Develop Reference

Getting UnSupported Protocol : rmi/t3 in PL/sql on weblogic user creation using JMX

I have developed java code using pl/sql for weblogic user creation.
The code is:
CREATE OR REPLACE AND COMPILE JAVA SOURCE NAMED "NewUserCreation31" AS
import javax.management.ObjectName;
import javax.management.modelmbean.ModelMBeanInfo;
import java.util.Locale;
import java.util.Hashtable;
import javax.naming.Context;
import javax.management.MBeanServerConnection;
import javax.management.remote.JMXServiceURL;
import javax.management.remote.JMXConnector;
import javax.management.remote.JMXConnectorFactory;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.Statement;
import java.sql.ResultSet;
public class NewUserCreation31
{
private static ObjectName defaultAuthenticator;
private static String authenticatorName="DefaultAuthenticator";
public static String username=null;
public static String password=null;
public static String user_role=null;
public static String retVal="exception";
public static String createWeblogicUser()
{
try {
Hashtable<String, String> env = new Hashtable<String, String>();
// Connection conn = null;
String url1 = "jdbc:oracle:thin:#191.169.151.13:1521:SER140";
String driver = "oracle.jdbc.driver.OracleDriver";
String userNm = "user1";
String psword = "password1";
Statement stmt=null;
String query=" select user_id,enc_dec.decrypt(passwd) pwd,user_priv from user_data";
try
{
retVal= "return 1";
username="uname1";
password="pwd123";
user_role="A";
retVal= "return all";
String user_grp =
(user_role.equals("A")) ? "A" :
(user_role.equals("P")) ? "P" :
(user_role.equals("PA")) ? "PA" :
(user_role.equals("R")) ? "R" :
(user_role.equals("RA")) ? "RA" :
(user_role.equals("RP")) ? "RP" : (user_role.equals("RPA")) ? "RPA" : "U";
retVal= "return user_role";
env.put(Context.SECURITY_PRINCIPAL, "weblogic");
env.put(Context.SECURITY_CREDENTIALS, "weblogic123");
retVal= "return env";
String hostname ="192.168.161.17";
retVal= hostname;
int port = Integer.parseInt("8001");
retVal= "port";
String protocol = "rmi";
retVal= protocol;
String url = new String("/jndi/weblogic.management.mbeanservers.runtime");
retVal= url;
JMXServiceURL serviceURL = new JMXServiceURL(protocol, hostname, port, url);
retVal= serviceURL.toString();
JMXConnector connector = JMXConnectorFactory.connect(serviceURL, env);
retVal="connector";
MBeanServerConnection connection = connector.getMBeanServerConnection();
retVal="MBeanServerConnection";
ObjectName userEditor = null;
ObjectName mBeanTypeService =
new ObjectName("com.bea:Name=MBeanTypeService,Type=weblogic.management.mbeanservers.MBeanTypeService");
retVal="mBeanTypeService";
ObjectName rs1 =
new ObjectName("com.bea:Name=RuntimeService,Type=weblogic.management.mbeanservers.runtime.RuntimeServiceMBean");
retVal="rs1";
ObjectName domainMBean = (ObjectName) connection.getAttribute(rs1, "DomainConfiguration");
retVal="domainMBean";
ObjectName securityConfig = (ObjectName) connection.getAttribute(domainMBean, "SecurityConfiguration");
retVal="securityConfig";
ObjectName defaultRealm = (ObjectName) connection.getAttribute(securityConfig, "DefaultRealm");
retVal="defaultRealm";
ObjectName[] authProviders =
(ObjectName[]) connection.getAttribute(defaultRealm, "AuthenticationProviders");
retVal="authProviders";
for (ObjectName providerName : authProviders) {
if (userEditor == null) {
ModelMBeanInfo info = (ModelMBeanInfo) connection.getMBeanInfo(providerName);
String className = (String) info.getMBeanDescriptor().getFieldValue("interfaceClassName");
System.out.println("className is: " + className);
if (className != null) {
String[] mba = (String[]) connection.invoke(mBeanTypeService, "getSubtypes", new Object[] {
"weblogic.management.security.authentication.UserEditorMBean" }, new String[] {
"java.lang.String" });
for (String mb : mba) {
System.out.println("Model Bean is: " + mb);
if (className.equals(mb)) {
System.out.println("Found a match for the model bean and class name!");
userEditor = providerName;
}
}
}
}
}
if (userEditor == null)
throw new RuntimeException("Could not retrieve user editor");
try {
for (int i = 0; i < authProviders.length; i++) {
String name =
(String)connection.getAttribute(authProviders[i],
"Name");
System.out.println("name " + name);
if (name.equals(authenticatorName))
defaultAuthenticator = authProviders[i];
}
boolean userExists =
((Boolean)connection.invoke(defaultAuthenticator, "userExists",
new Object[] { username },
new String[] { "java.lang.String" })).booleanValue();
System.out.println("userExists" + userExists);
if(userExists)
{
return "User Already exists";
}
else if(!(userExists))
{
connection.invoke(userEditor, "createUser", new Object[] {
username, password, "User created by LPM admin." }, new String[] {
"java.lang.String", "java.lang.String", "java.lang.String"
});
connection.invoke(userEditor, "addMemberToGroup", new Object[] { user_grp, username }, new String[] {
"java.lang.String", "java.lang.String"
});
connection.invoke(userEditor, "addMemberToGroup", new Object[] { "Administrators", username }, new String[] {
"java.lang.String", "java.lang.String"
});
System.out.println("User created successfully");
}
connector.close();
}
catch (Exception ex) {
ex.printStackTrace();
return "Error";
}
// }
// conn.close();
System.out.println("Disconnected from database");
}
catch (Exception e)
{
e.printStackTrace();
}
}
catch(Exception e3)
{
e3.printStackTrace();
return "Error";
}
return retVal;
}
};
/
Here I will get exception at line
JMXConnectorFactory.connect() as Unsupported protocol : rmi.
If I will change the protocol to t3, then It will through
Unsupported protocol : t3
I have ran the code through java directly. It is working. But whenever I will try to call it through pl/sql I will get the mentioned exception.
Please suggest me on this. Is there any other way to create a weblogic users.
I need to create weblogic users from one of the table resided in my database : user_data.
Is it possible to create weblogic users through PL/SQL?. Can I make my java class to be invoked from weblogic server on some interval? Please suggest on this.

