1 Reply Latest reply: Jan 3, 2013 8:30 AM by 978495 RSS

    Navigating to security->DefaultRoleMapper->createRole() with JMX

    978495
      I have tried in vain to get access to the createRole() through my JMX code, connecting to my Weblogic 12c. I have successfully created JMX code to create users, delete users, create groups, delete groups, add users to groups. I am now trying to add a role. I finally found the function in the MBean reference. But I cannot seem to "navigate" to it in the code.

      Here is what I have:
      $jmxCon = java("javax.management.remote.JMXConnectorFactory")->newJMXConnector($serviceURL, $env);

      $jmxCon->connect();

      $wls = $jmxCon->getMBeanServerConnection();

      $rs = new java

      ("javax.management.ObjectName","com.bea:Name=RuntimeService,Type=weblogic.management.mbeanservers.runtime.RuntimeServiceMBean");

      $domainMBean = new java("javax.management.ObjectName",$wls->getAttribute($rs,"DomainConfiguration"));

      $securityConfig = new java("javax.management.ObjectName",$wls->getAttribute($domainMBean,"SecurityConfiguration"));

      $defaultRealm = new java("javax.management.ObjectName",$wls->getAttribute($securityConfig,"Realm"));

      $authProviders = new java("javax.management.ObjectName",$wls->getAttribute($defaultRealm,"Authorizers"));

      While I can successfully get the SecurityCOnfiguration attribute (3 lines up) I retrieve the Realm or the Authorizers.

      Look at figure 6-1 here->http://docs.oracle.com/cd/E24329_01/web.1211/e24415/editsecurity.htm

      And look at this -> http://docs.oracle.com/cd/E12839_01/apirefs.1111/e13951/core/index.html


      Where am I going wrong? How do I get the Authorizer or better yet the DefaultRoleMapper to get to the createRole()??????

      Thanks

      Edited by: 975492 on Dec 27, 2012 8:19 AM
        • 1. Re: Navigating to security->DefaultRoleMapper->createRole() with JMX
          978495
          I finally figured it out using the WLST as a guide, what little there is to piece together in the MBean reference, and heck of a lot of trial and error (as the WLST and JMX are not one-to-one translations) in the code, again I am using the PHP/Java bridge to interact with Java:

          require_once("java/Java.inc");

          $roleCreation="NewsYearRole";

          $itrFcName="weblogic.security.providers.authorization.DefaultRoleMapperMBean";

          $roleEditor=NULL;

          $serviceURL = new java("javax.management.remote.JMXServiceURL","rmi","127.0.0.1","7001","/jndi/iiop://127.0.0.1:7001/weblogic.management.mbeanservers.runtime");

          $env = new java("java.util.Hashtable");
          $env->put("javax.management.remote.JMXConnectorFactory.PROTOCOL_PROVIDER_PACKAGES","weblogic.management.remote");
          $env->put("javax.naming.Context.SECURITY_PRINCIPAL", "weblogic");
          $env->put("javax.naming.Context.SECURITY_CREDENTIALS", "weblogic");

          $jmxCon = java("javax.management.remote.JMXConnectorFactory")->newJMXConnector($serviceURL, $env);

          $jmxCon->connect();

          $wls = $jmxCon->getMBeanServerConnection();

          $rs = new java("javax.management.ObjectName","com.bea:Name=RuntimeService,Type=weblogic.management.mbeanservers.runtime.RuntimeServiceMBean");

          $domainMBean = new java("javax.management.ObjectName",$wls->getAttribute($rs,"DomainConfiguration"));

          $securityConfig = new java("javax.management.ObjectName",$wls->getAttribute($domainMBean,"SecurityConfiguration"));

          $defaultRealm = new java("javax.management.ObjectName",$wls->getAttribute($securityConfig,"DefaultRealm"));

          //To get the policies and create them etc use this one
          //$defaultRoleMapper = $wls->getAttribute($defaultRealm,"Authorizers");

          $defaultRoleMapper = $wls->getAttribute($defaultRealm,"RoleMappers");

          foreach($defaultRoleMapper as $key=>$value) {
          $roleEditor=trim($value);


          echo "Role editor: ". $roleEditor."<p>";

          echo "Creating Role: ". $roleCreation. "<p>";

          //Add role array
          $thirdArr=array();
          $thirdArr[]=NULL;
          $thirdArr[]=$roleCreation;
          $thirdArr[]=NULL;
          $thirdArr[]="";

          //Create role array
          $fourthArr=array();
          $fourthArr[]="java.lang.String";
          $fourthArr[]="java.lang.String";
          $fourthArr[]="java.lang.String";
          $fourthArr[]="java.lang.String";

          /*
          //Remove role
          $thirdArr[]=NULL;
          $thirdArr[]=$roleCreation;
          $fourthArr[]="java.lang.String";
          $fourthArr[]="java.lang.String";
          */

          $roleEditor = new java("javax.management.ObjectName",$roleEditor);

          $wls->invoke($roleEditor,"createRole",$thirdArr,$fourthArr);

          //$wls->invoke($roleEditor,"removeRole",$thirdArr,$fourthArr);
          }