Vinod,
There are a couple of different security-authentication mechanisms you can employ with WebLogic Server. The simplest thing to do would be to use the default fileRealm (ok for apps with less than 1000 users). Do the following:
1. Add some new users (and possibly groups) from within the Admin Console.
2. In the weblogic.xml file, set up a new role, and assign a group (or individual(s)) to that role, such as:
<security-role-assignment>
<role-name>administrator</role-name>
<principal-name>MyAdminGroup</principal-name>
</security-role-assignment>
The <role-name> can be anything you want, and the <principal-name> matches to a group or name that you defined in the Admin Console.
3. Lastly, restrict a resource to that security role. This is done in the web.xml file, such as:
<security-role>
<role-name>administrator</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>SecretAdminApp</web-resource-name>
<url-pattern>/secret.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>administrator</role-name>
</auth-constraint>
</security-constraint>
For enterprise, world-class apps however, you wouldn't want to keep all of your security information in the fileRealm.properties file. Instead you would probably want to go with
another mechanism.
--------------------
Joe McGuire
Sun Certified
Java™ 2 Programmer, BEA WLS Certified Developer