Tag: Security

Creating Users And Groups Using WLST NonStop

Hi,

Jay SenSharma

Jay SenSharma

For Deleting Users And Groups Using WLST NonStop” please click here

Here is a simple example of WLST Script which allows us to create Users and Groups  and Assign different Users to Different Groups. Doing the same thing from admin console is very time consuming. The following WLST Script is just an example for the same but it can be enhance more to delete Users and Groups as well in the same manner.

The best thing here is the Administrator need to just edit the properties file with the users and group details, rest of the things will be taken care by the WLST Script. Administrator need to just change the  Iteration of “for” Loop in the WLST Script sccording to the number of WebLogic Users and WebLogic Groups.

Step1). Create a Directory somewhere in your file system like :  “C:WLST_MultiDomain_DS”

Step2). Write a Properties file “details.properties” inside “C:WLST_MultiDomain_DS” like following:

domain.name=Domain_8001
admin.url=t3://localhost:8001
admin.userName=weblogic
admin.password=weblogic
security.realmName=myrealm

total.groups=2
total.username=3

create.group.name.1=GroupOne
create.group.name.2=GroupTwo

create.group.description.1= This is a Test Gropu One
create.group.description.2= This is a Test Gropu Two

create.user.name.1=TestUserOne
create.user.password.1=TestUserOnePassword
create.user.description.1= This is a Test User One

create.user.name.2=TestUserTwo
create.user.password.2=TestUserTwoPassword
create.user.description.2= This is a Test User Two

create.user.name.3=TestUserThree
create.user.password.3=TestUserThreePassword
create.user.description.3= This is a Test User Three

create.group.name.1.members=TestUserOne,TestUserTwo,
create.group.name.2.members=TestUserThree,

NOTE: The “create.group.name.1.members” Entries must end with a COMMA (,)
Step3). Write the  WLST Script “users_groups.py” inside “C:WLST_MultiDomain_DS” directory.

#############################################################################
#
# @author Copyright (c) 2010 - 2011 by Middleware Magic, All Rights Reserved.
#
#############################################################################

from java.io import FileInputStream

propInputStream = FileInputStream("details.properties")
configProps = Properties()
configProps.load(propInputStream)

domainName=configProps.get("domain.name")
adminURL=configProps.get("admin.url")
adminUserName=configProps.get("admin.userName")
adminPassword=configProps.get("admin.password")
realmName=configProps.get("security.realmName")

totalGroups_to_Create=configProps.get("total.groups")
totalUsers_to_Create=configProps.get("total.username")

connect(adminUserName, adminPassword, adminURL)
serverConfig()
authenticatorPath= '/SecurityConfiguration/' + domainName + '/Realms/' + realmName + '/AuthenticationProviders/DefaultAuthenticator'
print authenticatorPath
cd(authenticatorPath)
print ' '
print ' '

print 'Creating Groups . . .'
i=1
while (i <= int(totalGroups_to_Create)) :
	groupName = configProps.get("create.group.name."+ str(i))
	groupDescription = configProps.get("create.group.description."+ str(i))
	try:
		cmo.createGroup(groupName , groupDescription)
		print '-----------Group Created With Name : ' , groupName
	except:
		print '*************** Check If The Group With the Name : ' , groupName ,' already Exists...'
	i = i + 1
print ' '
print ' '

print 'Creating Users . . .'
x=1
while (x <= int(totalUsers_to_Create)):
	userName = configProps.get("create.user.name."+ str(x))
	userPassword = configProps.get("create.user.password."+ str(x))
	userDescription = configProps.get("create.user.description."+ str(x))
	try:
		cmo.createUser(userName , userPassword , userDescription)
		print '-----------User Created With Name : ' , userName
	except:
		print '*************** Check If the User With the Name : ' , userName ,' already Exists...'
	x = x + 1
print ' '
print ' '

print 'Adding Group Membership of the Users:'
for y in 1,2:
	grpName = configProps.get("create.group.name."+ str(y))
	groupMembers= configProps.get("create.group.name."+ str(y) + ".members")
	usrName=''
	for member in groupMembers:
		if member == ",":
			cmo.addMemberToGroup(grpName,usrName)
			print 'USER:' , usrName , 'Added to GROUP: ' , grpName
			usrName=''
		else:
			usrName=usrName+member
print ' '
print ' '

