Thursday, December 23, 2010

Web Security (and Weblogic)

Web Security (and Weblogic)

When defining security roles for a web app.

1/ In your web.xml
Declare how and where the authentication should occur.

     <login-config>
           <auth-method>FORM</auth-method>
           <realm-name>myrealm</realm-name>
           <form-login-config>
                 <form-login-page>/action/auth/login</form-login-page>
                 <form-error-page>/jsp/security/login-error.jsp</form-error-page>
           </form-login-config>
     </login-config>

2/ In your web.xml
Declare your authorization roles

<security-role>
           <role-name>MessagePoster</role-name>
     </security-role>
     <security-role>
           <role-name>MessageViewer</role-name>
     </security-role>
     <security-role>
           <role-name>QueuePauser</role-name>
     </security-role>
     <security-role>
           <role-name>ServiceEnabler</role-name>
     </security-role>
     <security-role>
           <role-name>LogLevelManipulator</role-name>
     </security-role>
     <security-role>
           <role-name>Resequencer</role-name>
     </security-role>
     <security-role>
           <role-name>MessageRetrier</role-name>
     </security-role>
     <security-role>
           <role-name>ErrorReportCloser</role-name>
     </security-role>
     <security-role>
           <role-name>SystemSwitcher</role-name>
     </security-role>
     <security-role>
           <role-name>OptionsSetter</role-name>
     </security-role>


For Weblogic.
In the security realm different security models are possible. This is set from the
Security Model Default: setting
Options are `DD (Deployment Discriptor), Custom Roles, Custom Roles and Policies, Advanced..
When deploying you can set mode
Security
What security model do you want to use with this application?
DD Only: Use only roles and policies that are defined in the deployment descriptors. Custom Roles: Use roles that are defined in the Administration Console; use policies that are defined in the deployment descriptor. Custom Roles and Policies: Use only roles and policies that are defined in the Administration Console. Advanced: Use a custom model that you have configured on the realm's configuration page.

In your Weblogic.xml you can perform the role/ group/ user mappings
(one entry per role)

<wls:security-role-assignment>
     <wls:role-name>ErrorReportCloser</wls:role-name>
     <wls:principal-name>WATSupportGroup</wls:principal-name>
</wls:security-role-assignment>



Or you can delegate the mapping back to the Weblogic admin console (better).. See my earlier post on defining Weblogic Roles
(one entry per role)

<wls:security-role-assignment>
     <wls:role-name>MessageViewer</wls:role-name>
     <externally-defined/>
</wls:security-role-assignment>
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)