GSSException createCredential

Major edit: 2015-05-27: After some degree of success updated on where I'm currently stuck rather than leaving a rambling post....could really do with some pointers on this one - a little bogged down....
I'm running some code on a Linux app server (WebSphere) that needs to authenticate to an IIS web service which is configured for "Integrated Authentication", but I'm having some problems forming the Authorization: Negotiate token.
I should also say that I need to put this token into the HTTP header for a JAX-WS SOAP request that I will subsequently build. I know my SOAP request itself works because we were using WS-Security Username token profile previously and it worked fine - trying to swap to kerberos is proving difficult...
My problem is with initSecContext I think. It appears that on the first call the context is configured in "some" way and there is some returned token data, but .isEstablished is false. The problem I'm having is putting the initSecContext call into a loop - it seems IIS just closes the connection when I do this. Can anyone give me some pointers - I seem to be taking the approach used by other posters and the Oracle samples (although the IBM/WebSphere sample only makes a single initSecContext call and doesn't check .isEstablished which seems odd to me based on the Oracle documentation).
Anyway, the error I get is below (note the Ready: property seems to clearly say initSecContext needs to loop - to me at least);
[5/27/15 6:51:11:605 UTC] 0000004f SystemOut O INFO: com.mycorp.kerberosKerberosTokenGenerator/getKerberosToken/run: After initSecContext:
--- GSSContext ---
Owner: domainuser#MYDOMAIN.COM
Peer: HTTP/iishost.mycorp.com
State: initialized
Lifetime: indefinite
Ready: no
Flags:
Confidentiality off
Delegation on
Integrity off
MutualAuthn on
ReplayDetection off
SequenceDetection off
DelegatedCred: unknown
--- End of GSSContext ---
[5/27/15 6:51:11:605 UTC] 0000004f SystemOut O INFO: com.mycorp.kerberosKerberosTokenGenerator/getKerberosToken/run: Context is not established, trying again
[5/27/15 6:51:11:606 UTC] 0000004f SystemOut O ERROR: com.mycorp.kerberosKerberosTokenGenerator/getKerberosToken/run: IOException during context establishment: Connection reset
My code is below;
LoginContext lc = getLoginContext(contextName);
final Subject subject = lc.getSubject();
String b64Token = (String) Subject.doAs(subject, new PrivilegedExceptionAction() {
#Override
public Object run() throws PrivilegedActionException, GSSException {
// Create socket to server
Socket socket;
DataInputStream inStream = null;
DataOutputStream outStream = null;
try {
socket = new Socket("iishost.mycorp.com", 443);
inStream = new DataInputStream(socket.getInputStream());
outStream = new DataOutputStream(socket.getOutputStream());
} catch (IOException ex) {
System.out.println("Exception setting up server sockets: " + ex.getMessage());
}
GSSName gssName = manager.createName(userName, GSSName.NT_USER_NAME, KRB5_MECH_OID);
GSSCredential gssCred = manager.createCredential(gssName.canonicalize(KRB5_MECH_OID),
GSSCredential.DEFAULT_LIFETIME,
KRB5_MECH_OID,
GSSCredential.INITIATE_ONLY);
gssCred.add(gssName, GSSCredential.INDEFINITE_LIFETIME,
GSSCredential.INDEFINITE_LIFETIME,
SPNEGO_MECH_OID,
GSSCredential.INITIATE_ONLY);
GSSName gssServerName = manager.createName(servicePrincipal, KERBEROS_V5_PRINCIPAL_NAME);
GSSContext clientContext = manager.createContext(gssServerName.canonicalize(SPNEGO_MECH_OID),
SPNEGO_MECH_OID,
gssCred,
GSSContext.DEFAULT_LIFETIME);
clientContext.requestCredDeleg(true);
clientContext.requestMutualAuth(true);
byte[] token = new byte[0];
while (!clientContext.isEstablished()) {
try {
token = clientContext.initSecContext(token, 0, token.length);
// IF I LOOK AT token HERE THERE IS CERTAINLY TOKEN DATA THERE - .isEstablished IS STILL FALSE
outStream.writeInt(token.length);
outStream.write(token);
outStream.flush();
// Check if we're done
if (!clientContext.isEstablished()) {
token = new byte[inStream.readInt()];
inStream.readFully(token);
}
} catch (IOException ex) {
// THIS EXCEPTION IS THROWN ON SECOND ITERATION - LOOKS LIKE IIS CLOSES THE CONNECTION
System.out.println("IOException during context establishment: " + ex.getMessage());
}
}
String b64Token = Base64.encode(token);
clientContext.dispose(); // I'm assuming this won't invalidate the token in some way as I need to use it later
return b64Token;
}
});
This doc tells me I don't need to loop on initSecContext, but .isEstablished returns false for me: http://www-01.ibm.com/support/knowledgecenter/SS7K4U_8.5.5/com.ibm.websphere.zseries.doc/ae/tsec_SPNEGO_token.html?cp=SS7K4U_8.5.5%2F1-3-0-20-4-0&lang=en
The Oracle docs tell me I should: https://docs.oracle.com/javase/7/docs/api/org/ietf/jgss/GSSContext.html
My only hesitation is that from the Oracle docs it seems like I'm starting the application conversation, but what I'm trying to do it obtain the token only & it's later on in my code when I will use JAX-WS to post my actual web service call (including the spnego/kerberos token in the http header) - is this the cause of my issue?

