Tuesday, June 11, 2013

Create/Remove Security Policy at weblogic JMS Queue

While working with client, we got one requirement where we have to implement security at weblogic JMS queue level. Few of the JMS queues were used by non integration components. The Client wanted that only specific users should be able to push/send data into these queue. The problem was to add security policy to hundreds of queues in various environment. It was a tedious job so I wrote below WLST function after going through few blogs and Oracle documentation. I am sharing it with you hoping that it will help you and save your time ;-)

The function when invoke, enable security at JMS Queue level.

def jmsQueueSecurityEnable():
    try:
        print('=======================================================')
        print('Enabling Security on JMS Queue')
        print('=======================================================')
        customUsers=users.split(',')
        customUsersStr=''
        for i in customUsers:
            customUsersStr=customUsersStr+'{Usr('+i+')}|'
        customerUsersList=customUsersStr[0:len(customUsersStr)-1]
        cd('/SecurityConfiguration/'+domain_name+'/Realms/myrealm/Authorizers/XACMLAuthorizer')
        queueList=addQueueName.split(',')
        for i in queueList:
            resourceId='type=, application='+ApplicationName+', destinationType=queue, resource='+i+', action='+action+''
            print('resourceID='+resourceId)
            cmo.createPolicy(resourceId,customerUsersList)
            print('Added policy to queue= '+i)
    except Exception, e:
        print('Exception is '+e)
        dumpStack()
        raise

When jmsQueueSecurityDisable is invoke, it removes all the security from the JMS Queue.

def jmsQueueSecurityDisable():
    try:
        print('=======================================================')
        print('Disabling Security on JMS Queue')
        print('=======================================================')
        cd('/SecurityConfiguration/'+domain_name+'/Realms/myrealm/Authorizers/XACMLAuthorizer')
        queueList=removeQueueName.split(',')
        for i in queueList:
            resourceId='type=, application='+ApplicationName+', destinationType=queue, resource='+i+', action='+action+''
            print('resourceID='+resourceId)
            cmo.removePolicy(resourceId)
            print('Disabled policy on queue= '+i)
    except Exception, e:
        print('Exception is '+e)
        dumpStack()
        raise

I created a property file to read the values as shown below

#===========================================================================================
# Details
#===========================================================================================
domain_name=Oracle_SOA1
ApplicationName=JMSModule
action=send
users=user1,user2,user3
#===========================================================================================
# Resource Details to Add Policy
#===========================================================================================
addQueueName=SampleQueue,SampleQueue1,SampleQueue3
 #===========================================================================================
# Resource Details to Remove Policy
#===========================================================================================
removeQueueName=SampleQueue4,SampleQueue5


You can customize the functions as per your requirement.


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)