This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes BEA/Weblogic and the fly likes UserID and security-role mapping in WLS Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » BEA/Weblogic
Bookmark "UserID and security-role mapping in WLS" Watch "UserID and security-role mapping in WLS" New topic
Author

UserID and security-role mapping in WLS

John King
Ranch Hand

Joined: Aug 27, 2002
Posts: 165
How does HTTP server of WLS6.1 and 7.0 map the userID to security-role? Using LDAP?
Dave Landers
Ranch Hand

Joined: Jul 24, 2002
Posts: 401
Role names are defined for the webapp in its web.xml. These role names are then mapped to principals in the webapp's weblogic.xml. A principal is either a user or a group.
The principals are defined by the server's security setup.
In WLS 6.x and before, you used a "Realm". The default Realm was the File Realm, and users, groups, passwords (hashed), and Access Control Lists (ACLs) were stored in a file named fileRealm.properties (in 5.1 and before, these were in weblogic.properties).
You could also plug in another Realm implementation - for example one backed by LDAP or a database. This CustomRealm would supply user and group definitions (and would be backed by a set of default users, groups and the ACLs in fileRealm).
And of course there was an API to interact with the Realm (for creating users, changing passwords, adding users to groups, etc).
WebLogic 7.0 has a new security implementation and supports new stuff like JAAS.
There is a compatibality/migratiom mode that will use your CustomRealm and/or FileRealm.
The default setup uses a WebLogic-internal store (happens to be LDAP) for users and groups (Authentication) and Role Mappings and Access Decisions (Authorization).
There is an API for all this and also an SPI (Service Provider Interface) that you can use to implement a custom Authentication Provider or Authorization Provider, if you really need to.
I think out of the box, there is an Authentication Provider to hook up to standard LDAP providers.
 
 
subject: UserID and security-role mapping in WLS
 
Similar Threads
Roles and Authentication
security-role-ref
Server (Tomcat) Managed Role-Based Authentication
Authentication, access control, and encryption in web tier
passed part II/III with 93