LDAP groups and WebLogic Roles - Urgent ( weblogic 6.1 sp1, iPLanet 5.1)
I have 2 questions and these are very urgent :-
1. Where the mapping can be defined between LDAP groups and WebLogic Roles. I have
2 groups in iPLanet :- Contarctors and employees and I have 2 security roles in weblogic:-
contractactors and employess. How do I map LDAP group contractors to weblogic security
Role contractors? Similarly for employees ?
2. I have not defined contarctors and employeees under People container in IPlanet.
e.g. The RDN for contractor is
uid=1234,ou=dir,dc=orams,dc=com
Can I still use the defualt security realm of weblogic (the WebLogic Security Realm
under People ) OR I have to write my own custom code ?
3. I am planning to use Roles insetad of groups to manage the logical grouping in
iPLant. Can I still use the groups in WebLogic security realm ( in the configuratin
parameters ?)
This is very urgent ....so if any of you can throw any hints that will be greatly
appreciated.
--Sunita
Hi Ariel,
The driver is bundled with the product in WLS 6.1sp1. you don't have to
download any additional driver. Use it as you normally would only thing to
remember is if you are trying to write standalone java code then you have to
have weblogic.jar in your classpath. For the rest of the info follow the wls
docs for 6.1
HTH
sree
"Ariel" <[email protected]> wrote in message
news:3bb4a643$[email protected]..
We want to connect our Weblogic 6.1 sp1 server to a SQLServer 2000 db. We
downloaded the JDriver from bea.com, but all the istructions that camewith
it are for WLserver 5.1.
What has to be done to do this with 6.1 sp1?
Thanks,
Ariel
Similar Messages
-
Mapping LDAP Groups to SAP Roles
Hi there,
i am trying to build up a synchron usermanagement with a LDAP-Server between EP, Web AS Java and Web AS ABAP.
My thought is to administrate the users in the LDAP-Directory. The users will be assigned to groups.
In EP and Web AS Java its no problem to assign these groups to roles and then just change the Users in the LDAP-Group and reach a synchron usermanagement.
In Web AS ABAP it seems impossible to assign roles to groups.
<b>The question is, is it possible to map ldap groups with the ldap connector of the web AS ABAP to Roles in an ABAP System?</b>
Or is there another way to administrate users in different systems?
Thanks alot for your answers,
stefanHi
in this case u have to use the concept of central user administration. use the following links
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/events/asug-biti-03/cua with sap webas, ldap and third party software
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/events/sap-teched-04/user management and authorizations overview.pdf
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/nw/dotnet/integration of sap central user administration into microsoft active directory.pdf
hope this helps u to get fair bit of idea
don,t forget to give points
With regards
subrato kundu -
Managing LDAP groups and roles through SUN IDM
Hi Guys,
We have a requirement to build the following functionality in our Sun IDM tool.
1. Ability to create/manage Static LDAP group.
2. Ability to create/manage filtered LDAP group.
3. Ability to create/manage Static LDAP roles.
4. Ability to create/manage filtered LDAP roles.
Can anyone let us know any pointers as to how to accomplish this or any ideas for the path to follow for this.
Any reply will be appreciated.http://myidm.blogspot.com/2009/06/how-to-create-groups-in-ldap-or-active.html
-
I am planning LDAP authentication for a portal and am looking at assign LDAP groups to portal roles to ease user administration because there will be a signifigant amount of users.
I've done this before with smaller amounts of users, but have heard concerns that with a large amount of user accounts, that authentication would take too long and would pose a problem. I don't know for sure if this is true and will be trying to test this out.
Would appreciate advice / experience / references if available.
Regards,
TomHi Thomas,
I don't think this is a problem if directories are properly tuned.
Infact we connect to AD having 80k users and it works perfectly fine. But remember that your LDAP should be tuned properly and may be you can have indexes too.
Regards,
Piyush
PS: please mark useful answers. -
Select list populated with ldap group membership attributes
Is it possible to query an LDAP group and retrieve all the members of the group?
For example, if I have an LDAP group with members' login name, I want to retrieve all login names and populate a select list so the end-user can choose a login name from the group.
Thanks, alan.The problem is the second query. I would guess that the TO_CHAR(co) is not unique for each account, but is the same for the accounts. And as the second item in the select-list is the listitems values, all your listitem-entries have the same value. therefore, of you select any entry, the list will always go the the first entry again.
Adjust your query. -
LDAP Groups - Can you find membership date
Hi all,
This might sound silly, but...
I have some large ldap groups, and i want to know the date the user was added to a group.
Is this possible?
