Code samples

The following code samples can either be used from within an application deployed to a WebLogic server, or from within a standalone JavaSE application. When running from a JavaSE application, I had to explicitly set the path to the JPS configuration file, otherwise it would default to ./config/jps.config.xml (even though, according to the documentation, there should be default configuration files below the $DOMAIN_HOME directory):

// specify the configuration file - otherwise, would default to ./config/jps-config.xml
System.setProperty("", "../src/META-INF/jps-config.xml");

See also the Oracle Fusion Middleware Java API Reference for Oracle Platform Security Services for more information about the API.

The first step is to retrieve a JpsContext – we use the default context here:

// This call evaluates the configuration file - 
// if the configuration file is invalid an exception is thrown
JpsContextFactory ctxFactory = JpsContextFactory.getContextFactory();

// Retrieve the default JpsContext
JpsContext ctx = ctxFactory.getContext();

From the context, we can get a list of all available service instances:

Collection<ServiceInstance> sis = ctx.getServiceInstances();
for (ServiceInstance si : sis) {

We can retrieve the PolicyStore from the configuration service and list all application roles and all grants – the policy store name refers to the name of the policy store as defined in the jazn-data.xml file:

PolicyStore policyStore = ctx.getServiceInstance(PolicyStore.class);
ApplicationPolicy ap = policyStore.getApplicationPolicy("policyName");

List<JpsApplicationRole> appRoles = ap.getAllAppRoles();
for (JpsApplicationRole appRole : appRoles) {

List<GrantEntry> grants = ap.getGrantEntries();
for (GrantEntry grant : grants) {

We can also retrieve the IdentityStore (through the IdentityStoreService interface) and list all users and all groups, using the User & Role API (normally we would look for a more specific user, retrieving all users and all groups might result in a lot of data):

IdentityStoreService iss = ctx.getServiceInstance(IdentityStoreService.class);
IdentityStore is = iss.getIdmStore();

// create a search filter and the search parameters
SimpleSearchFilter sf1 =  is.getSimpleSearchFilter(
SearchParameters params = new SearchParameters();

// get all users
SearchResponse result = is.searchUsers(params);
while(result.hasNext()) {
    Identity id =;

// get all enterprise roles (groups)
result = is.searchRoles(IdentityStore.SEARCH_BY_NAME, params);
while(result.hasNext()) {
    Identity id =;