Win a copy of React Cookbook: Recipes for Mastering the React Framework this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Rob Spoor
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Junilu Lacar
  • Tim Cooke
Saloon Keepers:
  • Tim Holloway
  • Piet Souris
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
  • Frits Walraven
  • Himai Minh

Weblogic issue [security]

Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am very new to weblogic security (security in general). I have a question about how weblogic ties authentication/authorization. One thing weblogic lacks is that they do not provide a clear understanding of how thing tie into everything else. Let's say that I have a servlet that connects to a session bean and that session bean has some methods I want to block (some will have to be blocked programmatically). I know that I can specify this in the deployment descriptor and be fine with it. Now the question I could not get answered in the weblogic docs is when I try to connect and execute one of these methods from a java client how does weblogic know who I am and what role I have? I am assuming that I have to use JAAS; once I authenticate myself to a protected resource in weblogic server using JAAS does the server maintain my identity?
A flow that I want to follow is I want to prompt the user for username and password -> that goes to weblogic via JAAS and then the user get's authenticated in a RDBMS realm -> the user can do some stuff and can't other I will protect the ejb's methods (only have one ejb) in the deployment descriptor and some programmatically.
Also I want to create a new RDBMS realm that connects to oracle dBase; I have allready done so, but don't know what fields should I have in the table and what goes in the Schema properties of weblogic(what are they for and what do they do). I also don't understand that if I can specify what role is allowed to access the ejb method in the deployment descriptor, why must I have an ACL associated with it? I would really appreciate your help and if you can please provide me with some resorces that are clear in explanation I would appreciate that as well.
Thank you very much,
We don't have time to be charming! Quick, read this tiny ad:
Thread Boost feature
    Bookmark Topic Watch Topic
  • New Topic