Just an update. I have this working now - my previous code was largely ok - it was just my understanding of how the Kerberos token would be added to the JAX-WS request. Turns out it's just a matter of attaching a Handler to the bindingProvider. The handler then obtains the Kerberos token and adds it to the header of the request - nice and easy.
Below is my working Handler which is added to the Handler chain obtained from a call to bindingProvider.getBinding().getHandlerChain()
public class HTTPKerberosHandler implements SOAPHandler<SOAPMessageContext> {
private final String contextName;
private final String servicePrincipal;
private static Oid KRB5_MECH_OID = null;
private static Oid SPNEGO_MECH_OID = null;
private static Oid KERBEROS_V5_PRINCIPAL_NAME = null;
final String className = this.getClass().getName();
static {
try {
KERBEROS_V5_PRINCIPAL_NAME = new Oid("1.2.840.113554.1.2.2.1");
KRB5_MECH_OID = new Oid("1.2.840.113554.1.2.2");
SPNEGO_MECH_OID = new Oid("1.3.6.1.5.5.2");
} catch (final GSSException ex) {
System.out.println("Exception creating mechOid's: " + ex.getMessage());
ex.printStackTrace();
}
}
public HTTPKerberosHandler(final String contextName, final String servicePrincipal) {
this.contextName = contextName;
this.servicePrincipal = servicePrincipal;
}
#Override
public Set<QName> getHeaders() {
return null;
}
#Override
public boolean handleFault(SOAPMessageContext context) {
return false;
}
#Override
public void close(MessageContext context) {
// No action
}
#Override
public boolean handleMessage(SOAPMessageContext context) {
if (((Boolean) context.get(SOAPMessageContext.MESSAGE_OUTBOUND_PROPERTY))) {
return handleRequest(context);
} else {
return handleResponse(context);
}
}
private boolean handleRequest(SOAPMessageContext context) {
byte[] token = getKerberosToken(contextName, servicePrincipal);
HashMap<String, String> sendTransportHeaders = new HashMap<String, String>();
sendTransportHeaders.put("Authorization", "Negotiate " + Base64.encode(token));
context.put(com.ibm.websphere.webservices.Constants.REQUEST_TRANSPORT_PROPERTIES, sendTransportHeaders);
return true;
}
private boolean handleResponse(SOAPMessageContext context) {
logger.logInformation(className, "handleResponse", "Inbound response detected");
return true;
}
public byte[] getKerberosToken(final String contextName, final String servicePrincipal) {
try {
LoginContext lc = getLoginContext(contextName);
final Subject subject = lc.getSubject();
byte[] token = (byte[]) Subject.doAs(subject, new PrivilegedExceptionAction() {
#Override
public Object run() throws PrivilegedActionException, GSSException {
final String methodName = "getKerberosToken/run";
final GSSManager manager = GSSManager.getInstance();
Set<Principal> principals = subject.getPrincipals();
Iterator it = principals.iterator();
String principalName = ((Principal) it.next()).getName();
logger.logInformation(className, methodName, "Using principal: [" + principalName + "]");
GSSName gssName = manager.createName(principalName, GSSName.NT_USER_NAME, KRB5_MECH_OID);
GSSCredential gssCred = manager.createCredential(gssName.canonicalize(KRB5_MECH_OID),
GSSCredential.DEFAULT_LIFETIME,
KRB5_MECH_OID,
GSSCredential.INITIATE_ONLY);
gssCred.add(gssName, GSSCredential.INDEFINITE_LIFETIME,
GSSCredential.INDEFINITE_LIFETIME,
SPNEGO_MECH_OID,
GSSCredential.INITIATE_ONLY);
logger.logInformation(className, methodName, "Client TGT obtained: " + gssCred.toString());
GSSName gssServerName = manager.createName(servicePrincipal, GSSName.NT_USER_NAME);
GSSContext clientContext = manager.createContext(gssServerName.canonicalize(SPNEGO_MECH_OID),
SPNEGO_MECH_OID,
gssCred,
GSSContext.DEFAULT_LIFETIME);
logger.logInformation(className, methodName, "Service ticket obtained: " + clientContext.toString());
byte[] token = new byte[0];
token = clientContext.initSecContext(token, 0, token.length);
clientContext.dispose();
return token;
}
});
return token;
} catch (PrivilegedActionException ex) {
logger.logError(HTTPKerberosHandler.class.getName(), methodName, "PrivilegedActionException: " + ex.getMessage());
} catch (Exception ex) {
logger.logError(HTTPKerberosHandler.class.getName(), methodName, "Exception: " + ex.getMessage());
}
return null;
}
private LoginContext getLoginContext(String contextName) {
LoginContext lc = null;
try {
lc = new LoginContext(contextName);
lc.login();
} catch (LoginException le) {
logger.logError(HTTPKerberosHandler.class.getName(), methodName, "Login exception: [" + le.getMessage() + "]");
le.printStackTrace();
}
return lc;
}
}