Thanks!So given that no one has replied I can assume there is no way to find out when a user was added to a group. Hmmm that sux!
-
Dynamic Role -- Group Mapping not working in WebLogic 10
I have an installation I am migrating from 9.2 to 10. It uses Dynamic Role Mapping:
From my Weblogic.xml within the deployment:
<security-role-assignment>
<role-name>EELSSystemAdministrator</role-name>
<externally-defined/>
</security-role-assignment>I am using SPNEGO SSO, and it is working fine, it retrieves the principles from LDAP and adds them to the subject, so everything is fine there. I have defined the deployment constraint "EELSSystemAdministrator" as a Global Role, and then Added a condition "group" and set it to the LDAP Group (SMS EELSSystemAdministrator) which is one of the three principles being returned from LDAP.
When the Role mapper runs, it returns the following in the logs:
<SecurityRoleMap> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users, SMS EELSSystemAdministrator,SMS EELSReportAnalyst]>
<SecurityRoleMap> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(SMS EELSSystemAdministrator ,[everyone,users,SMS EELSSystemAdministrator,SMS EELSReportAnalyst]) -> false>
<SecurityRoleMap> <primary-rule evaluates to NotApplicable because of Condition>
<SecurityRoleMap> <urn:bea:xacml:2.0:entitlement:role:EELSSystemAdministrator:top, 1.0 evaluates to Deny>
<SecurityRoleMap> <XACML RoleMapper: accessing role EELSSystemAdministrator: DENIEDIn my 9.2 Installation that is working I get the following in the logs:
<SecurityRoleMap> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users,SMS EELSSystemAdministrator,SMS EELSReportAnalyst]>
<SecurityRoleMap> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(SMS EELSSystemAdministrator,[everyone,users,SMS EELSSystemAdministrator,SMS EELSReportAnalyst]) -> true>
<SecurityRoleMap> <Evaluate urn:oasis:names:tc:xacml:1.0:function:or(true) -> true>
<SecurityRoleMap> <primary-rule evaluates to Permit>
<SecurityRoleMap> <urn:bea:xacml:2.0:entitlement:role:EELSSystemAdministrator:type@E@Furl@G@M@Oapplication@EEELSWeb@[email protected]@O$@S@VDSTAMP@S@W@M@OcontextPath@E@UEELS@M@Ouri@E@U, 1.0 evaluates to Permit>
<SecurityRoleMap> <XACML RoleMapper: accessing role EELSSystemAdministrator: GRANTED> I am not sure why my 9.2 deployment lists the role type as a "url" (which points to the right deployment, and 10 lists it as the word "top". Either way, it is not authenticating to my global role based on the Group returned from LDAP.
I'm pretty much out of troubleshooting idea's, having compared every config file/log file etc to find descrepancies in my setup. Anyone have any suggestions, perhaps something that has to be setup differently in 10 then in 9.2?
Thanks in Advance,
JohnUpdate:
I checked a bunch of settings, and it seems to be working now, very odd. -
Creating Groups/Roles in Weblogic 7.0
I've noticed something odd when dealing with Roles, but not sure if it's just me,
or a known issue.
I finally got Weblogic to authenticate users through Active Directory (woo hoo!).
I have a set of roles defined, but that's where the problem comes in.
I can't seem to add a group name to a role unless that group is defined in Weblogic.
Not only that, but if that group does not have a user assigned to it, I can't
add the group to the role.
I'd like to be able to create roles that are assigned groups from AD, not ones
defined in Weblogic. Is there a way to do this? I'd hate to have to create bogus
users and groups just to allow proper authentication and role assignment to occur.
If anyone has experienced this, or might know what I am doing wrong, I'd appreciate
the help.
Thanks!hi,
Pl chk the link
http://help.sap.com/saphelp_nw04s/helpdata/en/25/87273c3f2b3c7ce10000000a11402f/frameset.htm
Ramesh -
How to create users and groups using WLST Offline with Weblogic 8.1.4
How to create users and groups using WLST Offline with Weblogic 8.1.4?
Any ideas?Hi this is how i created a user using WLST Offline?
cd('/Security/' + domainName)
# Delete the default user name weblogic
# incase you want to remove the defualt user weblogic
delete('weblogic','User')
# Creating a new user defined
create(userName, 'User')
# Setting the password of the user you created.
cd ('/Security/' + domainName + '/User/' + userName)
cmo.setPassword(password)
Regards
Makenzo -
Using LDAP as Naming and Directory Services of Weblogic
Hi All,
I wan to use LDAP(using Netscape Directory Server 4.2 as LDAP server) with weblogic5.1. I want that beans should be bound this LDAP server when they are deployed. For this what I have to change in configuration?
