Search This Blog

Tuesday, January 12, 2016

Multitenancy in WebLogic 12c Part -1: Security Realm for Partition Domain

In the new ear of  Multi-tenancy environment with WebLogic the application server software it self changed a lot internally to support the Partition based domains which supporting existing features as well. When we create a new SecurityRealm for a Partition, we need to create the following MBeans :

Let me begin with sample Training project where it runs with Online and Corporate training partitions. Here in this post we can configure security realm for each partition.
  • Authenticator
  • Role
  • Identity Asserter
  • Role Mapper
  • Authorizer
  • Adjucator
  • Auditor
  • Credential Mapper
  • Certificate Path Provider
  • Password Validator
WebLogic Multi-tenancy - SecurityRealm configuration


Lets make re-usable module so that everyone can use the function as it is. The changes could be in the main module only. Further simplification you could also move the values into a separate properties file.


def create_securityRealm4partition(realmName):
 
 security = cmo.getSecurityConfiguration()
 print 'realm name is ' + realmName
 realm = security.createRealm(realmName)
 
 # ATN
 atnp = realm.createAuthenticationProvider('ATNPartition','weblogic.security.providers.authentication.DefaultAuthenticator')
 atna = realm.createAuthenticationProvider('ATNAdmin','weblogic.security.providers.authentication.DefaultAuthenticator')
 
 # IA
 ia = realm.createAuthenticationProvider('IA','weblogic.security.providers.authentication.DefaultIdentityAsserter')
 ia.setActiveTypes(['AuthenticatedUser'])
 
 # ATZ/Role
 realm.createRoleMapper('Role','weblogic.security.providers.xacml.authorization.XACMLRoleMapper')
 realm.createAuthorizer('ATZ','weblogic.security.providers.xacml.authorization.XACMLAuthorizer')
 
 # Adjudicator
 realm.createAdjudicator('ADJ','weblogic.security.providers.authorization.DefaultAdjudicator')
 
 # Auditor
 realm.createAuditor('AUD','weblogic.security.providers.audit.DefaultAuditor')

 # Credential Mapper
 realm.createCredentialMapper('CM','weblogic.security.providers.credentials.DefaultCredentialMapper')
 
 # Cert Path
 realm.setCertPathBuilder(realm.createCertPathProvider('CP','weblogic.security.providers.pk.WebLogicCertPathProvider'))
 
 # Password Validator
 pv = realm.createPasswordValidator('PV', 'com.bea.security.providers.authentication.passwordvalidator.SystemPasswordValidator')
 pv.setMinPasswordLength(8)
 pv.setMinNumericOrSpecialCharacters(1)

def main():
 connect("weblogic","welcome1","t3://192.168.33.100:6100")
 edit()
 startEdit()

 create_securityRealm4partition('Online_Realm')
 create_securityRealm4partition('Corporate_Realm')

 save()
 activate()
 disconnect()
main()




 wlst createSecurityRealm.py






SecurityRealm using WLST


Configure Security realm for partitions using WLST Script createSecurityRealm.py 





On the other hand you can see the WebLogic Admin console output as well:






Security Realm on Domain Partition





This article is a series of blog posts you will be more excited to see the next posts see below:




    

  1. Configure Security Realm for MT
    2. 

  2. Create Users & Groups for Partition domain
    3. 

  3. Configure Virtual Target
    4. 

  4. Creating Partition Domain
    5. 

  5. Configure IDD for Partition
    6. 

  6. Partition Control (start/stop using WLST)
    7. 

  7. Deploy and Undeploy Application on Partition 
    8. 










Posted by





at



0
comments




Email icon




Edit post icon














Labels:
,
,
,
,
,

















        

      









Subscribe to:
Comments (Atom)







Popular Posts




    

  • 

    WLST Errors and Exceptions
    

     When first time you started using WLST you might get many of these Python  based WLST Errors. Here I had collected few of them which are ve...
    

    • 

  • 

    Server State using WLST
    

     Hello! Dear Automation focused engineer we have this post about how to work simple server status list for a WebLogic domain. This logic can...
    

    • 

  • 

    JMS Module with ConnectionFactory and Queue configuration using WLST
    

    After almost three and half years again revisited to the JMS module script. This time the project needs are quite different. Where the Oracl...
    

    • 

  • 

    WLST Offline vs WLST Online
    

    Hey Middleware automation expert, Welcome to my Post. Working with WLST  we have two different sections of commands available they are defin...
    

    • 

  • 

    SOA Retire Activate Composites
    

           Why we need retire and activate composites?  Before you go for bouncing the SOA Suite Domain which contains SOA, ADF Clusters with mu...
    

    • 

  • 

    JDBC Monitoring
    

      JDBC Monitoring with LWLST script   One fine morning we (WLA support Team) got an assignment, The summary of the assignment was to find ...
    

    • 

  • 

    Configuring a Generic Datasource
    

    Configuring the datasource is one time activity for any project in production environment but where as for development or testing environmen...
    

    • 

  • 

    Configuring WorkManager using WLST
    

     The WorkManager configuration can be possible only when you navigate on SelfTuning tree. After navigating with cding to SelfTuning MBean hi...
    

    • 

  • 

    JMS Module Uniform Distributed Queue using WLST
    

        This post is continous series of JMS configurations experimenting with Python. Here the JMS module configuration changes for the JMS wil...
    

    • 

  • 

    File IO in WLST: How to store output of WLST/Jython?
    

    Hey WLST scripting enthos Guys!!   I was prepared some of industry most reffered WLST monitoring scripts... they are running well and good.....
    

    •