User Lockout & WLST
- by Bala Kothandaraman
WebLogic server provides an option to lockout users to protect accounts password guessing attack. It is implemented with a realm-wide Lockout Manager. This feature can be used with custom authentication provider also. But if you implement your own authentication provider and wish to implement your own lockout manager that is possible too.
If your domain is configured to use the user lockout manager the following WLST script will help you to:
- check whether a user is locked using a WLST script
- find out the number of locked users in the realm
#Define constants
url='t3://localhost:7001'
username='weblogic'
password='weblogic'
checkuser='test-deployer'
#Connect
connect(username,password,url)
#Get Lockout Manager Runtime
serverRuntime()
dr = cmo.getServerSecurityRuntime().getDefaultRealmRuntime()
ulmr = dr.getUserLockoutManagerRuntime()
print '-------------------------------------------'
#Check whether a user is locked
if (ulmr.isLockedOut(checkuser) == 0):
islocked = 'NOT locked'
else:
islocked = 'locked'
print 'User ' + checkuser + ' is ' + islocked
#Print number of locked users
print 'No. of locked user - ', Integer(ulmr.getUserLockoutTotalCount())
print '-------------------------------------------'
print ''
#Disconnect & Exit
disconnect()
exit()