LDAP Security Realm
Using Weblogic 7.0 I have an LDAP security realm setup with the LDAP URL admins
user name and password. I want to be able to interface this connection to access
the LDAP and make changes to user information within in the ldap. Right now in
my code I make a connection to the LDAP and supply the same user name and password
set up in the LDAP security realm. I want to be able to rather then re-supply
the URL and user name and password in my code I want to be able to just get that
(or create a connection simil;ar to a jdbc connection pool) connection to the
LDAP that configured in the Security Realm. Is this possible? And how would I
go about it if so?
Thanks
Sjb
the LDAPConnection pool which is used WLS Realm is not accessible to public
for programming.
thanks
kiran
"Sjb" <[email protected]> wrote in message
news:3f5744c1$[email protected]..
>
Using Weblogic 7.0 I have an LDAP security realm setup with the LDAP URLadmins
user name and password. I want to be able to interface this connection toaccess
the LDAP and make changes to user information within in the ldap. Rightnow in
my code I make a connection to the LDAP and supply the same user name andpassword
set up in the LDAP security realm. I want to be able to rather thenre-supply
the URL and user name and password in my code I want to be able to justget that
(or create a connection simil;ar to a jdbc connection pool) connection tothe
LDAP that configured in the Security Realm. Is this possible? And howwould I
go about it if so?
Thanks
Sjb
Similar Messages
-
Weblogic ldap security realm source code..
Hi,
The LDAPv2 security realm that is provided with weblogic 6.1 is great but I
need to make several extensions to allow for the way our ldap tree is
structured. Is there any chance that I can get the source code from weblogic
so that I can extend it ?
thx,
BWhat's the use of following if BEA start sending the code to the end users
* @author Copyright (c) 1998 by WebLogic, Inc. All Rights Reserved.
* @author Copyright (c) 1998-2001 by BEA Systems, Inc. All Rights Reserved.
-utpal
"Bidisha Das" <[email protected]> wrote in message
news:[email protected]..
Hi,
The LDAPv2 security realm that is provided with weblogic 6.1 is great butI
need to make several extensions to allow for the way our ldap tree is
structured. Is there any chance that I can get the source code fromweblogic
so that I can extend it ?
thx,
B -
Hi,
Our goal is to use LDAP(Iplanet Directory Server 5.0) as a security Realm
for Weblogic Personalization and Commerce 3.5.
Using the WLCS console, I've modified the config.xml file and following
elements are added:
<LDAPRealm AuthProtocol='simple' Credential='admin'
GroupDN='ou=groups,dc=netnumina,dc=com' GroupIsContext='false'
GroupUsernameAttribute='uniquemember'
LDAPURL='ldap://sanand.netnumina.com:389' Name='wlcsLDAPRealm'
Principal='uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot'
UserAuthentication='local' UserDN='ou=people,dc=netnumina,dc=com'
UserNameAttribute='uid'/>
<CachingRealm BasicRealm='wlcsLDAPRealm' CacheCaseSensitive='true'
Name='wlcsCachingRealm'/>
But when we try to restart the WLCS, it throws java exceptions that context
is not initialized and I get the following error
<Jun 15, 2001 3:41:28 PM EDT> <Emergency> <Server> <Unable to initialize the
ser
ver: 'Fatal initialization exception
Throwable: weblogic.security.ldaprealm.LDAPException: could not get
context - wi
th nested exception:
[java.lang.reflect.InvocationTargetException - with target exception:
[javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credential
s]]]
weblogic.security.ldaprealm.LDAPException: could not get context - with
nested e
xception:
I tried using Windows NT as a security realm but that gave me errors too.
Does anyone has any experience using anything other than the default Realm?
Any help would be appreciated. Thanks!
Asim Raja
[email protected]I'm not sure, but I suspect you can't
since this would create a circular dependency -
your realm would rely on the upper level security
checking calls but those calls would rely on your
realm.
My suggestion is to give it a try and see what
happens.
