The following code samples can either be used from within an application deployed to a WebLogic server, or from within a standalone JavaSE application. When running from a JavaSE application, I had to explicitly set the path to the JPS configuration file, otherwise it would default to ./config/jps.config.xml (even though, according to the documentation, there should be default configuration files below the $DOMAIN_HOME directory):
// specify the configuration file - otherwise, would default to ./config/jps-config.xml System.setProperty("oracle.security.jps.config", "../src/META-INF/jps-config.xml");
See also the Oracle Fusion Middleware Java API Reference for Oracle Platform Security Services for more information about the API.
The first step is to retrieve a JpsContext – we use the default context here:
// This call evaluates the configuration file - // if the configuration file is invalid an exception is thrown JpsContextFactory ctxFactory = JpsContextFactory.getContextFactory(); // Retrieve the default JpsContext JpsContext ctx = ctxFactory.getContext();
From the context, we can get a list of all available service instances:
Collection<ServiceInstance> sis = ctx.getServiceInstances(); for (ServiceInstance si : sis) { System.err.println(si); }
We can retrieve the PolicyStore from the configuration service and list all application roles and all grants – the policy store name refers to the name of the policy store as defined in the jazn-data.xml file:
PolicyStore policyStore = ctx.getServiceInstance(PolicyStore.class); ApplicationPolicy ap = policyStore.getApplicationPolicy("policyName"); List<JpsApplicationRole> appRoles = ap.getAllAppRoles(); for (JpsApplicationRole appRole : appRoles) { System.err.println(appRole); } List<GrantEntry> grants = ap.getGrantEntries(); for (GrantEntry grant : grants) { System.err.println(grant); }
We can also retrieve the IdentityStore (through the IdentityStoreService interface) and list all users and all groups, using the User & Role API (normally we would look for a more specific user, retrieving all users and all groups might result in a lot of data):
IdentityStoreService iss = ctx.getServiceInstance(IdentityStoreService.class); IdentityStore is = iss.getIdmStore(); // create a search filter and the search parameters SimpleSearchFilter sf1 = is.getSimpleSearchFilter( UserProfile.NAME, SimpleSearchFilter.TYPE_EQUAL, null); sf1.setValue(sf1.getWildCardChar()); SearchParameters params = new SearchParameters(); params.setFilter(sf1); // get all users SearchResponse result = is.searchUsers(params); while(result.hasNext()) { Identity id = result.next(); System.err.println(id); } // get all enterprise roles (groups) result = is.searchRoles(IdentityStore.SEARCH_BY_NAME, params); while(result.hasNext()) { Identity id = result.next(); System.err.println(id); }