Step4). Run the “. ./setWLSEnv.sh” by adding two DOTs separated by a single space …..before the actual script like following : (use ‘cd’ command to move inside the <BEA_HOME>/wlserver_10.3/server/bin) then run the following command….
.  ./setWLSEnv.sh
Note: the first DOT represents that set the Environment in the current Shell, AND the second ./ represents execute the script from the current directory.

Step5). Now run the WLS Script like following:
java        weblogic.WLST        users_groups.py

C:WLST_MultiDomain_DS>java weblogic.WLST users_groups.py

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Connecting to t3://localhost:8001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'Domain_8001'.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

Already in Config Runtime

/SecurityConfiguration/Domain_8001/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator

Creating Groups . . .
-----------Group Created With Name :  GroupOne
-----------Group Created With Name :  GroupTwo

Creating Users . . .
-----------User Created With Name :  TestUserOne
-----------User Created With Name :  TestUserTwo
-----------User Created With Name :  TestUserThree

Adding Group Membership of the Users:
USER: TestUserOne Added to GROUP:  GroupOne
USER: TestUserTwo Added to GROUP:  GroupOne
USER: TestUserThree Added to GROUP:  GroupTwo

If the Groups or Users are already exists then the following output would be seen

java weblogic.WLST users_groups.py

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Connecting to t3://localhost:8001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'Domain_8001'.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

Already in Config Runtime

/SecurityConfiguration/Domain_8001/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator

Creating Groups . . .
*************** Check If The Group With the Name :  GroupOne  already Exists...
*************** Check If The Group With the Name :  GroupTwo  already Exists...

Creating Users . . .
*************** Check If the User With the Name :  TestUserOne  already Exists...
*************** Check If the User With the Name :  TestUserTwo  already Exists...
*************** Check If the User With the Name :  TestUserThree  already Exists...

Adding Group Membership of the Users:
USER: TestUserOne Added to GROUP:  GroupOne
USER: TestUserTwo Added to GROUP:  GroupOne
USER: TestUserThree Added to GROUP:  GroupTwo

.
.
Thanks
Jay SenSharma


[Update Version] WLST Script to Change User Password For Multiple Domains

Ravish Mody

Last month I had written a post WLST Script to Change User Password For Multiple Domains however that worked fine for less number of domains but Baji Babu Jasti one of our subscriber asked us by commenting if we can give a new version of that automated script which can change the password of the weblogic admin account for almost 60 weblogic domains or even more without making the WLST script bigger, because in my previous script one had to copy past the whole logic again and again which would had to be equivalent to the number of domains hence that would had make the WLST script lot bigger. Thus we worked on it now we are back with the brand new Updated Version of the same WLST script to change users password for multiple domains without increasing the length of the script and  wish that this script would also help our other subscribers too.

The logic behind this WLST script is the same as previous one we have just added a for loop in the ChangeAdminPassword.py and just changed few things in the property file called domainsDeatils.properties which has all the details about the domains which the password has to be changed.

1. Below is the details which domainsDeatils.properties would have


domain.name.1=Domain_8001
domain.admin.url.1=t3://localhost:8001
domain.admin.username.1=weblogic
domain.admin.OLD.password.1=weblogic
domain.admin.NEW.password.1=jboss_123

domain.name.2=Domain_7001
domain.admin.url.2=t3://localhost:7001
domain.admin.username.2=weblogic
domain.admin.OLD.password.2=weblogic
domain.admin.NEW.password.2=jboss_123

2. And below is the WLST python script ChangeAdminPassword.py which would call the above properties and will change the password.