-Tom
Ozcan ADIYAMAN <[email protected]> wrote:
Hi ,
I am implementing a simple custom security realm using LDAP as the
security store and I can see the users, groups and acls from the admin
console.
My question is (a custom realm newbie question) ;
Is it possible to use weblogic.security.acl.Security with my custom
realm to check permissions, get the current user,etc.,
OR
is this class ONLY used with default realms (when ACL is stored in a
file) ?
Thanks
Ozcan -
Security realms - provider - LDAP (OID) - error: autentication denied
I follow the link http://www.oracle.com/technology/products/jdev/tips/fnimphius/oidconfig/index.html to configure OID authentication in weblogic server. I am able to see all the OID user in the security realms (users and groups page). I change the control flag to SUFFICIENT. however, I still could not login as orcladmin. I got "The username and password has been refused by WebLogic Server". Could someone assist further on troubleshooting this issue?
I had a cheat sheet that got me through this topic which seems to have disappeared since Oracle has taken over BEA... maybe someone can help us find it again (or a similar reference) but this was the old link:
Link: [https://support.bea.com/application_content/product_portlets/support_patterns/wls/UnderstandingLDAPGroupMembershipSearchPattern.html]
In short, there are three patterns for authentication that are recognized as the defacto standards for implementation and your directory structure must conform to one of these three patterns into order for the authentication schemes to work. You have not provided enough information in your post for me to say whether or not you have met the criteria. If you can find these three patterns, you can determine if you meet them. If you fail, you will need to write a custom security authenticatio module (documented in the Weblogic documentation somewhere) to enable WL use your setup.
Hope it gets you in the right direction at least....
Keith -
LDAP security provider and web service authentication
Background: we are currently developing web services to our existing weblogic application. Our users can configure user/password authentication in one of three ways: database, LDAP, or SSO. Setting SSO aside, we need to implement the same authentication for database and LDAP that we use in our existing logon servlet in our web services. In our servlet we detect which they are configured for and, if database, authenticate the encrypted password to a database table we have for user id/password. If LDAP we use weblogic.servlet.security.ServletAuthentication and the weak() method to authenticate.
We've to use SOAP headers to communicate username/password from the client to the web service. We want to code a SOAP message handler to grab the username/password and do the authentication there. We've successfully put something together that handles the database authentication no problem and are now struggling with how to handle the LDAP authentication. We distribute a LDAP security provider we've coded for LDAP authentication. I guess what I am looking for is an equivalent functionality provided with weblogic.servlet.security.ServletAuthentication. Note that I realize the weblogic.servlet.security package has been deprecated starting with Weblogic 9.0 but cannot find what functionality replaces it. Any help there would be appreciated as well.
Note that I am fairly new to web service development (about 10 months now) and definitely new to web service security and Weblogic security. I tried digging into the volumes of documentation out there regarding these two topics but am simply having a difficult time sorting it all out and figuring out how to do what I want to do.
Thanks in advance!
JuliaHi,
Add Provider (LDAP Credentials) in Admin console Security Realm --> defaultrealm -->Providers. Configuring Ldap in Admin Console will enable Admin Server to connect to LDAP. All the LDAP preconfigured Users/Groups will be available in Users and Groups Tab of Security Realms >defaultrealm >Users and Groups. Add Roles using Security Realms >defaultrealm > Roles and Policies > Global Roles > Roles. Add Role Conditions to the role by specifying users/groups configured in LDAP. If your webservice runs with SSL Anotate the Webservice file something like this below.
@RolesAllowed({
@SecurityRole(role="test")
@Policy(
uri="policy:Wssp1.2-2007-Https-UsernameToken-Plain.xml",
attachToWsdl=true)
Here the role is Preconfigired role in AdminConsole. Add the following tag in the soapenv:header.