getting server name and state using MBeanServerConnection

I am trying to get the name and state of the servers in a domain using MBeanServerConnection
public class GetServerState {
private static MBeanServerConnection connection;
private static JMXConnector connector;
private static final ObjectName service;
// Initializing the object name for DomainRuntimeServiceMBean
// so it can be used throughout the class.
static {
try {
service = new ObjectName(
"com.bea:Name=DomainRuntimeService,Type=weblogic.management.
mbeanservers.domainruntime.DomainRuntimeServiceMBean");
}catch (MalformedObjectNameException e) {
throw new AssertionError(e.getMessage());
}
}
/*
* Initialize connection to the Domain Runtime MBean Server
*/
public static void initConnection(String hostname, String portString,
String username, String password) throws IOException,
MalformedURLException {
String protocol = "t3";
Integer portInteger = Integer.valueOf(portString);
int port = portInteger.intValue();
String jndiroot = "/jndi/";
String mserver = "weblogic.management.mbeanservers.domainruntime";
JMXServiceURL serviceURL = new JMXServiceURL(protocol, hostname,
port, jndiroot + mserver);
Hashtable h = new Hashtable();
h.put(Context.SECURITY_PRINCIPAL, username);
h.put(Context.SECURITY_CREDENTIALS, password);
h.put(JMXConnectorFactory.PROTOCOL_PROVIDER_PACKAGES,
"weblogic.management.remote");
connector = JMXConnectorFactory.connect(serviceURL, h);
connection = connector.getMBeanServerConnection();
}
/*
* Print an array of ServerRuntimeMBeans.
* This MBean is the root of the runtime MBean hierarchy, and
* each server in the domain hosts its own instance.
*/
public static ObjectName[] getServerRuntimes() throws Exception {
return (ObjectName[]) connection.getAttribute(service,
"ServerRuntimes");
}
/*
* Iterate through ServerRuntimeMBeans and get the name and state
*/
public void printNameAndState() throws Exception {
ObjectName[] serverRT = getServerRuntimes();
System.out.println("got server runtimes");
int length = (int) serverRT.length;
for (int i = 0; i < length; i++) {
String name = (String) connection.getAttribute(serverRT[i],
"Name");
String state = (String) connection.getAttribute(serverRT[i],
"State");
System.out.println("Server name: " + name + ". Server state: "
+ state);
}
}
public static void main(String[] args) throws Exception {
String hostname = args[0];
String portString = args[1];
String username = args[2];
String password = args[3];
GetServerState s = new GetServerState();
initConnection(hostname, portString, username, password);
s.printNameAndState();
connector.close();
}
}
Here I am getting the name of only those servers which are in "RUNNING" state and not the list of all the servers in the Domain.
Can some one guide me with what changes I need to make to get name and states of all the server in the domain?