Anyother suggestions related to using LDAP with weblogic are welcome. In this regard, I want to ask whether weblogic application server has LDAP server built into it or not.
Thanks and Regards,
sudarsonAs I understand from your reply, you are suggesting me to bind the beans to LDAP server within the bean class's setentitycontext ? Is it so ? Can we not configure even this feature in weblogic6.0 also ? One thing more, if do this kind of thing then jndiname will be hardcoded into the bean class and can't be changed by simply editing the deployment descriptor. Pls suggest.
Regards,
sudarson
"Michael Girdley" <----> wrote:
>
>
This is not possible through configuration at the current time. One thing
you could do is have your EJBs make a connection to your LDAP server and
register themselves when they are deployed.
Michael Girdley
BEA Systems
Learning WebLogic? http://learnweblogic.com
"sudarson" <[email protected]> wrote in message
news:3a755fd5$[email protected]..
Hi All,
I wan to use LDAP(using Netscape Directory Server 4.2 as LDAP server)with weblogic5.1. I want that beans should be bound this LDAP server when
they are deployed. For this what I have to change in configuration?
Anyother suggestions related to using LDAP with weblogic are welcome. Inthis regard, I want to ask whether weblogic application server has LDAP
server built into it or not.
Thanks and Regards,
sudarson -
Hi,
<p>
I have configured an LDAP Authenticator for an external LDAP directory in the security realm of the samples portal. User Management is working, but when I try to access the Group Management for the LDAP Authenticator I get the following error:
</p>
<i>com.bea.p13n.usermgmt.hierarchy.TreeNotBuiltException: State: UNINITIALIZED. Tree is uninitialized. Add provider GAAD to list of providers to build. Tree is uninitialized. Add provider GAAD to list of providers to build.
</i>
<p>
It seems that this needs to be setup. How do I do this?
</p>
<p>
Some general notes on LDAP:
</p><p>
I think that in a production environment it is of great value to manage users and groups in a LDAP directory. For instance we have a company directory which contains all users. It seems that users from LDAP can not been added to groups which are in the DB. LDAP also has the advantage of supporting dynamic groups.
As in previous weblogic releases the LDAP authenticator is read only. It would be great if the write functionality could be added as well. Actually managing LDAP users and groups in one place would be a tremendous improvement for us.
</p><p>
Another thing on my wishlist are examples for delegated administration and visitor entitlements. For the sample portal these are empty. But I think it would be nice to have some out of the box examples that show what is possible and help developers and business analysts to understand the concepts and create their own roles.
</p><p>
It would be interesting to read what Bea and other developer think about this.
</p><p>
Kind regards,
<p>
Kai
</p>Marcus,
Yes, I am using 9.2 TP.
We are already using LDAP for user management with 8.1.
Now, I try to configure 9.2 as well. I am running 9.2 installations on different machines. When I click on Service Administration in the Admin Portal, I get the following error message for each installation:
java.lang.NullPointerException at com.bea.jsptools.serviceadmin.ads.ToolAdServiceBean.cloneFromAdServiceBean(ToolAdServiceBean.java:190) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdContentProviderNodes(ServiceAdminTreeBuilder.java:769) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdServiceBranch(ServiceAdminTreeBuilder.java:746) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.createTreeElement(ServiceAdminTreeBuilder.java:184) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:234) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:235) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildTree(TreeService.java:122) at util.tree.TreeController.constructTree(TreeController.java:142) at util.tree.TreeController.buildTree(TreeController.java:422) at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source) at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source) at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:852) at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:782) at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:456) at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:285) at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336) at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:48) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:1984) at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:90) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2055) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:535) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:821) at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:625) at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:156) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414) at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1178)
java.lang.NullPointerException
java.lang.NullPointerException
at com.bea.jsptools.serviceadmin.ads.ToolAdServiceBean.cloneFromAdServiceBean(ToolAdServiceBean.java:190)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdContentProviderNodes(ServiceAdminTreeBuilder.java:769)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdServiceBranch(ServiceAdminTreeBuilder.java:746)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.createTreeElement(ServiceAdminTreeBuilder.java:184)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:234)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:235)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildTree(TreeService.java:122)
at util.tree.TreeController.constructTree(TreeController.java:142)
at util.tree.TreeController.buildTree(TreeController.java:422)
at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source)
at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:852)
at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:782)
at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:456)
at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:285)
at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336)
at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:48)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:1984)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:90)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2055)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:535)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:821)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:625)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:156)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1178) -
Issue on LDAP as a user-store for WebLogic Administrators
Hi All,
I have configured a Novell LDAP into WEblogic 10.3.2 successfully. I am able to view all of LDAP users and groups on Weblogic Admin Console, which includes my own account in LDAP.
