Scenario - Though EM console of weblogic server provides a sophisticated UI to access policy store and perform actions, there was once a scenario where we had to find a way to provide a set of permissions to a specific role through code.
Solution - Weblogic provides OPSS APIs to access the policy store and i feel its not well documented, So here we go with a util to get your Application's Policy -
package com.webcentersamples.sampleapp.samples.utils;
import oracle.security.jps.JpsContext;
import oracle.security.jps.JpsContextFactory;
import oracle.security.jps.JpsException;
import oracle.security.jps.internal.api.runtime.ServerContextFactory;
import oracle.security.jps.service.policystore.ApplicationPolicy;
import oracle.security.jps.service.policystore.PolicyStore;
public class PolicyStoreUtils {
private static PolicyStoreUtils policyStoreUtils;
private static PolicyStore policyStore;
private static ApplicationPolicy applicationPolicy;
private PolicyStoreUtils() {
super();
}
public static synchronized PolicyStoreUtils getInstance() {
if (policyStoreUtils == null) {
policyStoreUtils = new PolicyStoreUtils();
}
return policyStoreUtils;
}
/**@SBathala - This method uses internal classes.
*It returns complete policy store where you could search for your own application's policy
* @return
* @throws JpsException
*/
public static synchronized PolicyStore getPolicyStore() throws JpsException {
if (policyStore == null) {
ServerContextFactory serverCtxFactory =
(ServerContextFactory)JpsContextFactory.getContextFactory();
JpsContext jpsCtx =
serverCtxFactory.getContext(ServerContextFactory.Scope.SYSTEM);
policyStore = jpsCtx.getServiceInstance(PolicyStore.class);
}
return policyStore;
}
/** @SBathala - This method gets you the Application Policy of the application you want from the Policy Store .
* @param applicationStripe -
* It could be fetched from EM Console.
* Step 1 - Choose your application
* Step 2 - Choose the 'Application Policies' from the drop down in top bar.
* Step 3 - Note down the Application stipe name mentioned there, Usually it will be of tis format
* <Your_Application_Name>#<Deployed_Version_Number>
* Eg : MyApp#V2.0
* @throws JpsException
*/
public static synchronized getApplicationPolicy(String applicationStripe) throws JpsException {
if (applicationPolicy == null) {
applicationPolicy =
getPolicyStore().getApplicationPolicy(applicationStripe);
}
return applicationPolicy;
}
}
Solution - Weblogic provides OPSS APIs to access the policy store and i feel its not well documented, So here we go with a util to get your Application's Policy -
package com.webcentersamples.sampleapp.samples.utils;
import oracle.security.jps.JpsContext;
import oracle.security.jps.JpsContextFactory;
import oracle.security.jps.JpsException;
import oracle.security.jps.internal.api.runtime.ServerContextFactory;
import oracle.security.jps.service.policystore.ApplicationPolicy;
import oracle.security.jps.service.policystore.PolicyStore;
public class PolicyStoreUtils {
private static PolicyStoreUtils policyStoreUtils;
private static PolicyStore policyStore;
private static ApplicationPolicy applicationPolicy;
private PolicyStoreUtils() {
super();
}
public static synchronized PolicyStoreUtils getInstance() {
if (policyStoreUtils == null) {
policyStoreUtils = new PolicyStoreUtils();
}
return policyStoreUtils;
}
/**@SBathala - This method uses internal classes.
*It returns complete policy store where you could search for your own application's policy
* @return
* @throws JpsException
*/
public static synchronized PolicyStore getPolicyStore() throws JpsException {
if (policyStore == null) {
ServerContextFactory serverCtxFactory =
(ServerContextFactory)JpsContextFactory.getContextFactory();
JpsContext jpsCtx =
serverCtxFactory.getContext(ServerContextFactory.Scope.SYSTEM);
policyStore = jpsCtx.getServiceInstance(PolicyStore.class);
}
return policyStore;
}
/** @SBathala - This method gets you the Application Policy of the application you want from the Policy Store .
* @param applicationStripe -
* It could be fetched from EM Console.
* Step 1 - Choose your application
* Step 2 - Choose the 'Application Policies' from the drop down in top bar.
* Step 3 - Note down the Application stipe name mentioned there, Usually it will be of tis format
* <Your_Application_Name>#<Deployed_Version_Number>
* Eg : MyApp#V2.0
* @throws JpsException
*/
public static synchronized getApplicationPolicy(String applicationStripe) throws JpsException {
if (applicationPolicy == null) {
applicationPolicy =
getPolicyStore().getApplicationPolicy(applicationStripe);
}
return applicationPolicy;
}
}
Once you get the Application policy, You could do whole lot of operations such as search/add/remove application roles, grant/revoke permissions etc..
Note - The user should have the following permission in JAZN to access the policy store else the methods will throw exceptions..
<permission> <class>oracle.security.jps.service.policystore.PolicyStoreAccessPermission</class>
<name>context=APPLICATION,name=[YOUR_APP_STRIPE_NAME]></name>
<actions>*</actions>
</permission>
Note - The user should have the following permission in JAZN to access the policy store else the methods will throw exceptions..
<permission> <class>oracle.security.jps.service.policystore.PolicyStoreAccessPermission</class>
<name>context=APPLICATION,name=[YOUR_APP_STRIPE_NAME]></name>
<actions>*</actions>
</permission>
