View All Access Rules
/paas/api/v1.1/instancemgmt/{identityDomainId}/services/jaas/instances/{serviceId}/accessrules
Returns information about all access rules defined for an Oracle Java Cloud Service instance.
The access rules that control external communication to the WebLogic Server Administration Console, Fusion Middleware Control, and Load Balancer Console are disabled by default if you did not set enableAdminConsole to true when you provisioned the service instance. To gain access to the administration consoles, you are required to explicitly enable the access rules for them. See Disable, Enable or Delete an Access Rule.
Note: On Oracle Cloud Infrastructure, all the required rules are preconfigured out-of-the-box upon service instance provisioning. To modify the rules using the REST API, use the security-related Core Services APIs in Oracle Cloud Infrastructure API Documentation. See also Security Lists in the Oracle Cloud Infrastructure documentation.
Request
-
identityDomainId: string
Identity domain ID for the Oracle Java Cloud Service account.
-
serviceId: string
Name of the Oracle Java Cloud Service instance.
-
Authorization: string
Base64 encoded user name and password separated by a colon or OAuth access token obtained from Oracle Identity Cloud Service. See Authenticate.
-
X-ID-TENANT-NAME: string
Identity domain ID for the Oracle Java Cloud Service account.
Response
- application/json
200 Response
object-
accessRules:
array accessRules
Groups details about access rules.
-
activities(optional):
array activities
Groups details about ongoing and failed activity messages, if available.
arrayobject-
description:
string
Description of the rule.
-
destination:
string
The service component to allow traffic to.
-
ports:
string
Ports for the rule. This can be a single port or a port range.
-
protocol:
string
Communication protocol. For example,
tcp. -
ruleName:
string
Name of the rule.
-
ruleType:
string
Type of rule. For example,
SYSTEM,DEFAULT, orUSER. -
source:
string
The hosts from which traffic is allowed. For example,
PUBLIC-INTERNETfor any host on the Internet, a single IP address or a comma-separated list of subnets (in CIDR format) or IPv4 addresses, or a service component name such asWLS_ADMINorWLS_ADMIN_SERVER. -
status:
string
Status of the rule. Valid value:
disabledorenabled.
object-
activity(optional):
array activity
Groups messages and errors for ongoing and failed activities.
arrayobject-
errors(optional):
string
Error encountered for an ongoing or failed activity.
-
message(optional):
string
Message of an ongoing or failed activity.
Examples
The following example shows how to view all access rules defined for an Oracle Java Cloud Service instance, by submitting a GET request on the REST resource using cURL.
Note: The command in this example uses the URL structure https://rest_server_url/resource-path, where rest_server_url is the REST server to contact for your identity domain (or Cloud Account). See Send Requests.
cURL Command
curl -i -X GET -u username:password -H "X-ID-TENANT-NAME:ExampleIdentityDomain" https://rest_server_url/paas/api/v1.1/instancemgmt/ExampleIdentityDomain/services/jaas/instances/ExampleInstance/accessrules
Example of Response Header
The following shows an example of the response header.
HTTP/1.1 200 OK
Date: Sat, 18 Jun 2016 02:23:06 GMT
Transfer-Encoding: chunked
Content-Type: application/jsonExample of Response Body
The following is an example of the response returned in JSON format. It shows the SYSTEM and DEFAULT rules that are created after a service instance is provisioned without enabling administration consoles ("enableAdminConsole" : false).
{
"accessRules":[
{
"ruleName":"ora_p2otd_ahttps",
"description":"Permit public to https to OTD admin server",
"status":"disabled",
"source":"PUBLIC-INTERNET",
"destination":"OTD",
"ports":"8989",
"protocol": "tcp",
"ruleType":"DEFAULT"
},
{
"ruleName":"ora_p2otd_chttps",
"description":"Permit public to https to OTD server",
"status":"enabled",
"source":"PUBLIC-INTERNET",
"destination":"OTD",
"ports":"443",
"protocol": "tcp",
"ruleType":"DEFAULT"
},
{
"ruleName":"ora_p2otd_ssh",
"description":"Permit public to ssh to OTD server",
