hence just by giving the details in the details.properties files and you are good to go.

An article written by Jay  WebLogic SQLAuthenticator Demo With FormBased Authentication helped me alot in testing this script, so others can also take the advantage from it.

Steps to get the Users List from Security Realm using WLST

Step1). Create a Directory somewhere in your file system like : “C:WLST_log”

Step2). Write a Properties filedetails.properties inside “C:WLSTUserList” like following:

admin.url=t3://localhost:7001
admin.userName=weblogic
admin.password=weblogic

########## User Name which wants to get listed (where, * = all users name) ################
user.name.wildcard=*

########## Maximum Numbers of List you want to see (where, 0 = all the number of users) ###############
maximum.to.return=0

########## If "true" will show all the Authenticator's Users List, if "false" then would only show Default Authenticators Uers List ################
show.all.authenticator.userlist=false

Step2). Now in the same directory write the following WLST Script “usersList.py” like following:

#############################################################################
#
# @author Copyright (c) 2010 - 2011 by Middleware Magic, All Rights Reserved.
#
#############################################################################

from java.io import FileInputStream
from weblogic.management.security.authentication import UserReaderMBean

propInputStream = FileInputStream("details.properties")
configProps = Properties()
configProps.load(propInputStream)

adminURL=configProps.get("admin.url")
adminUserName=configProps.get("admin.userName")
adminPassword=configProps.get("admin.password")
userNameWildcard=configProps.get("user.name.wildcard")
maximumToReturn=configProps.get("maximum.to.return")
showAllAuthenticatorUserList=configProps.get("show.all.authenticator.userlist")

connect(adminUserName, adminPassword, adminURL)

realmName=cmo.getSecurityConfiguration().getDefaultRealm()
authProvider = realmName.getAuthenticationProviders()

for i in authProvider:
	if isinstance(i,UserReaderMBean):
		userName = i
		authName= i.getName()

		if showAllAuthenticatorUserList == 'true':
			userList = i.listUsers(str(userNameWildcard),int(maximumToReturn))
			print '======================================================================'
			print 'Below are the List of USERS which are in the: "'+authName+'"'
			print '======================================================================'
			num=1
			while userName.haveCurrent(userList):
				print num,'- '+ userName.getCurrentName(userList)
				userName.advance(userList)
				num=num+1
			print '======================================================================'
			userName.close(userList)

		else:
			if authName == 'DefaultAuthenticator':
				userList = i.listUsers(str(userNameWildcard),int(maximumToReturn))
				print '======================================================================'
				print 'Below are the List of USERS which are in the: "'+authName+'"'
				print '======================================================================'
				num=1
				while userName.haveCurrent(userList):
					print num,'- '+ userName.getCurrentName(userList)
					userName.advance(userList)
					num=num+1
				print '======================================================================'
				userName.close(userList)

Step3). Now Open a Command/Shell Prompt and then run the “setWLSEnv.sh” script to set the CLASSPATH and PATH environment variables. Run the “. ./setWLSEnv.sh” by adding two DOTs separated by a single space …..before the actual script like following : (use ‘cd’ command to move inside the <BEA_HOME>/wlserver_10.3/server/bin) then run the following command….
. ./setWLSEnv.sh

Note: Here The first DOT represents that set the Environment in the current Shell, AND the second ./ represents execute the script from the current directory.

Step4). Run the Above WLST Script like following:

java weblogic.WLST usersList.py

Following would be the Output when

show.all.authenticator.userlist=true

java weblogic.WLST usersList.py

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Connecting to t3://localhost:7001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'Domain_7001'.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

======================================================================
Below are the List of USERS which are in the: "DefaultAuthenticator"
======================================================================
1 - weblogic
2 - TestUserOne
3 - TestUserTwo
4 - TestUserThree
5 - TestUserFour
6 - TestUserFive
======================================================================
======================================================================
Below are the List of USERS which are in the: "RavishAuth"
======================================================================
1 - DB-weblogic-1
2 - DB-weblogic-2
3 - DB-weblogic-3
4 - weblogic
======================================================================

Following would be the Output when

show.all.authenticator.userlist= false

java weblogic.WLST usersList.py

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Connecting to t3://localhost:7001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'Domain_7001'.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

======================================================================
Below are the List of USERS which are in the: "DefaultAuthenticator"
======================================================================
1 - weblogic
2 - TestUserOne
3 - TestUserTwo
4 - TestUserThree
5 - TestUserFour
6 - TestUserFive
======================================================================

Regards,
Ravish Mody

If you enjoyed this post, please considerleaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.