Is there a simple example of how to use web application security in WebLogic?
Created May 7, 2012
WEB-INF/web.xml - Define a constraint and a role
WEB-INF/weblogic.xml - Map the admin role to the system user in WebLogic.
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>SecurePages</web-resource-name>
<description>Security constraint for resources in the secure directory</description>
<url-pattern>/secure/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>only let the admin role access the pages </description>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<description>SSL not required</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<security-role>
<description>A role to access the secured pages</description>
<role-name>admin</role-name>
</security-role>
</web-app>
<!DOCTYPE weblogic-web-app PUBLIC "-//BEA Systems, Inc.//DTD Web Application 6.0//EN" "http://www.bea.com/servers/wls600/dtd/weblogic-web-jar.dtd">
<weblogic-web-app>
<security-role-assignment>
<role-name>admin</role-name>
<principal-name>system</principal-name>
</security-role-assignment>
</weblogic-web-app>