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>test</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header> -
Unable to use a custom security realm with Netscape Directory Server in WebLogic 7
I have all users and groups stored in a Netscape LDAP server (version 4.1.6 on
Solaris 8), so I want to create a custom security realm in WebLogic 7 (also run
on Solaris 8) which uses my LDAP server as the Authenticator. I tried this by
using the Admin Console and followed exactly the steps in Chapter 3 of the "Managing
WebLogic Security" doc. However, when I rebooted WebLogic and logged into the
Admin Console again and clicked the Users node under my custom realm, I saw this
message in the right-hand pane: "There are no Authentication providers available
that support the creation of Users". Also, I don't see my custom realm in the
dropdown list under mydomain -> Security tab -> General tab -> Default Realm.
What did I do wrong? Also, where does WebLogic store the custom security realm
info? It is definitely not in config.xml.
Thanks,
Eric MaThanks for the info.
I wonder when they will fix it.
Jakub
U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
news:[email protected]..
>
According to BEA Tech Support, a known bug prevents the WLS 7 AdminConsole from
displying users and groups defined in Netscape Directory Server.
Eric Ma
"Jakub Wroniszewski" <[email protected]> wrote:
I have the same problem.
Any new ideas?
Rgds,
Jakub
U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
news:[email protected]..
Now I doubt my custom security realm is actually using the NetscapeDirectory Server
as the authenticator. Unlike in WebLogic 6.1 Admin Console, whereclicking on
the Users node displays all users in the LDAP server, in WebLogic 7I keep
getting
the message "There are no Authentication providers available that
support
the
creation of Users." Any suggestions?
"Eric Ma" <[email protected]> wrote:
Never mind. I tried again by following the steps outlined at
http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.deve
l
oper.interest.security&item=8463&utag=
and it seemed to have worked for me.
"Eric Ma" <[email protected]> wrote:
I have all users and groups stored in a Netscape LDAP server (version
4.1.6 on
Solaris 8), so I want to create a custom security realm in WebLogic7
(also run
on Solaris 8) which uses my LDAP server as the Authenticator. I
tried
this by
using the Admin Console and followed exactly the steps in Chapter3
of
the "Managing
WebLogic Security" doc. However, when I rebooted WebLogic and logged
into the
Admin Console again and clicked the Users node under my custom realm,
I saw this
message in the right-hand pane: "There are no Authentication
providers
available
that support the creation of Users". Also, I don't see my customrealm
in the
dropdown list under mydomain -> Security tab -> General tab ->
Default
Realm.
What did I do wrong? Also, where does WebLogic store the customsecurity
realm
info? It is definitely not in config.xml.
Thanks,
Eric Ma -
How to configure security realm for Active Directory ?
Hi,
Can any body suggest how to configure security realm in weblogic 8.1
I have simple login page where in user can enter his credentials, and i have MS-Active Directory where we maintain all users.
users who loged into web application has to be authenticated from Active Directory.
please suggest what are the steps that we need to follow
thanks in advanceHi Sankar,
You can login to the weblogic server admin console and create a new realm.
Once you have created the realm you can add the authentication provider.You add the Active Authentication Provider.But you must have the the configuration inforamation of MS AD.You can read my blog http://dev2dev.bea.com/blog/bishnu_kumar/
where the integration is with iPlanet LDAP.Steps will be similar.
You must have a login portlet in your portal application and that should have been in accordance with j2ee security standards.For example you may use basic authentication or userlogin control or p13n API
Regards
Bishnu -
Hi,
then i try start the server with the debug mode i get the following
exception:
Starting WebLogic Server ....
