Thursday, January 24, 2013

WebLogic secured Web Application

web.xml:

here I define a role "webuser" to protect my resources: 


<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
 xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
 id="WebApp_ID" version="2.5">
 <display-name>PVWebApp</display-name>

 <welcome-file-list>
  <welcome-file>index.html</welcome-file>
  <welcome-file>index.htm</welcome-file>
  <welcome-file>index.jsp</welcome-file>
  <welcome-file>default.html</welcome-file>
  <welcome-file>default.htm</welcome-file>
  <welcome-file>default.jsp</welcome-file>
 </welcome-file-list>

 <security-constraint>
  <web-resource-collection>
   <web-resource-name>Success</web-resource-name>
   <url-pattern>/index.jsp</url-pattern>
   <http-method>GET</http-method>
   <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
   <role-name>webuser</role-name>
  </auth-constraint>
 </security-constraint>


 <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>default</realm-name>
  <form-login-config>
   <form-login-page>/login.jsp</form-login-page>
   <form-error-page>/error.jsp</form-error-page>
  </form-login-config>
 </login-config>

 <security-role>
  <role-name>webuser</role-name>
 </security-role>

</web-app>


weblogic.xml:

here associate the role "webuser" to a principal myGroup 


<!DOCTYPE weblogic-web-app PUBLIC "-//BEA Systems, Inc.//DTD Web Application 8.1//EN" "http://www.bea.com/servers/wls810/dtd/weblogic 810-web-jar.dtd">

<weblogic-web-app>

  <security-role-assignment>
   <role-name>webuser</role-name>
   <principal-name>myGroup</principal-name>
  </security-role-assignment>

</weblogic-web-app>


I have tried to record the creation of the myGroup and myUser in WebLogic, but I got a message "A security change to a role, policy, user, group or credential mapping was made, but this change was not recorded"

Manually, just click on Security Realms, myrealm, Users and Groups, groups, new, create myGroup, then Users, create myUser and assing it the group "myGroup".

With WLST:
connect('Pierluigi', 'weblogic1', 't3://myhost.com:7001')
atnr=cmo.getSecurityConfiguration().getDefaultRealm().lookupAuthenticationProvider('DefaultAuthenticator')


group = 'proton_group'
atnr.createGroup(group,group)

user = 'proton_user'
password= 'proton_password'
atnr.createUser(user,password,user)
atnr.addMemberToGroup(group,user)


Posted by vernetto at 10:28 AM
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)