Get Security Roles From Weblogic for Spring Security

Question

I'm currently writing a web application that sits on a weblogic server.

I am using Weblogic's security container to authenticate access to the app. Within weblogic.xml I have the mapping:

<wls:security-role-assignment>
<wls:role-name>PORTAL_USER</wls:role-name>
<wls:principal-name>users</wls:principal-name>

I then grant anyone with PORTAL_USER access to my app.

The issue comes when using spring security to control access to various pages.

I'm using the following to grant authrorities:

<bean class="org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper">                        
    <property name="convertAttributeToUpperCase" value="true"/> 
</bean>

But this seems to be making the roles within the app the authorities for example when logged in a user will have the authority:

ROLE_PORTAL_USER.

My question therefore is how do I get the roles from weblogic and grant the user those roles. For example if the user had the security role Admin defined in weblogic how would I read that role within my app and give them an appropriate role.

Answer 1

I was missing something pretty obvious.

It turns out that if you use Eclipse to auto deploy to weblogic then it doesn't use mapping defined in weblogic only ones defined in the app.

If you deploy the application to server and select custom roles then the roles (as long as they are declared in the application) will present in the app.

To get user roles within a Java EE app from Weblogic:

1 Define in web.xml:

<security-role>
     <role-name>Admin</role-name>
</security-role>
<security-role>
     <role-name>Author</role-name>
</security-role>

2 Deploy App on Weblogic - Use custom roles for security settings

3 Set roles in Weblogic - Must be same names as defined in app

4 Roles should appear in application