<Tue Oct 24 17:45:33 GMT+02:00 2000> <Info> <Management> <Loading
configuration file .\config\virtHoDomain\config.xml...>
Unable to dump log: Fatal initialization exception
Throwable: java.lang.StackOverflowError
java.lang.StackOverflowError
at java.util.Collections$SynchronizedMap.get(Collections.java:1433)
at
weblogic.kernel.ResettableThreadLocal.currentStorage(ResettableThreadLocal.j
ava:100)
at
weblogic.kernel.ResettableThreadLocal.get(ResettableThreadLocal.java:35)
at
weblogic.transaction.internal.TransactionManagerImpl.getOrCreateThreadProp(T
ransactionManagerImpl.java:844)
at
weblogic.transaction.internal.TransactionManagerImpl.getTransaction(Transact
ionManagerImpl.java:359)
at weblogic.transaction.TxHelper.getTransaction(TxHelper.java:34)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:156)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:145)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:138)
at weblogic.logging.LogManager.log(LogManager.java:93)
at weblogic.logging.LogOutputStream.debug(LogOutputStream.java:80)
at weblogic.security.acl.CachingRealm.getUser(CachingRealm.java:775)
at weblogic.security.acl.Security.getCurrentUser(Security.java:238)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:161)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:145)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:138)
at weblogic.logging.LogManager.log(LogManager.java:93)
at weblogic.logging.LogOutputStream.debug(LogOutputStream.java:80)
at weblogic.security.acl.CachingRealm.getUser(CachingRealm.java:775)
at weblogic.security.acl.Security.getCurrentUser(Security.java:238)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:161)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:145)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:138)
at weblogic.logging.LogManager.log(LogManager.java:93)
I even get that exeception if try to initialize the
weblogic.logging.LogManager in a commun class.
I think this is a bug.Hi Lars Klippert
Sorry for the late reply. First of all, thank you for uncovering an untested part of ServerDebug MBean. The Debug Mode for Security Realms currently works for fileRealm but doesnot work for alternate realms(e.g., LDAP realm). We're in the process of fixing this in the future releases(may not be Beta Refresh but will definitely be fixed in GA). I'm attaching a working config.xml(with fileRealm) and the only change you've to make to your config.xml is
<Server
<ServerDebug
DebugSecurityRealm="true"
Name="myserver"
/>
</Server>
If you're debugging a fileRealm then I belive, this serves your purpose. But if you're debugging a Security Realm other than fileRealm and this is blocking you, plz let us know so that this will be fixed with a higer priority. Thanks again for uncovering this. We will let you know as soon as this is fixed.
regards
"Lars Klippert" <[email protected]> wrote:
Hi,
Part from config.xml:
<Server ...>
<ServerDebug Name="virtHoServer" DebugSecurityRealm="false"/>
</Server>
Part from my start-script:
%JAVA_HOME%\bin\java.exe -ms16m -mx64m -classpath
%CLASSPATH% -Dweblogic.Domain=virtHoDomain -Dweblogic.Name=virtHoServer -Dja
va.security.policy==.\lib\weblogic.policy weblogic.Server
As you can see i enable the debug-mode in the config.xml.
I also get the exception then i disable the debug-modus and
initialize the weblogic.logging.LogOutputStream by hand.
For our EntityBeans we have developed a custom error logger
that uses the weblogic.logging.LogOutputStream and it works
fine. Maybe the error only acccours if two or more
weblogic.logging.LogOutputStreams are active...
With the 5.1.0 version of the server everything works fine.
Thanks
"Paul Ferwerda" <[email protected]> schrieb im Newsbeitrag
news:[email protected]...
How exactly are you starting "the server with debug mode"?
Thanks,
Paul
Lars Klippert wrote:
Hi,
then i try start the server with the debug mode i get the following
exception:
Starting WebLogic Server ....