ldap search is very slow

I am using JNDI to connect to the LDAP active directory, and I want to search for users where the name contains the search string, so my search method is as follows:
public static List<LDAPUser> searchContactsByName(
ExtendedDirContext extendedDirContext, String name) {
try {
LdapContext ldapContext = extendedDirContext.getLdapContext();
String searchBaseStr = extendedDirContext.getSearchBase();
String sortKey = LDAPAttributes.NAME;
ldapContext.setRequestControls(new Control[] { new SortControl(
sortKey, Control.CRITICAL) });
SearchControls searchCtls = new SearchControls();
searchCtls.setTimeLimit(1000 * 10);
String returnedAtts[] = { LDAPAttributes.USER_NAME,
LDAPAttributes.NAME };
searchCtls.setReturningAttributes(returnedAtts);
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String searchFilter = "(&(ObjectCategory=person)(cn=*" + name
+ "*))";
NamingEnumeration<SearchResult> results = ldapContext.search(
searchBaseStr, searchFilter, searchCtls);
List<LDAPUser> users = new ArrayList<LDAPUser>(0);
while (results.hasMoreElements()) {
SearchResult sr = (SearchResult) results.next();
Attributes attrs = sr.getAttributes();
LDAPUser user = new LDAPUser();
user.setName(attrs.get(LDAPAttributes.NAME).toString()
.replace("cn: ", ""));
user.setUserName(attrs.get(LDAPAttributes.USER_NAME).toString()
.replace("sAMAccountName: ", ""));
users.add(user);
}
return users;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
and here is how I am making the connection to LDAP:
public static ExtendedDirContext connectToLdap(MessageSource messageSource) {
try {
log.debug("connectToLdap");
String providerUrl = messageSource.getMessage("provider.url", null,
null);
String securityPrincipal = messageSource.getMessage(
"security.principal", null, null);
String securityCredentials = messageSource.getMessage(
"security.credentials", null, null);
String searchBase = messageSource.getMessage("search.base", null,
null);
boolean ssl = Boolean.parseBoolean(messageSource.getMessage("ssl",
null, null));
LdapContext ldapContext;
Hashtable<String, String> ldapEnv = new Hashtable<String, String>(
11);
ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
ldapEnv.put(Context.PROVIDER_URL, providerUrl);
ldapEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
ldapEnv.put(Context.SECURITY_PRINCIPAL, securityPrincipal);
ldapEnv.put(Context.SECURITY_CREDENTIALS, securityCredentials);
if (ssl)
ldapEnv.put(Context.SECURITY_PROTOCOL, "ssl");
// To get rid of the PartialResultException when using Active
// Directory
ldapEnv.put(Context.REFERRAL, "follow");
ldapContext = new InitialLdapContext(ldapEnv, null);
ExtendedDirContext extendedDirContext = new ExtendedDirContext();
extendedDirContext.setLdapContext(ldapContext);
extendedDirContext.setSearchBase(searchBase);
log.debug("success connection to ldap");
return extendedDirContext;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
The LDAP credentials are as follows:
provider.url=ldap://dc.fabrikam.com:389
security.principal=CN=administrator,CN=Users,DC=fabrikam,DC=com
security.credentials=password
search.base=dc=fabrikam,dc=com
Why does the search take so much time to retrieve the data? Is there any change that I can do to make the search faster, since I have only 285 contacts in the AD?

