WebLogic的OPSS安全運行時間憑證存儲框架(CSF)支持two kinds of credential:標準用戶名+密碼密碼類型,以及單個令牌或通用類型。如何通過WLST在WebLogic OPSS CSF中創建GenericCredential?
有幾個API可以讀取和寫入CSF映射 - Java POJO,並且有WLST access to createCred。然而,這將創建密碼風格的鍵/值,而不是通用的條目,如果需要的話。您可以通過企業管理器/em創建一個通用條目。
有沒有辦法通過WLST腳本創建通用樣式的憑據條目?
要做到這一點,您需要在WLST內使用比提供的createCred更低級別的API - 具體而言,您需要通過JMX MBean訪問配置,例如, JpsCredentialMXBean。
下面是一個示例WLST腳本包含在圖中的每個類型的一個憑證:
import os;
import sys;
import time;
admin_serverHostName = sys.argv[1]
admin_port = sys.argv[2]
admin_protocol = sys.argv[3]
connect(os.environ["WLS_USERNAME"], os.environ["WLS_PASSWORD"], admin_protocol+'://'+admin_serverHostName+':'+admin_port)
domainRuntime()
jpsCredentialStore = ObjectName("com.oracle.jps:type=JpsCredentialStore")
# create normal password credential
pc = createCredObj("username", "password", "description")
cd = pc.toCompositeData(None)
params = ["map.key", "key.name", cd]
sign = ["java.lang.String", "java.lang.String", "javax.management.openmbean.CompositeData"]
mbs.invoke(jpsCredentialStore, "setPortableCredential", params, sign)
# generic style single-token credential
params = ["map.key", "key.name", "token", "description"]
sign = ["java.lang.String", "java.lang.String", "java.io.Serializable", "java.lang.String"]
mbs.invoke(jpsCredentialStore, "reassignGenericCredential", params, sign)
disconnect()
def createCredObj(user, password, desc) :
from oracle.security.jps.mas.mgmt.jmx.credstore import PortablePasswordCredential
#Create Password Credential object
pc = PortablePasswordCredential(user, password, desc)
return pc