<Tue Oct 24 17:45:33 GMT+02:00 2000> <Info> <Management> <Loading
configuration file .\config\virtHoDomain\config.xml...>
Unable to dump log: Fatal initialization exception
Throwable: java.lang.StackOverflowError
java.lang.StackOverflowError
at
java.util.Collections$SynchronizedMap.get(Collections.java:1433)
at
weblogic.kernel.ResettableThreadLocal.currentStorage(ResettableThreadLocal.j
ava:100)
at
weblogic.kernel.ResettableThreadLocal.get(ResettableThreadLocal.java:35)
at
weblogic.transaction.internal.TransactionManagerImpl.getOrCreateThreadProp(T
ransactionManagerImpl.java:844)
at
weblogic.transaction.internal.TransactionManagerImpl.getTransaction(Transact
ionManagerImpl.java:359)
atweblogic.transaction.TxHelper.getTransaction(TxHelper.java:34)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:156)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:145)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:138)
at weblogic.logging.LogManager.log(LogManager.java:93)
atweblogic.logging.LogOutputStream.debug(LogOutputStream.java:80)
atweblogic.security.acl.CachingRealm.getUser(CachingRealm.java:775)
atweblogic.security.acl.Security.getCurrentUser(Security.java:238)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:161)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:145)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:138)
at weblogic.logging.LogManager.log(LogManager.java:93)
atweblogic.logging.LogOutputStream.debug(LogOutputStream.java:80)
atweblogic.security.acl.CachingRealm.getUser(CachingRealm.java:775)
atweblogic.security.acl.Security.getCurrentUser(Security.java:238)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:161)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:145)
at
weblogic.management.logging.LogBroadcaster.log(LogBroadcaster.java:138)
at weblogic.logging.LogManager.log(LogManager.java:93)
I even get that exeception if try to initialize the
weblogic.logging.LogManager in a commun class.
I think this is a bug. -
Using an alternate security realm
Hi,
I'm trying to configure the Weblogic Personalization & Personalization
Server v3.5 to use NT or LDAP as a security realm.
With LDAP, the server reboots properly but when I try to goto
http://localhost:7501/tools, it prompts me for password/userid and none of
the user accounts(including for weblogic and those in the LDAP) work.
When I try to configure for NT security realm and then I try to reboot the
server, I get the error message below.
Any help would be greatly appreciate. Thanks!
Asim
[email protected]
NT error message:
U n a b l e t o a d j u s t t o k e n p r i v i l e g e s
U n a b l e t o a d j u s t t o k e n p r i v i l e
g e
s
java.lang.SecurityException: Unable to assert all required
priviledges
at weblogic.security.ntrealm.NTDelegate.initFields(Native Method)
at weblogic.security.ntrealm.NTDelegate.loadlib(NTDelegate.java:218)
at weblogic.security.ntrealm.NTDelegate.<init>(NTDelegate.java:84)
at weblogic.security.ntrealm.NTRealm.<init>(NTRealm.java:42)
at java.lang.Class.newInstance0(Native Method)
at java.lang.Class.newInstance(Class.java:237)
at weblogic.security.acl.Realm.getRealm(Realm.java:84)
at weblogic.security.acl.Realm.getRealm(Realm.java:62)
at
weblogic.security.SecurityService.initializeRealm(SecurityService.jav
a:265)
at
weblogic.security.SecurityService.initialize(SecurityService.java:123
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:343)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Jun 19, 2001 1:58:10 PM EDT> <Emergency> <Server> <Unable to initialize the
ser
ver: 'Fatal initialization exception
Throwable: java.lang.IllegalAccessError: java.lang.SecurityException: Unable
to
assert all required priviledges -- bad domain name
java.lang.IllegalAccessError: java.lang.SecurityException: Unable to assert
all
required priviledges -- bad domain nameHi,
I'm trying to configure the Weblogic Personalization & Personalization
Server v3.5 to use NT or LDAP as a security realm.
With LDAP, the server reboots properly but when I try to goto
http://localhost:7501/tools, it prompts me for password/userid and none of
the user accounts(including for weblogic and those in the LDAP) work.
When I try to configure for NT security realm and then I try to reboot the
server, I get the error message below.
Any help would be greatly appreciate. Thanks!