Now I am trying to configure my account as a Weblogic administrator so that I can log in the Weblogic Admin Console as my own account in LDAP. I don't want to set up an Administrators group in LDAP. I want to add the user to the Admin global role. As my understanding, all I need to do is
1. Go to "myrealm"
2. Click the tab "Roles and Policies"
3. Click the tab "Realm Roles"
4. Expand the link "Global Roles"
5. Click the link "View Role Conditions" coressponding to the name "Admin". Enter the panel "Edit Global Role"
6. Click the button "Add Conditions"
7. Select "Predicate List" as "user"
8. Click the button "Next"
9. Enter my username (jwang) in LDAP to the field "User Argument Name:"
10. Click the button "Add"
11. Click the button "Finish"
12. Back to the page "Edit Global Role"
13. Here I can see
User : jwang
Or
Group : Administrators
14. Click the button "Save"
15. Restart the server
16. Log in with the new user jwang. It got denied.
Can someone help me on this and why I can not log in?
Thanks a lot.
JohnHi Faisal,
Thank you very much for your prompt reply. With your suggestion, I do figure out where my problem is. I did set the control flag in my ldapAuthenticator "OPTIONAL". However, it appears that the DefaultAuthenticator is given as "REQUIRED" by default.
Once I changed it to be "OPTIONAL", it works.
Thanks again.
John -
LDAP user and group configuration in ADF application
Hi All,
I have to use LDAP user and groups in my ADF application. I have configured the LDAP on WLS server successfully and can see all users/groups under tab "User and Groups". I have added the Enterprise Role in jazn-data.xml matching the name of groups. Created Application role in jazn-data.xml and assigned a role of Enterprise Role.
However not added any user in jazn-data.xml. Which i guess not required because it will picked from LDAP.
Now how to configure the JDeveloper to use those users ? What changes need to make in jazn-data.xml ? or in jps-config.xml / web.xml/ weblogic-application.xml
Am i missing nay configuration step. i have referred ADF Security set up - step by step tutorial - quick question but not found useful
I am using JDeveloper 11.1.1.5.
Thanking you all in advance.
Mukesh.I have below changes in files
1] In jps-config.xml
-- Added identity store and selected it from drop down in Security Context tab.
2] In weblogic-application.xml
In Security tab --> Role assignment mapped valid-users to principle name.
<security>
<realm-name>myrealm</realm-name>
<security-role-assignment>
<role-name>valid-users</role-name>
<principal-name>DERDev</principal-name>
</security-role-assignment>
</security>
3] Same thing done in weblogic.xml . I do not know the difference between weblogic-application.xml and weblogic.xml configuartion and which will work.
4] Added security role "DERDev" along with the default/automatically added role "valid users"
<security-role>
<role-name>DERDev</role-name>
</security-role>
Still no luck ...... i am missing again ? I referred many links but found not a single document mentioning all steps
Mukesh -
Hi,
I have created a Novell LDAP Group. In my realm I have now two authentication
providers: default and novell, both optional. If I authenticate my user which
is stored in the novell ldap the user is correctly authenticated (request.getRemoteUser()
!= null), although the log says user denied (no matter if the user is in the embedded
ldap or the novell, but maybe the other one always complains). (novell user gets
rejected if password is wrong)
For a novell group i create a role with the condition: caller is a member of the
group"novell group" this seems not to work. with request.isUserInRole("novell
group") i get "false" !!
any ideas??
regards
tobiasfound my mistake. i created a role in the weblogic console which i also have defined
in the web.xml. then i also need to assign this role to the principal (my group)
in the weblogic.xml.
if i have a role not defined in the web.xml the request.isUserInRole(<RoleName>)
works fine, but not in the above described case without assignment in the weblogic.xml.
"Tobias Voigt" <[email protected]> wrote:
>
Actually groups are also configured correctly as it seems for me. On
the group
page, the ldap group is also listed (in the provider column it says NovellAuthenticator).
Also if i look at the output of weblogic.security.Security.getCurrentSubject()
the LDAP group is also listed as a Principal.
weblogic.security.SubjectUtils.isUserInGroup(<Subject>,<LDAPGroup>) says
true.
but request.isUserInRole(<Role for Members in LDAPGroup>) says false.
