Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Weblogic, j_security_check, external LDAP Roles Authentication  RSS feed

Shane Chambers
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

First off, anyone else find the whole group/role thing really obscure, backward and confusing?

Question: How do I need to configure LDAP/and Or Weblogic to associate users in the External LDAP tree with a particular role so that the j_security_check will not give me a 403 when trying to access a protected resource that is associated with a role.

For the most part, I have the j_security_check working but I had to do an ugly hack that I believe there should be a more elegant way to do this.

The Hack:

<principal-name>ContractorA</principal-name> <-- Hard Wiring : Associating Users with Roles, might be good if LDAP is DOWN for emergency access, but I don't want to hand type 1000 users in an XML file.

So I half-expected some sort of configuration in Weblogic when I configure my External LDAP to point to a roles DN or equivalent that would associate a collection of users with a role or group...something. Once j_security_check validated the login/password, it would retrieve this role/group and validate it against the protected resources role criteria and allow access.



<role-name>Admin</role-name> <-- This role needs to be associated with the logged in user in order to access this resource.


What's the best way to configure Weblogic j_security_check with an External LDAP server using some sort of roles based permissions system in the LDAP tree. Or should I just write my own login handler using the JNDI API or UnboundLDAP API to validate the user and grant access?

Any relevant input much appreciated!

Diwakar Shenoy
Posts: 4
Eclipse IDE Java Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Shane,

One option is to use and configure the weblogic LDAP authentication provider to read from an external LDAP

So, first you configure an external LDAP with the users and groups. You can define administator groups and access groups there. Once done, you can create an LDAP authentication provider in your webloic console and set the control flag as sufficient (Read more about LDAP authentication providers here: ). Once you login with this user the groups will be automatically pulled in. Finally, you could protect your application and make it accessible only to users that have a specific role. The mapping of role to groups ned to go in the web.xml. This forum post should give you more pointers

P.S: Make sure you backup your config.xml (<DOMAIN_HOME>/config folder in your weblogic) so you can revert your changes just in case

Hope this helps.

  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!