Asim
[email protected]
NT error message:
U n a b l e t o a d j u s t t o k e n p r i v i l e g e s
U n a b l e t o a d j u s t t o k e n p r i v i l e
g e
s
java.lang.SecurityException: Unable to assert all required
priviledges
at weblogic.security.ntrealm.NTDelegate.initFields(Native Method)
at weblogic.security.ntrealm.NTDelegate.loadlib(NTDelegate.java:218)
at weblogic.security.ntrealm.NTDelegate.<init>(NTDelegate.java:84)
at weblogic.security.ntrealm.NTRealm.<init>(NTRealm.java:42)
at java.lang.Class.newInstance0(Native Method)
at java.lang.Class.newInstance(Class.java:237)
at weblogic.security.acl.Realm.getRealm(Realm.java:84)
at weblogic.security.acl.Realm.getRealm(Realm.java:62)
at
weblogic.security.SecurityService.initializeRealm(SecurityService.jav
a:265)
at
weblogic.security.SecurityService.initialize(SecurityService.java:123
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:343)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Jun 19, 2001 1:58:10 PM EDT> <Emergency> <Server> <Unable to initialize the
ser
ver: 'Fatal initialization exception
Throwable: java.lang.IllegalAccessError: java.lang.SecurityException: Unable
to
assert all required priviledges -- bad domain name
java.lang.IllegalAccessError: java.lang.SecurityException: Unable to assert
all
required priviledges -- bad domain name -
Proper security realm for ecommerce user
I would like to use j2ee security on our ecommerce site (isUserInRole, getUserPrincipal,
web.xml declarative functionality to protect resources), but my problem is not
knowing what security realm to I use to manage the user. The site has thousands
of users and they need the ability to create an account which will determine their
"role" based on what membership fee they paid. After they have an account they
can login an have access to sections of the site that are permitted to them based
on role. All the examples I've seen about weblogic security is using LDAPs or
their internal RDMS. How can I have weblogic use our own database or is there
a best practice to accomplish the task I need? Any information would be helpful!!It sounds like you have many users in your database, but not that many roles
& policies.
Probably you can use the DefaultRoleMapper and DefaultAuthorizer for your
roles & policies.
You need a database based authentication provider. Check out the sample
dbms authentication provider on the dev2dev center:
http://dev2dev.bea.com/codelibrary/code/sec_rdbms.jsp
-tm
"fed " <[email protected]> wrote in message
news:4010111d$[email protected]..
>
I would like to use j2ee security on our ecommerce site (isUserInRole,getUserPrincipal,
web.xml declarative functionality to protect resources), but my problem isnot
knowing what security realm to I use to manage the user. The site hasthousands
of users and they need the ability to create an account which willdetermine their
"role" based on what membership fee they paid. After they have an accountthey
can login an have access to sections of the site that are permitted tothem based
on role. All the examples I've seen about weblogic security is usingLDAPs or
their internal RDMS. How can I have weblogic use our own database or isthere
a best practice to accomplish the task I need? Any information would behelpful!! -
How to implement a tree like security realm?
hi all:
i am working on a project . it's a very complex one and most importantly there's
so many
functions( 1000 or more) and every fuction should be protected resources. so i have
to define many roles and map the roles to the many functions. it's a very tiring
job and
i am not sure the role to function mapping is stable one. because the mapping is
saved in
a xml file and this file is depolyed with the application, so if there s any changes
we have to redeploy all the application and restart the server.
there s still another problem. we want security realm to be a tree instead of
a flat one( weblogic's group is a flat one ) . if we assign a node to a role all
its children
belong to the same role.
so is there way to do this. any solution?
regards
daniel wangmaybe you could exploit the way ACLs have dotted names to reflect your tree
structure, so the acl root applies to all functions, root.branch1 only
applies to functions on branch branch1, and root.branch1.branch2 applies to
functions on branch2 of branch1. there´s an api that gets the most specific
acl given a path to a node.
i'm not it´s acls that you want to correspond to nodes, but maybe you can
work out some kind of scheme that gives you what you want.
andrew
"daniel" <[email protected]> escribió en el mensaje
news:3d16efc7$[email protected]..