(Btw: Weblogic 8.1 sp1)
"tm" <no-reply> wrote:
Hi Tobias,
It sounds like you can successfully use users
in your Novell LDAP server but you cannot
successfully use groups from the LDAP server.
(ie. when you login, it's finding the user, but it
isn't finding the user's groups thus the role isn't working).
I'm assuming that you have configured a NovellAuthenticator.
You must configure the NovellAuthenticator to tell
how groups are stored in your Novell LDAP server
(ie. tell it about the group schema). If this is not
correctly configured, then groups won't work.
See http://e-docs.bea.com/wls/docs81/secmanage/providers.html#1172008
for more information on configuring group schemas for LDAP authentication
providers.
-tm
"Tobias Voigt" <[email protected]> wrote in message
news:[email protected]...
Hi,
I have created a Novell LDAP Group. In my realm I have now twoauthentication
providers: default and novell, both optional. If I authenticate myuser
which
is stored in the novell ldap the user is correctly authenticated(request.getRemoteUser()
!= null), although the log says user denied (no matter if the useris in
the embedded
ldap or the novell, but maybe the other one always complains). (novelluser gets
rejected if password is wrong)
For a novell group i create a role with the condition: caller is amember
of the
group"novell group" this seems not to work. withrequest.isUserInRole("novell
group") i get "false" !!
any ideas??
regards
tobias -
How to use security roles in Weblogic server?
Hello Gurus,
I am new to Weblogic server and I am trying to investigate how to make
use of security roles in weblogic server (5.1.0). Can anyone point me
to some documentation. Specifically, I am looking for instance level,
and method level security and how to use it.
Thanks for taking your time to read this e-mail.
Thank You all in advance,
Hari.You should read the security information in the Servlet 2.2 specification
that WL 5.1 implements:
http://java.sun.com/products/servlet/download.html
Chapter 11 deals with declarative and programmatic security, and includes a
section on roles:
11.4 Roles
A role is an abstract logical grouping of users that is defined by the
Application Developer or
Assembler. When the application is deployed, these roles are mapped by a
Deployer to security
identities, such as principals or groups, in the runtime environment.
A servlet container enforces declarative or programmatic security for the
principal associated with
an incoming request based on the security attributes of that calling
principal. For example,
1. When a deployer has mapped a security role to a user group in the
operational environment. The
user group to which the calling principal belongs is retrieved from its
security attributes. If the
principal's user group matches the user group in the operational environment
that the security
role has been mapped to, the principal is in the security role.
2. When a deployer has mapped a security role to a principal name in a
security policy domain, the
principal name of the calling principal is retrieved from its security
attributes. If the principal is
the same as the principal to which the security role was mapped, the calling
principal is in the
security role.
Cameron Purdy
http://www.tangosol.com
"Hari" <[email protected]> wrote in message
news:[email protected]..
Hello Gurus,
I am new to Weblogic server and I am trying to investigate how to make
use of security roles in weblogic server (5.1.0). Can anyone point me
to some documentation. Specifically, I am looking for instance level,
and method level security and how to use it.
Thanks for taking your time to read this e-mail.
Thank You all in advance,
Hari.
Maybe you are looking for
-
How to set the table I_ORG in 'BBP_EXTREQ_INBOUND'?
dear all, Now I am using BAPI 'BBP_EXTREQ_INBOUND' to create a shopping card and have successed. but in the table I_ORG, whatever I set the value of organization ID and group ID, it will not be changed in the SRM. how can I set them? t han
-
How to automate digital signing PDF Files in batch
I am trying to find a way to automate as much as possible the placing of a digital signature on a set of PDF documents. We have Adobe Acrobat Pro 8.1 and the machine has MS Office 2003 with Vista Business. Here's a scenario: A set of documents exi
-
90W Ultraslim AC/DC Adapter
Has anyone used this adapter with their W530? http://shop.lenovo.com/SEUILibrary/controller/e/web/LenovoPortal/en_US/catalog.workflow:item.detail?... I'm looking to get a second adapter that I can leave in my bag for travel puproses and thought somet
-
Airplay screen mirroring on 4:3 projector, resolution problems.
Hi! I have an iPad 3, an ATV3 and a NEC NP400 projector which I'm trying to get to work together. I'm not sure about the projectors resolution, but i know it has a 4:3 aspect ratio. I've tried to use screen mirroring with both the ATV 3 and a VGA ada
-
Facing problem while updating IInfotype 0009-bank details through workflow
Dear SAP Gurus, I am facing a problem while updating Infotype 0009 through workflow which is integrdated with portal. Scenario: Employee logins to portal and changes his/her bank details like payee name, bank key, account number, postal code and city