End of last year I wrote how to create a demo community of users in your Weblogic using wlst. Using these scripts I wanted to do the same at my current customer: creating test users in the DefaultAuthenticator. However, I faced that the minimum password length was 8, while one of the user failed creation, because the password was the same as the user, and only 5 characters long. |
So I need to change the password validator. And preferably using WLST (of course). Now, the password validator of de authenticator can also be found through the console. However, the Weblogic realm also has a system password validator. Both have a default length of 8.
Let me show you some snippets (that you can add to the create users script, or your own purpose), on how to change the minimum password length.
First a method to get the default realm:
# # def getRealm(name=None): cd("/") if name == None: realm = cmo.getSecurityConfiguration().getDefaultRealm() else: realm = cmo.getSecurityConfiguration().lookupRealm(name) return realm
With that you can get the authenticator:
# # def getAuthenticator(realm, name=None): if name == None: authenticator = realm.lookupAuthenticationProvider("DefaultAuthenticator") else: authenticator = realm.lookupAuthenticationProvider(name) return authenticator
With a realm an an authenticator, we can change the password length:
# # def setMinPasswordLengthOnDftAuth(minPasswordLength): try: edit() startEdit() # Get Realm and Authenticator realm = getRealm() authenticator = getAuthenticator(realm) authenticator.setMinimumPasswordLength(int(minPasswordLength)) passwordValidator=realm.lookupPasswordValidator('SystemPasswordValidator') passwordValidator.setMinPasswordLength(int(minPasswordLength)) save() activate(block='true') print('Succesfully set minimum password length to '+minPasswordLength+ ' on '+authenticator.getRealm().getName()+'.') print('For '+ authenticator.getName() +': '+str(authenticator.getMinimumPasswordLength())) print('For SystemPasswordValidator of '+getRealm().getName()+': '+ str(passwordValidator.getMinPasswordLength())) except WLSTException: stopEdit('y') message="Failed to update minimum password length!" print (message) raise Exception(message)
The minimum password length from the authenticator can be set directly. From the realm this function looks up the SystemPasswordValidator. And on that it set the minimum password length.
This function goes to edit mode, saves and activates the changes. But if you want to add users, you need to get wlst into domainConfig() mode.
Other password validator property setters are:
- setMinPasswordLength()
- setMaxPasswordLength()
- setMaxConsecutiveCharacters()
- setMaxInstancesOfAnyCharacter()
- setMinAlphabeticCharacters()
- setMinNumericCharacters()
- setMinLowercaseCharacters()
- setMinUppercaseCharacters()
- setMinNonAlphanumericCharacters()
- setMinNumericOrSpecialCharacters()
- setRejectEqualOrContainUsername(true)
- setRejectEqualOrContainReverseUsername(true)
No comments:
Post a Comment