>
hi all:
i am working on a project . it's a very complex one and mostimportantly there's
so many
functions( 1000 or more) and every fuction should be protected resources.so i have
to define many roles and map the roles to the many functions. it's a verytiring
job and
i am not sure the role to function mapping is stable one. because themapping is
saved in
a xml file and this file is depolyed with the application, so if there sany changes
we have to redeploy all the application and restart the server.
there s still another problem. we want security realm to be a treeinstead of
a flat one( weblogic's group is a flat one ) . if we assign a node to arole all
its children
belong to the same role.
so is there way to do this. any solution?
regards
daniel wang -
How to retrieve Global Roles in a the current security realm?
Is there a WLS API available that obtains a list of mapped global roles (defined in a security realm) from an application?
I want to be able to do a getRoles call against an authenticated user. So far, I'm only able to use isUserInRole. What I need is a list of all global roles mapped to a user's group.
Thanks all...
Message was edited by:
raymondngYou can refer to the api
http://e-docs.bea.com/wls/docs81/javadocs/weblogic/management/security/authorization/RoleReaderMBean.html#getRoleExpression
-Ramkumar -
Adding a user to the File Security Realm
Hello,
When I attempt to add a new user to the file realm with Application Server->Security-Realms->file-> Manage Users, I get the error:
A "com.sun.enterprise.tools.guiframework.exception.FrameworkError" was caught. The message from the exception: "Unable to get View for ViewDescriptor 'fileUsers'"
The root cause is "java.lang.ArrayIndexOutOfBoundsException: 0"
See the HTML source for more detailed (stack trace) information.
When I look at the file C:\Sun\AppServer\domains\samples/config/keyfile I see the new user added, but the Admin Console is not happy...
Please advise.
-- POCThere are some issues in admin gui for managing security service in beta.
I have verified that this has been fixed in FCS branch.
Since the user and password has been written to keyfile in your scenario, it may be OK.
You can try to use the user. If this is not working, then restarting the server should work.
Another way is to create user by using asadmin command. This is working fine in beta. -
Errors encountered while using a Custom Security Realm on a Platform Domain
Hi,
We have created a WebLogic Platform Domain. A WebLogic Portal application(Portal
7.0) and some Web Service apps are running on this domain.
We have created a Custom Security Realm b'cos of our application requirements
and now when I startup the Platform Domain, I see lot of errors.
Some of the errors typically are
"<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user: wlisystem,
for the servlet: ApplicationView for the webapp: /WLI_AI_Workshop_Control_Web,
could not be resolved to a valid user in the system. Please check if the user
exists.
javax.security.auth.login.LoginException: Authentication Failed: User wlisystem
denied in Realm Adapter realm weblogic"
or
Unable to deploy EJB: wlai-eventprocessor-ejb.jar from wlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
weblogic.ejb20.interfaces.PrincipalNotFoundException: Authentication Failed: User
wlisystem denied in Realm Adapter realm weblogic
Do we have to create any predefined user accounts in the Security Store to get
rid of these errors. I would appreciate if anyone can suggest some tips or workarounds
for configuring or creating a Custom Security Realm for Web Logic Platform Domain.
Thanks
VikramHello Vikram,
Are you using the new WLS 7.0 security framework? It is not supported for
Portal 7.0. For Portal 7.0 apps you have to use compatibility mode (6.x
style) security.
Ture Hoefner
BEA Systems, Inc.
www.bea.com
"Vikram Datla" <[email protected]> wrote in message
news:3e273015$[email protected]..
>
Hi,
We have created a WebLogic Platform Domain. A WebLogic Portalapplication(Portal
7.0) and some Web Service apps are running on this domain.
We have created a Custom Security Realm b'cos of our applicationrequirements
and now when I startup the Platform Domain, I see lot of errors.
