Meaningless Drivel is fun!
The moose likes BEA/Weblogic and the fly likes UserID and security-role mapping in WLS Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » BEA/Weblogic
Bookmark "UserID and security-role mapping in WLS" Watch "UserID and security-role mapping in WLS" New topic

UserID and security-role mapping in WLS

John King
Ranch Hand

Joined: Aug 27, 2002
Posts: 165
How does HTTP server of WLS6.1 and 7.0 map the userID to security-role? Using LDAP?
Dave Landers
Ranch Hand

Joined: Jul 24, 2002
Posts: 401
Role names are defined for the webapp in its web.xml. These role names are then mapped to principals in the webapp's weblogic.xml. A principal is either a user or a group.
The principals are defined by the server's security setup.
In WLS 6.x and before, you used a "Realm". The default Realm was the File Realm, and users, groups, passwords (hashed), and Access Control Lists (ACLs) were stored in a file named (in 5.1 and before, these were in
You could also plug in another Realm implementation - for example one backed by LDAP or a database. This CustomRealm would supply user and group definitions (and would be backed by a set of default users, groups and the ACLs in fileRealm).
And of course there was an API to interact with the Realm (for creating users, changing passwords, adding users to groups, etc).
WebLogic 7.0 has a new security implementation and supports new stuff like JAAS.
There is a compatibality/migratiom mode that will use your CustomRealm and/or FileRealm.
The default setup uses a WebLogic-internal store (happens to be LDAP) for users and groups (Authentication) and Role Mappings and Access Decisions (Authorization).
There is an API for all this and also an SPI (Service Provider Interface) that you can use to implement a custom Authentication Provider or Authorization Provider, if you really need to.
I think out of the box, there is an Authentication Provider to hook up to standard LDAP providers.
I agree. Here's the link:
subject: UserID and security-role mapping in WLS
It's not a secret anymore!