• Post Reply Bookmark Topic Watch Topic
  • New Topic

Question on ACL  RSS feed

 
krithika desai
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I created 2 users named "admin", "mdoadmin".
a group --> PPO_USERS
attached admin to group PPO_USERS
Then i gave jndi look up permission only to user "admin".
Now if i login as "mdoadmin" programatically and do a look up on say the datasource, am able to do a lookup.
Am even able to do a "rebind" , unbind etc!.
This is how my fileRealm.properties looks like.
group.PPO_USERS=admin
acl.lookup.weblogic.jndi.path=admin
user.mdoadmin=0xe4f81d278faffc5c9130fd3b4c920a69ef2aa9b5
user.admin=0x2062f71509915d790817e6417b6b27a49d54fa3f
Any reasons as to why weblogic is allowing me to do that?
thanks!
krithika.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!