Use WSLT to set OSB 11g security authorization policy rules

We want to set the proxy service security authorization policy rules using WSLT. This is a biggy. Since it is undocumented feature and not supported by Oracle. I relied on a single post here http://ohnoes-nz.blogspot.com/2012/03/oracle-service-bus-using-wlst-to-secure.html, and I had to do some reverse engineering of Java classes in the OSB jars to sort out the API.

As an occasional user of WLST, I banged my head for a couple of days to make it work with OSB 11.1.1.6. Below is the working version of the script. I left in the comment more calls that can query and set the rules at different levels, feel freel to experiment:

import wlstModule
from com.bea.wli.sb.management.configuration import SessionManagementMBean
from com.bea.wli.sb.management.configuration import ALSBConfigurationMBean
from com.bea.wli.sb.security.management.configuration import ServiceSecurityConfigurationMBean
from com.bea.wli.config import Ref
from com.bea.wli.sb.util import Refs
from java.lang.reflect import Proxy
try:
#############
# execute sentDomainEnv.cmd, then add sb-kernel-impl.jar;com.bea.alsb.security.api.jar to classpath
# to run the script: %wl_home%\common\bin\wlst.cmd (this script file).py
############

# by default, after connect, pwd() shows 'serverConfig:/'
connect("weblogic", "welcome1", "t3://localhost:7001")
########
### locate session bean, then create a new session
#########
domainRuntime() # land in 'domainRuntime:/'
# need domainRuntime(), obtain session management mbean to create a session.
sessionMBean = findService(SessionManagementMBean.NAME,   SessionManagementMBean.TYPE)
print "***SessionMBean is: ", sessionMBean
# create a session
sessionName = String("SecurePaymentService"+Long(System.currentTimeMillis()).toString())
sessionMBean.createSession(sessionName)
print "###session created: ", sessionMBean
########
### create proxy ref
#########
projectName = Refs.makeParentRef("OWSM Demo" + '/')
proxyRef = Refs.makeProxyRef(projectName, "helloBye")
print "***proxyRef: ", proxyRef
proxyReference = proxyRef
########
### find OSB security config bean
#########
serverConfig() # cd('serverConfig:/')
security_mbean_ih = MBeanServerInvocationHandler(mbs, ObjectName("com.bea:Name=%s.%s,Type=%s" % (ServiceSecurityConfigurationMBean.NAME,sessionName, ServiceSecurityConfigurationMBean.TYPE)))
serviceSecurityConfigurationMBean = Proxy.newProxyInstance(ServiceSecurityConfigurationMBean.getClassLoader(),jarray.array([ServiceSecurityConfigurationMBean],java.lang.Class),security_mbean_ih)
print "\r\n###serviceSecurityConfigurationMBean: ", serviceSecurityConfigurationMBean
########
### set up policy holder, and policy scope
#########
policyHolder = serviceSecurityConfigurationMBean.newAccessControlPolicyHolderInstance('XACMLAuthorizer')
print "\r\n=========policyHolder: ", policyHolder

policyStr="Rol(helloRole)"
operation="sayHello"
policyHolder.setPolicyExpression(policyStr)
print "\r\n###policyHolder: ", policyHolder

policyScope = serviceSecurityConfigurationMBean.newOperationMessagePolicyScope(proxyReference, operation)
#policyScope = serviceSecurityConfigurationMBean.newDefaultMessagePolicyScope(proxyReference)
#policyScope = serviceSecurityConfigurationMBean.newProxyPolicyScope(proxyReference)
print "\r\n************************policyScope: ", policyScope

########
### excute security config commands
#########
serviceSecurityConfigurationMBean.setAccessControlPolicy(policyScope, policyHolder)
#serviceSecurityConfigurationMBean.removeAccessControlPolicy(policyScope, policyHolder.getAuthorizationProviderID())

 #px = serviceSecurityConfigurationMBean.getAccessControlPolicy(policyScope, policyHolder.getAuthorizationProviderID())
 #print "###px: ", px
sessionMBean.activateSession(sessionName, "description for session activation")
print "script returns SUCCESS"
except:
    print "Unexpected error: ", sys.exc_info()[0]
    dumpStack()
    raise

The screen shot shows the result the of the execution: