• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
  • Mikalai Zaikin

UserID and security-role mapping in WLS

Ranch Hand
Posts: 165
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
How does HTTP server of WLS6.1 and 7.0 map the userID to security-role? Using LDAP?
Ranch Hand
Posts: 401
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Role names are defined for the webapp in its web.xml. These role names are then mapped to principals in the webapp's weblogic.xml. A principal is either a user or a group.
The principals are defined by the server's security setup.
In WLS 6.x and before, you used a "Realm". The default Realm was the File Realm, and users, groups, passwords (hashed), and Access Control Lists (ACLs) were stored in a file named fileRealm.properties (in 5.1 and before, these were in weblogic.properties).
You could also plug in another Realm implementation - for example one backed by LDAP or a database. This CustomRealm would supply user and group definitions (and would be backed by a set of default users, groups and the ACLs in fileRealm).
And of course there was an API to interact with the Realm (for creating users, changing passwords, adding users to groups, etc).
WebLogic 7.0 has a new security implementation and supports new stuff like JAAS.
There is a compatibality/migratiom mode that will use your CustomRealm and/or FileRealm.
The default setup uses a WebLogic-internal store (happens to be LDAP) for users and groups (Authentication) and Role Mappings and Access Decisions (Authorization).
There is an API for all this and also an SPI (Service Provider Interface) that you can use to implement a custom Authentication Provider or Authorization Provider, if you really need to.
I think out of the box, there is an Authentication Provider to hook up to standard LDAP providers.
What's brown and sticky? ... a stick. Or a tiny ad.
a bit of art, as a gift, the permaculture playing cards
    Bookmark Topic Watch Topic
  • New Topic