Solution was to change ldapEnv.put(Context.REFERRAL, "follow"); to ldapEnv.put(Context.REFERRAL, "ignore");

Your filter:
"(&(ObjectCategory=person)(cn=*" + name + "*))"
May be an issue.
I would recommend that you download a known LDAP utility (Apache Directory Studio Browser as an example) and try different search filters until you find one that works.
To Start, try
"(&(ObjectCategory=person)(cn= + name ))"

You're right,
ldapEnv.put(Context.REFERRAL, "ignore")
didn't get exception about connection timed out. But when I first try I get a partialexception. After I changed my LDAP configuration port from 389 to 3268 I didn't get any exception, build successfully. 3268 port about global catalog of LDAP. For example Outlook clients query the global catalog to locate Address Book information. You can try global catalog if you get an exception referral type setting.

Creating WebLogic users programmatically from a standalone Java client

I'm trying to create users in WebLogic (10.3.4) programmatically from a simple standalone Java client (one class --> two methods: createWeblogicUser() & main()).
public void createWeblogicUser() {
try {
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
env.put(Context.SECURITY_PRINCIPAL, "weblogic");
env.put(Context.SECURITY_CREDENTIALS, "weblogic");
env.put(Context.PROVIDER_URL, "t3://myserver:7001");
InitialContext ctx = new InitialContext(env);
MBeanServer wls = (MBeanServer) ctx.lookup("java:comp/env/jmx/runtime");
ObjectName userEditor = null;
ObjectName mBeanTypeService = new ObjectName( "com.bea:Name=MBeanTypeService, Type=weblogic.management.mbeanservers.MBeanTypeService");
ObjectName rs = new ObjectName("com.bea:Name=RuntimeService, Type=weblogic.management.mbeanservers.runtime.RuntimeServiceMBean");
ObjectName domainMBean = (ObjectName) wls.getAttribute(rs, "DomainConfiguration");
ObjectName securityConfig = (ObjectName) wls.getAttribute(domainMBean, "SecurityConfiguration");
ObjectName defaultRealm = (ObjectName) wls.getAttribute(securityConfig, "DefaultRealm");
ObjectName[] authProviders = (ObjectName[]) wls.getAttribute(defaultRealm, "AuthenticationProviders");
for(ObjectName providerName : authProviders) {
if(userEditor == null) {
ModelMBeanInfo info = (ModelMBeanInfo) wls.getMBeanInfo(providerName);
String className = (String) info.getMBeanDescriptor().getFieldValue("interfaceClassName");
if(className != null) {
String[] mba = (String[]) wls.invoke(mBeanTypeService
, "getSubtypes"
, new Object[] {"weblogic.management.security.authentication.UserEditorMBean"}
, new String[] {"java.lang.String"}
);
for(String mb : mba) {
if(className.equals(mb))
userEditor = providerName;
}
}
}
if(userEditor == null)
throw new RuntimeException("Could not retrieve user editor");
try {
wls.invoke(userEditor
, "createUser"
, new Object[] {"wls_user", "password123","User created programmatically."}
, new String[] {"java.lang.String", "java.lang.String","java.lang.String"}
);
}
catch(Exception e){
e.printStackTrace();
}
ctx.close();
}
}
catch(Exception ex) {
ex.printStackTrace();
}
}
Any ideas on what the context lookup I should be making? "java:comp" throws a javax.naming.NameNotFoundException; looks like I can use that only from w/in a container.

