Search This Blog

Tuesday, January 12, 2016

Multitenancy in WebLogic 12c Part -1: Security Realm for Partition Domain

In the new ear of  Multi-tenancy environment with WebLogic the application server software it self changed a lot internally to support the Partition based domains which supporting existing features as well. When we create a new SecurityRealm for a Partition, we need to create the following MBeans :

Let me begin with sample Training project where it runs with Online and Corporate training partitions. Here in this post we can configure security realm for each partition.
  • Authenticator
  • Role
  • Identity Asserter
  • Role Mapper
  • Authorizer
  • Adjucator
  • Auditor
  • Credential Mapper
  • Certificate Path Provider
  • Password Validator
WebLogic Multi-tenancy - SecurityRealm configuration


Lets make re-usable module so that everyone can use the function as it is. The changes could be in the main module only. Further simplification you could also move the values into a separate properties file.


def create_securityRealm4partition(realmName):
 
 security = cmo.getSecurityConfiguration()
 print 'realm name is ' + realmName
 realm = security.createRealm(realmName)
 
 # ATN
 atnp = realm.createAuthenticationProvider('ATNPartition','weblogic.security.providers.authentication.DefaultAuthenticator')
 atna = realm.createAuthenticationProvider('ATNAdmin','weblogic.security.providers.authentication.DefaultAuthenticator')
 
 # IA
 ia = realm.createAuthenticationProvider('IA','weblogic.security.providers.authentication.DefaultIdentityAsserter')
 ia.setActiveTypes(['AuthenticatedUser'])
 
 # ATZ/Role
 realm.createRoleMapper('Role','weblogic.security.providers.xacml.authorization.XACMLRoleMapper')
 realm.createAuthorizer('ATZ','weblogic.security.providers.xacml.authorization.XACMLAuthorizer')
 
 # Adjudicator
 realm.createAdjudicator('ADJ','weblogic.security.providers.authorization.DefaultAdjudicator')
 
 # Auditor
 realm.createAuditor('AUD','weblogic.security.providers.audit.DefaultAuditor')

 # Credential Mapper
 realm.createCredentialMapper('CM','weblogic.security.providers.credentials.DefaultCredentialMapper')
 
 # Cert Path
 realm.setCertPathBuilder(realm.createCertPathProvider('CP','weblogic.security.providers.pk.WebLogicCertPathProvider'))
 
 # Password Validator
 pv = realm.createPasswordValidator('PV', 'com.bea.security.providers.authentication.passwordvalidator.SystemPasswordValidator')
 pv.setMinPasswordLength(8)
 pv.setMinNumericOrSpecialCharacters(1)

def main():
 connect("weblogic","welcome1","t3://192.168.33.100:6100")
 edit()
 startEdit()

 create_securityRealm4partition('Online_Realm')
 create_securityRealm4partition('Corporate_Realm')

 save()
 activate()
 disconnect()
main()




 wlst createSecurityRealm.py






SecurityRealm using WLST


Configure Security realm for partitions using WLST Script createSecurityRealm.py 





On the other hand you can see the WebLogic Admin console output as well:






Security Realm on Domain Partition





This article is a series of blog posts you will be more excited to see the next posts see below:




    

  1. Configure Security Realm for MT
    2. 

  2. Create Users & Groups for Partition domain
    3. 

  3. Configure Virtual Target
    4. 

  4. Creating Partition Domain
    5. 

  5. Configure IDD for Partition
    6. 

  6. Partition Control (start/stop using WLST)
    7. 

  7. Deploy and Undeploy Application on Partition 
    8. 










Posted by





at



























Labels:
,
,
,
,
,














No comments:



















Facebook Blogger Plugin: By RNHckr.com





Post a Comment


Please write your comment here















        

      









Subscribe to:
Post Comments (Atom)







Popular Posts




    

  • 

    Server State using WLST
    

     Hello! Dear Automation focused engineer we have this post about how to work simple server status list for a WebLogic domain. This logic can...
    

    • 

  • 

    File IO in WLST: How to store output of WLST/Jython?
    

    Hey WLST scripting enthos Guys!!   I was prepared some of industry most reffered WLST monitoring scripts... they are running well and good.....
    

    • 

  • 

    JDBC Monitoring
    

      JDBC Monitoring with LWLST script   One fine morning we (WLA support Team) got an assignment, The summary of the assignment was to find ...
    

    • 

  • 

    WLST Issues
    

      NoClassDefFoundError: weblogic.WLST issue  While starting WLST Script you might encounter this issue  Exception in thread "main"...
    

    • 

  • 

    Side by Side Deployment with WLST
    

        One of my online buddy requested me Python script help for developing Side by Side(SBS) deployment using WLST.    Automate Python Script...
    

    • 

  • 

    WLST Errors and Exceptions
    

     When first time you started using WLST you might get many of these Python  based WLST Errors. Here I had collected few of them which are ve...
    

    • 

  • 

    My way of deployment with WLST
    

     This  Script has ultimate goal  to automate to one-step process for deploying the code onto WebLogic Development environments. Usually the ...
    

    • 

  • 

    WLST Programming Controls
    

     Effective programming could be developed using right decision making in your scripts. Here I would like to share some basics of Python prog...
    

    • 

  • 

    NodeManager Status from WLST
    

     When you use WebLogic admin console you know the Node manager is 'Reachable' or 'Inactive' state. The same thing if you wis...
    

    • 

  • 

    JMS Monitoring using WLST
    

    Let me walk through the script, The script is referring to a secure way of user credential usage in the WLST that is given here  .   storeUs...
    

    •