Is there a simple example of how to use web application security in WebLogic?

Robert Castaneda

Following is an example for WebLogic 6.x that protects all URLs that begin with /secure:

WEB-INF/web.xml - Define a constraint and a role

<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">

<web-app>
	<security-constraint>
		<web-resource-collection>
			<web-resource-name>SecurePages</web-resource-name>
			<description>Security constraint for resources in the secure directory</description>
			<url-pattern>/secure/*</url-pattern>
			<http-method>POST</http-method>
			<http-method>GET</http-method>
		</web-resource-collection>

		<auth-constraint>
			<description>only let the admin role access the pages </description>
			<role-name>admin</role-name>
		</auth-constraint>

		<user-data-constraint>
			<description>SSL not required</description>
			<transport-guarantee>NONE</transport-guarantee>
		</user-data-constraint>
	</security-constraint>


    	<login-config>
    		<auth-method>BASIC</auth-method>
    		    
	<security-role>
	    <description>A role to access the secured pages</description>
	    <role-name>admin</role-name>
 	</security-role>
</web-app>

WEB-INF/weblogic.xml - Map the admin role to the system user in WebLogic.

<!DOCTYPE weblogic-web-app PUBLIC "-//BEA Systems, Inc.//DTD Web Application 6.0//EN" "http://www.bea.com/servers/wls600/dtd/weblogic-web-jar.dtd">

<weblogic-web-app>

  <security-role-assignment>
	<role-name>admin</role-name>
	<principal-name>system</principal-name>
  </security-role-assignment>


</weblogic-web-app>
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

About | Sitemap | Contact