Got it to work.
private void createWeblogicUser(String username) {
try {
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.SECURITY_PRINCIPAL, "weblogic");
env.put(Context.SECURITY_CREDENTIALS, "weblogic");
String hostname = "myserver";
int port = 7001;
String protocol = "rmi";
String url= new String("/jndi/iiop://myserver:7001/weblogic.management.mbeanservers.domainruntime");
JMXServiceURL serviceURL = new JMXServiceURL(protocol, hostname, port, url);
JMXConnector connector = JMXConnectorFactory.connect(serviceURL, env);
MBeanServerConnection connection = connector.getMBeanServerConnection();
ObjectName userEditor = null;
ObjectName mBeanTypeService = new ObjectName( "com.bea:Name=MBeanTypeService,Type=weblogic.management.mbeanservers.MBeanTypeService");
ObjectName rs = new ObjectName("com.bea:Name=DomainRuntimeService,Type=weblogic.management.mbeanservers.domainruntime.DomainRuntimeServiceMBean");
ObjectName domainMBean = (ObjectName) connection.getAttribute(rs, "DomainConfiguration");
ObjectName securityConfig = (ObjectName) connection.getAttribute(domainMBean, "SecurityConfiguration");
ObjectName defaultRealm = (ObjectName) connection.getAttribute(securityConfig, "DefaultRealm");
ObjectName[] authProviders = (ObjectName[]) connection.getAttribute(defaultRealm, "AuthenticationProviders");
for(ObjectName providerName : authProviders) {
System.out.println("Auth provider is: " + providerName) ;
if(userEditor == null) {
ModelMBeanInfo info = (ModelMBeanInfo) connection.getMBeanInfo(providerName);
String className = (String) info.getMBeanDescriptor().getFieldValue("interfaceClassName");
System.out.println("className is: " + className) ;
if(className != null) {
String[] mba = (String[]) connection.invoke(mBeanTypeService
, "getSubtypes"
, new Object[] {"weblogic.management.security.authentication.UserEditorMBean"}
, new String[] {"java.lang.String"}
);
for(String mb : mba) {
System.out.println("Model Bean is: " + mb) ;
if(className.equals(mb)) {
System.out.println("Found a macth for the model bean and class name!") ;
userEditor = providerName;
}
}
}
}
}
if(userEditor == null)
throw new RuntimeException("Could not retrieve user editor");
try {
connection.invoke(userEditor
, "createUser"
, new Object[] {username, "password123","User created programmatically."}
, new String[] {"java.lang.String", "java.lang.String","java.lang.String"}
);
System.out.println("User created successfully") ;
}
catch(Exception e){
e.printStackTrace();
}
connector.close();
}
catch(Exception ex) {
ex.printStacktrace();
}
}
You need only weblogic.jar and wljmxclient.jar in classpath. I ran this against JDK 1.6.0_29. I have to add that I ran this on a machine on which WebLogic was installed as well. So the classpath entries were fully qualified path names to the jar files.
One "gotcha" I came across:
While providing the "com.bea:Name=XXXX,Type=XXXX", DONOT give a space between anything - not the colon; not the comma; nothing - I spent sometime debugging this, before it finally hit it.