wlst commands for Weblogic security realm Roles creation and add conditions

Question

I have started my WL Admin console. I went to the Security Realms -> myrealm -> Roles and Policies -> Global Roles -> Roles. There I clicked on "New" button, created a new role, then modified it, giving it a LDAP user as Role condition.

I was wondering if we can automate this job by creating wlst script. Could you please help us to identify the wlst commands for - Create a role & adding conditions.

I have done some study about cmo.getSecurityConfiguration().getDefaultRealm().lookupRoleMapper("XACMLRoleMapper") from Oracle pages but not much sure about the implementation.

Answer 1

rm=cmo.getSecurityConfiguration().getDefaultRealm().lookupRoleMapper("XACMLRoleMapper")  
print rm.getProviderClassName()  
print rm.getName()  

cursor = rm.listAllRoles(1000)  
print cursor  

userReader = rm   
while userReader.haveCurrent(cursor):   
    usrrd = userReader.getCurrentProperties(cursor)  
    print usrrd.get('RoleName')   
    #print usrrd  
    print "\t",usrrd.get('Expression')  

    userReader.advance(cursor)  
userReader.close(cursor)  

Answer 2

Here is a sample to script used to create a global role and a policy on a jms resource :

connect('...','...','t3://localhost:7001')

realm=cmo.getSecurityConfiguration().getDefaultRealm()
rm=realm.lookupRoleMapper(""XACMLRoleMapper"")
rm.createRole(None,""role1"",None,"""")
rm.createRole(None,""role2"",None,"""")
authorizer=realm.lookupAuthorizer(""XACMLAuthorizer"")
authorizer.createPolicy('type=<jms>, application=SystemModule-0, destinationType=queue, resource=Queue-0','{Rol(role1)}')

authorizer.removePolicy('type=<jms>, application=SystemModule-0, destinationType=queue, resource=Queue-0','{Rol(role1)}')

authorizer.getPolicyExpression('type=<jms>, application=SystemModule-0, destinationType=queue, resource=Queue-0')