from java.io import FileInputStream

propInputStream = FileInputStream("domainsDetails.properties")
configProps = Properties()
configProps.load(propInputStream)

for i in 1,2:

	domainName=configProps.get("domain.name."+ str(i))
	adminUrl = configProps.get("domain.admin.url."+ str(i))
	adminUser = configProps.get("domain.admin.username."+ str(i))
	oldAdminPassword = configProps.get("domain.admin.OLD.password."+ str(i))
	newAdminPassword = configProps.get("domain.admin.NEW.password."+ str(i))
	i = i + 1

	print '################################################################'
	print '        Chaning the Admin Password for :', domainName
	print '################################################################'
	print ' '
	connect(adminUser,oldAdminPassword,adminUrl)
	cd('/SecurityConfiguration/'+domainName+'/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator')
	cmo.resetUserPassword(adminUser,newAdminPassword)
	print '++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++'
	print '*******  Congrates!!! ', domainName , ' Admin Password Changed Successfully  ********'
	print '++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++'
	print ' '
	disconnect()
	print ' '
	print '####   Connecting Using New Credentials.....    ####'
	print ' '
	connect(adminUser,newAdminPassword,adminUrl)
	print '####   Successfully Connected Using New Credentials !!!!    ####'
	print ' '
	disconnect()

Note:

– Make sure you keep both this files in the same folder when you are running the script or else you would have to give the path.
– Also make sure that you copy the content of the script as it.

3 . Following would be the output as soon as you run the ChangeAdminPassword.py using the below command

Command:


java weblogic.WLST ChangeAdminPassword.py

Output:


D:OracleTest AppDomain>java weblogic.WLST ChangeAdminPassword.py

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

################################################################
        Chaning the Admin Password for : Domain_8001
################################################################

Connecting to t3://localhost:8001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'Domain_8001'.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++
*******  Congrates!!!  Domain_8001  Admin Password Changed Successfully  ********
++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++

Disconnected from weblogic server: AdminServer

####   Connecting Using New Credentials.....    ####

Connecting to t3://localhost:8001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'Domain_8001'.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

####   Successfully Connected Using New Credentials !!!!    ####

Disconnected from weblogic server: AdminServer
################################################################
        Chaning the Admin Password for : Domain_7001
################################################################

Connecting to t3://localhost:7001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'Domain_7001'.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++
*******  Congrates!!!  Domain_7001  Admin Password Changed Successfully  ********
++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++

Disconnected from weblogic server: AdminServer

####   Connecting Using New Credentials.....    ####

Connecting to t3://localhost:7001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'Domain_7001'.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

####   Successfully Connected Using New Credentials !!!!    ####

Disconnected from weblogic server: AdminServer

D:OracleTest AppDomain>

Advantages of this script:

  1. It can change any Users password , not only Admin user.
  2. This can be used with multiple domains.
  3. As it has a for loop the script does not become large or you do not have to copy paste anything other then just add the numbers in for loop.

So do let us know if this script made your life easy or not…

Regards,
Ravish Mody


WLST Script to Change User Password For Multiple Domains

Ravish Mody

Today, Murphy one of our subscriber asked us by commenting if we have any automated script which can change the password of the weblogic admin account for almost 50 weblogic domains because of some audit reasons they have. So seeing the requirement we took out sometime and wrote a WLST script which can do that job for Murphy and hope that this script would also help our other subscribers too.

The logic behind this WLST script is that we have created a property file called domainsDeatils.properties which has all the details about the domains which the password has to be changed. Now this properties file is been called from a WLST python script called ChangeAdminPassword.py which calls this properties and change the password.

