Can WLST be used to set a security policy on the root of the JNDI tree?
Alternatively, can this be done during installation?
We are trying to remove the everyone policy currently on the root of the JNDI by default as it is a security requirement. We want to replace it with a role/group of our choosing. I have tried exporting the realm settings, which appear to include the setting of the jndi, but including this on the install seems to have no affect.
Pretty new to weblogic, so if any other info would help, please add a comment and i'll share what i can!!
Remove the existing policy that covers type=<jndi> then add a replacement
cd("/SecurityConfiguration/MyDomain/Realms/My-Realm/Authorizers/XACMLAuthorizer")
cmo.removePolicy("type=<jndi>")
cmo.createPolicy("type=<jndi>", "Rol(Admin)")
For reference, the below removes the default lookup action on the jms part of the tree, replacing it with the allow everyone option. Wasn't asked in the question, but might be useful for any else struggling with WLST and security policies!
cmo.removePolicy("type=<jndi>, application=, path={jms}, action=lookup")
cmo.createPolicy("type=<jndi>, application=, path={jms}, action=lookup", "?weblogic.entitlement.rules.UncheckedPolicy()")