"status":"enabled",
"source":"PUBLIC-INTERNET",
"destination":"OTD",
"ports":"22",
"protocol": "tcp",
"ruleType":"DEFAULT"
},
{
"ruleName":"ora_p2otd_chttp",
"description":"Permit public to http to OTD server",
"status":"enabled",
"source":"PUBLIC-INTERNET",
"destination":"OTD",
"ports":"80",
"protocol": "tcp",
"ruleType":"DEFAULT"
},
{
"ruleName":"sys_infra2otd_ssh",
"description":"DO NOT MODIFY: Permit PSM to ssh to OTD server",
"status":"enabled",
"source":"PAAS-INFRA",
"destination":"OTD",
"ports":"22",
"protocol":"tcp",
"ruleType":"SYSTEM"
},
{
"ruleName":"sys_otd2ms_chttp",
"description":"DO NOT MODIFY: Permit http connection to managed servers from OTD",
"status":"enabled",
"source":"OTD",
"destination":"WLS_MANAGED_SERVER",
"ports":"8001",
"protocol": "tcp",
"ruleType":"SYSTEM"
},
{
"ruleName":"sys_otd2ms_chttps",
"description":"DO NOT MODIFY: Permit https connection to managed servers from OTD",
"status":"enabled",
"source":"OTD",
"destination":"WLS_MANAGED_SERVER",
"ports":"8002",
"protocol": "tcp",
"ruleType":"SYSTEM"
},
{
"ruleName":"sys_admin2otd_ssh",
"description":"DO NOT MODIFY: Permit admin server to ssh to otd",
"status":"enabled",
"source":"WLS_ADMIN_SERVER",
"destination":"OTD","ports":"22",
"protocol": "tcp",
"ruleType":"SYSTEM"
},
{
"ruleName":"sys_ms2db_dblistener",
"description":"DO NOT MODIFY: Permit listener connection to database from managed servers",
"status":"enabled",
"source":"WLS_MANAGED_SERVER",
"destination":"DB",
"ports":"1521",
"protocol": "tcp",
"ruleType":"SYSTEM"
},
{
"ruleName":"sys_ms2db_ssh",
"description":"DO NOT MODIFY: Permit managed servers to ssh to db",
"status":"enabled",
"source":"WLS_MANAGED_SERVER",
"destination":"DB",
"ports":"22",
"protocol": "tcp",
"ruleType":"SYSTEM"
},
{
"ruleName":"ora_p2admin_ssh",
"description":"Permit public to ssh to admin server",
"status":"enabled",
"source":"PUBLIC-INTERNET",
"destination":"WLS_ADMIN_SERVER",
"ports":"22",
"protocol": "tcp",
"ruleType":"DEFAULT"
},
{
"ruleName":"ora_p2admin_ahttps",
"description":"Permit public to https to admin server",
"status":"disabled",
"source":"PUBLIC-INTERNET",
"destination":"WLS_ADMIN_SERVER",
"ports":"7002",
"protocol": "tcp",
"ruleType":"DEFAULT"
},
{
"ruleName":"sys_infra2admin_ssh",
"description":"DO NOT MODIFY: Permit PSM to ssh to admin server",
"status":"enabled",
"source":"PAAS-INFRA",
"destination":"WLS_ADMIN_SERVER",
"ports":"22",
"protocol":"tcp",
"ruleType":"SYSTEM"
}],
"activities":[]
}The following example shows a USER rule that is not enabled.
{
"accessRules":[
{
"ruleName": "my_corp_vnc",
"description": "corporate to VNC to Admin Server",
"status": "disabled",
"source": "192.123.45.6/32",
"destination": "WLS_ADMIN_SERVER",
"ports": "5900",
"protocol": "tcp",
"ruleType":"USER"
},
...
],
"activities":[]
}
The following example shows the access rules created when a service instance is provisioned using an IP network.
{
"accessRules":[
{
"ruleName":"sys_ms2db_dblistener",
"status":"enabled",
"source":"WLS_MANAGED_SERVER",
"destination":"DBaaS:DBServicename:DB",
"ports":"1521",
"protocol":"tcp",
"ruleType":"SYSTEM"
},
{
"ruleName":"sys_ms2db_ssh",
"status":"enabled",
"source":"WLS_MANAGED_SERVER",
"destination":"DBaaS:DBServicename:DB",
"ports":"22",
"protocol":"tcp",
"ruleType":"SYSTEM"
},
{
"ruleName":"ora_p2admin_ssh",
"status":"enabled",
"source":"PUBLIC-INTERNET",
"destination":"WLS_ADMIN_SERVER",
"ports":"22",
"protocol":"tcp",
"ruleType":"DEFAULT"
},
{
"ruleName":"ora_p2admin_ahttps",
"status":"disabled",
"source":"PUBLIC-INTERNET",
"destination":"WLS_ADMIN_SERVER",
"ports":"7002",
"protocol":"tcp",
"ruleType":"DEFAULT"
},
{
"ruleName":"sys_infra2admin_ssh",
"status":"enabled",
"source":"PAAS-INFRA",
"destination":"WLS_ADMIN_SERVER",
"ports":"22",
"protocol":"tcp",
"ruleType":"SYSTEM"
},
{
"ruleName":"ora_p2ms_chttp",
"status":"enabled",
"source":"PUBLIC-INTERNET",
"destination":"WLS_MANAGED_SERVER",
"ports":"80",
"protocol":"tcp",
"ruleType":"DEFAULT"
},
{
"ruleName":"ora_p2ms_chttps",
"status":"enabled",
"source":"PUBLIC-INTERNET",
"destination":"WLS_MANAGED_SERVER",
"ports":"443",
"protocol":"tcp",
"ruleType":"DEFAULT"
}],
"activities":[]
}