Thus you just need to run the ChangeAdminPassword.py and your job would be done in no time

1. Below is the details which domainsDeatils.properties would have


domain.1.name=Domain_8001
domain.1.admin.url=t3://localhost:8001
domain.1.admin.username=weblogic
domain.1.admin.OLD.password=weblogic
domain.1.admin.NEW.password=jboss_123

domain.2.name=jms_7001
domain.2.admin.url=t3://localhost:7001
domain.2.admin.username=weblogic
domain.2.admin.OLD.password=weblogic
domain.2.admin.NEW.password=jboss_123

2. And below is the WLST python script ChangeAdminPassword.py which would call the above properties and will change the password.


from java.io import FileInputStream

propInputStream = FileInputStream("domainsDetails.properties")
configProps = Properties()
configProps.load(propInputStream)

domainName=configProps.get("domain.1.name")
adminUrl = configProps.get("domain.1.admin.url")
adminUser = configProps.get("domain.1.admin.username")
oldAdminPassword = configProps.get("domain.1.admin.OLD.password")
newAdminPassword = configProps.get("domain.1.admin.NEW.password")

print '################################################################'
print '        Chaning the Admin Password for :', domainName
print '################################################################'
print ' '
connect(adminUser,oldAdminPassword,adminUrl)
cd('/SecurityConfiguration/'+domainName+'/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator')
cmo.resetUserPassword(adminUser,newAdminPassword)
print '++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++'
print '*******  Congrates!!! ', domainName , ' Admin Password Changed Successfully  ********'
print '++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++'
print ' '
disconnect()
print ' '
print '####   Connecting Using New Credentials.....    ####'
print ' '
connect(adminUser,newAdminPassword,adminUrl)
print '####   Successfully Connected Using New Credentials !!!!    ####'
print ' '
disconnect()

domainName=configProps.get("domain.2.name")
adminUrl = configProps.get("domain.2.admin.url")
adminUser = configProps.get("domain.2.admin.username")
oldAdminPassword = configProps.get("domain.2.admin.OLD.password")
newAdminPassword = configProps.get("domain.2.admin.NEW.password")
print ' '
print '################################################################'
print '        Chaning the Admin Password for :', domainName
print '################################################################'
print ' '
connect(adminUser,oldAdminPassword,adminUrl)
cd('/SecurityConfiguration/'+domainName+'/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator')
cmo.resetUserPassword(adminUser,newAdminPassword)
print '++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++'
print '*******  Congrates!!! ', domainName , ' Admin Password Changed Successfully  ********'
print '++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++'
disconnect()
print ' '
print '####   Connecting Using New Credentials.....    ####'
print ' '
connect(adminUser,newAdminPassword,adminUrl)
print '####   Successfully Connected Using New Credentials !!!!    ####'
print ' '
disconnect()

Note: Make sure you keep both this files in the same folder when you are running the script or else you would have to give the path.

3 . Following would be the output as soon as you run the ChangeAdminPassword.py using the below command

Command:


java weblogic.WLST ChangeAdminPassword.py

Output:


Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

################################################################
 Chaning the Admin Password for : Domain_8001
################################################################

Connecting to t3://localhost:8001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'Domain_8001'.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++
*******  Congrates!!!  Domain_8001  Admin Password Changed Successfully  ********
++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++

Disconnected from weblogic server: AdminServer

####   Connecting Using New Credentials.....    ####

Connecting to t3://localhost:8001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'Domain_8001'.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

####   Successfully Connected Using New Credentials !!!!    ####

Disconnected from weblogic server: AdminServer

################################################################
 Chaning the Admin Password for : jms_7001
################################################################

Connecting to t3://localhost:7001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'jms_7001'.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++
*******  Congrates!!!  jms_7001  Admin Password Changed Successfully  ********
++++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++ +++++++++++
Disconnected from weblogic server: AdminServer

####   Connecting Using New Credentials.....    ####

Connecting to t3://localhost:7001 with userid weblogic ...
Successfully connected to Admin Server 'AdminServer' that belongs to domain 'jms_7001'.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

####   Successfully Connected Using New Credentials !!!!    ####

Disconnected from weblogic server: AdminServer

Advantages of this script:

  1. It can change any Users password , not only Admin user.
  2. This can be used with multiple domains.

So do let us know if this script made your life easy or not…

Regards,
Ravish Mody


Copyright © 2010-2012 Middleware Magic. All rights reserved. |