Some of the errors typically are
"<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user:wlisystem,
for the servlet: ApplicationView for the webapp:/WLI_AI_Workshop_Control_Web,
could not be resolved to a valid user in the system. Please check if theuser
exists.
javax.security.auth.login.LoginException: Authentication Failed: Userwlisystem
denied in Realm Adapter realm weblogic"
or
Unable to deploy EJB: wlai-eventprocessor-ejb.jar fromwlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
weblogic.ejb20.interfaces.PrincipalNotFoundException: AuthenticationFailed: User
wlisystem denied in Realm Adapter realm weblogic
Do we have to create any predefined user accounts in the Security Store toget
rid of these errors. I would appreciate if anyone can suggest some tips orworkarounds
for configuring or creating a Custom Security Realm for Web Logic PlatformDomain.
>
Thanks
Vikram -
What is the best way to deploy/update custom security realm classes to WLS 6.0?
From the WLS 6.0 console, I see that I can specify the Java class that
implements my custom security realm but I am wondering what is the best way
to deploy/update this code. I don't see a way to do this from the console.
Does this mean that I have to manually copy the class files over that
implement my custom security realm?Thanks Danut,
A jar file seems to be a good way to package it up but it sounds like it
still needs to be manually copied to each Weblogic server install directory
post-installation and whenever it is updated. I thought it would be nice to
be able to deploy/update the custom security realm by uploading it through
the Console just as you can with web applications and EJBs.
Brian
"Danut Prisacaru" <[email protected]> wrote in message
news:3aba2db0$[email protected]..
You have to have your Custom Realm class in the class path. I usually havea
jar file with all the Custom Realm classes and that jar I copy it in thelib
folder. Then I modify "startWebLogic.cmd" and I add to the classpath
".\lib\CustomRealm.jar"
set
CLASSPATH=.;.\lib\weblogic_sp.jar;.\lib\weblogic.jar;.\lib\CustomRealm.jar;
>
Be aware that in order to have you custom realm besides creating thecustom
realm using the console you also have to create a custom caching andchoose
that one as your default caching realm.
Here is how the security settings are looking in my "config.xml"
<CustomRealm Name="CustomRealm"
RealmClassName="Custom.appserver.weblogic.security.CustomRealm"/>
<CachingRealm BasicRealm="CustomRealm" CacheCaseSensitive="true"
Name="CustomCachingRealm"/>
<Realm CachingRealm="CustomCachingRealm" FileRealm="wl_default_file_realm"
Name="wl_default_realm"/>
<FileRealm Name="wl_default_file_realm"/>
<Security GuestDisabled="false"
Name="mydomain" PasswordPolicy="wl_default_password_policy"
Realm="wl_default_realm"/>
Danut
Maybe you are looking for
-
Trying to copy pics from 3gs to PC w/o itunes, tried 3 pc's "no pics on your camera"
Hello all, I have a 3gs phone with about 9,000 pics, I am upgrading the phone to an iphone 4 and I dont need all the pics. I have tried copying the pics using 3 different computers and so far no luck, I tried a HP laptop with win XP, Vaio laptop with
-
Blue Screen of Death & disk0s2: I/O error
Hi My Mac just slowed down suddenly yesterday, then when I tried to reboot, it went to grey screen Apple logo & spinning ball for ages, then stalled on blue screen. I tried the following: 1. Ran Applejack 3 times on auto - said "errors repaired" or "
-
Hi! I want the registered users of my site to send each other messages. I have a database with 2 tables for the messages: the first is for new messages, the second is for saved messages. When a user logs on & goes to their message inbox the page list
-
Mail in 10.10.1, Yosemite, I Mac late 2009 500 MG memory. Does Time Machine access a kernel that tells the back up in the Cloud such as Carbonite that changes have been made which require it to back up the whole machine all over again (using an I Mac
-
CuePoints AS2 Not working Properly Netstream
Hi All, Im trying to get cuepoints working on an old as2 project. I have a netstream video component and want the cuepoints embedded in the FLV to trigger buttons to appear. I have embedded them as Event Cuepoints. For some reason every page on googl