Migrating Application Role from DEV to Prod server
Migrating Policies with the Command
migrateSecurityStore
Application-specific policies or system policies can be migrated manually from a source repository to a target repository using the WLST command migrateSecurityStore.
Application-specific policies or system policies can be migrated manually from a source repository to a target repository using the WLST command migrateSecurityStore.
This command is offline, that is, it does not require a connection to a running server to operate; therefore, the configuration file passed to the argument configFile need not be an actual domain configuration file, but it can be assembled just to specify the source and destination repositories of the migration.
Note:
Since the command migrateSecurityStore
recreates GUIDs and takes a long time to migrate large volume of data, you may
want to consider migrating stores with an alternate procedure that uses Oracle
Internet Directory bulk operations.
To migrate all policies (system and
application-specific, for all applications) use the script (first) or
interactive (second) syntaxes (arguments are written in separate lines for
clarity):
migrateSecurityStore.py
-type policyStore
-configFile
jpsConfigFileLocation
-src srcJpsContext
-dst dstJpsContext
migrateSecurityStore(type="policyStore",
configFile="jpsConfigFileLocation", src="srcJpsContext",
dst="dstJpsContext")
The
meanings of the arguments (all required) are as follows:
- configFile specifies the
location of a configuration file jps-config.xml relative to the directory
where the command is run. Typically, this configuration file is created
just to be used with the command and serves no other purpose. This files
contains two jps-contexts that specify the source and destination stores.
In addition, if the migration involves one or two LDAP-based stores, then this file must contain a bootstrap jps-context that refers to the location of a cwallet.sso file where the credentials to access the LDAP based involved in the migration are kept. See second example below. - src specifies the name of a jps-context in the configuration file passed to the argument configFile.
- dst specifies the name of another jps-context in the configuration file passed to the argument configFile.
The contexts passed to src and dst
must be defined in the passed configuration file and must have distinct names.
From these two contexts, the command determines the locations of the source and
the target repositories involved in the migration.
To migrate just system policies, use the script (first) or interactive (second) syntaxes (arguments are written in separate lines for clarity):
migrateSecurityStore.py
-type globalPolicies
-configFile
jpsConfigFileLocation
-src srcJpsContext
-dst dstJpsContext
migrateSecurityStore(type="globalPolicies",
configFile="jpsConfigFileLocation", src="srcJpsContext",
dst="dstJpsContext")
The meanings of the arguments (all
required) are identical to the previous case.
To migrate just application-specific policies, for one application, use the script (first) or interactive (second) syntaxes (arguments are written in separate lines for clarity):
migrateSecurityStore.py
-type appPolicies
-configFile
jpsConfigFileLocation
-src srcJpsContext
-dst dstJpsContext
-srcApp srcAppName
[-dstApp dstAppName]
[-overWrite trueOrfalse]
[migrateIdStoreMapping
trueOrfalse]
[mode
laxOrstrict]
migrateSecurityStore(type="appPolicies",
configFile="jpsConfigFileLocation", src="srcJpsContext",
dst="dstJpsContext", srcApp="srcAppName",
[dstApp="dstAppName"], [overWrite="trueOrfalse"],
[migrateIdStoreMapping="trueOrfalse"], [mode="strict"])
The
meanings of the arguments configFile, src, and dst are identical to the
previous cases. The meaning of other five arguments is as follows:
- srcApp specifies the name of the source application, that is, the application whose policies are being migrated.
- dstApp specifies the name of the target application, that is, the application whose policies are being written. If unspecified, it defaults to the name of the source application.
- migrateIdStoreMapping specifies whether enterprise policies should be migrated. The default value is True. To filter out enterprise policies from the migration, that is, to migrate just application policies, set it to False.
- overWrite specifies whether a target policy matching a source policy should be overwritten by or merged with the source policy. Set to true to overwrite the target policy; set to false to merge matching policies. Optional. If unspecified, defaults to false.
- mode specifies whether the migration should stop and signal an error upon encountering a duplicate principal or a duplicate permission in an application policy. Either do not specify or set to lax to allow the migration to continue upon encountering duplicate items, to migrate just one of the duplicated items, and to log a warning to this effect.
If the input does not follow the
syntax requirements above, the command execution fails and returns an error. In
particular, the input must satisfy the following requisites: (a) the file jps-config.xml
is found in the passed location; (b) the file jps-config.xml includes the
passed jps-contexts; and (c) the source and the destination context names are
distinct.
Copy of https://docs.oracle.com/cd/E29542_01/core.1111/e10043/cfgauthr.htm#JISEC2929
ReplyDelete