Wednesday, March 17, 2010

OPSS Scripts for Programmatic Policy Mgmt.

In the last post I gave example of WLST command necessary to grant code source permission to an application that will allow the application to use OPSS policy management API to modify the policy.

Here are more details.

I am using JDev build Build JDEVADF_11.1.1.2.0_GENERIC_091029.2229.5536.
The JDev is installed at the default location on my windows machine. Ran wlst command at C:\Oracle\Middleware\oracle_common\common\bin>wlst.cmd

In the WLST shell type
grantPermission(codeBaseURL="file:///C:/Documents and Settings/vishukla/Application Data/JDeveloper/system11.1.1.2.36.55.36/o.j2ee/drs/PolicySource/-", permClass="oracle.security.jps.service.policystore.PolicyStoreAccessPermission", permTarget="context=APPLICATION,name=PolicySource#V2.0", permActions="*")


1. The first bold entry is the exploded path where the application is during application development.
2. The second bold entry is the application stripe which by default is applicationame+"#"+"application version". By some quirk, each application version in JDev starts its counter at 2.
3. The third bold entry is the action, in this case I have a wild card to indicate all actions on the policy. However, in any non trivial environment you should use specific actions like "alterAppRole" as specified in the API javadoc.

Here are the command line output

wls:/DefaultDomain/serverConfig> grantPermission(codeBaseURL="file:///C:/Documen
ts and Settings/vishukla/Application Data/JDeveloper/system11.1.1.2.36.55.36/o.j
2ee/drs/PolicySource/-", permClass="oracle.security.jps.service.policystore.Poli
cyStoreAccessPermission", permTarget="context=APPLICATION,name=PolicySource#V2.0
", permActions="*")
{appStripe=null, permActions=*, principalName=null, permClass=oracle.security.jp
s.service.policystore.PolicyStoreAccessPermission, principalClass=null, permTarg
et=context=APPLICATION,name=PolicySource#V2.0, codeBaseURL=file:///C:/Documents
and Settings/vishukla/Application Data/JDeveloper/system11.1.1.2.36.55.36/o.j2ee
/drs/PolicySource/-}

No comments: