stackoom
  简体   繁体   中英

How to create security role in weblogic

 原文  2012-08-10 14:26:56       java/ weblogic

Question

I followed this totorial to create security role in weblogic: http://blog.whitehorses.nl/2010/01/29/weblogic-web-application-container-security-part-1/

I create in weblogic server group RobMon and user monitor with pass. Then I create this xml:

my web.xml: 

<security-constraint>

    <web-resource-collection>
        <web-resource-name>my-application</web-resource-name>
        <url-pattern>/admin</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>RobMon</role-name>
    </auth-constraint>
</security-constraint>

<security-role>
    <role-name>RobMon</role-name>
</security-role>

<login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
        <form-login-page>/login</form-login-page>
        <form-error-page>/login</form-error-page>
    </form-login-config>
</login-config>

weblogic.xml: 

<wls:security-role-assignment>
    <wls:role-name>RobMon</wls:role-name>
    <wls:principal-name>RobMon</wls:principal-name>
</wls:security-role-assignment>

and now I want to println role and principles: 

    Subject subject = Security.getCurrentSubject();
    Set<Principal> allPrincipals = subject.getPrincipals();
    for (Principal principal : allPrincipals) {
        if (principal instanceof WLSGroupImpl) {
            logger.error(principal.getName() + "??????????");
            roles.add(principal.getName());
        }
        if (principal instanceof WLSUserImpl) {
            logger.error(principal.getName() + "!!!!!!!!!!!");
            user = principal.getName();
        }
    }

but this prints me something else what I want 

 admin!!!!!!!!!!!
 Administrators??????????

it should println monitor and RobMon. What is wrong ?

1 answers

solution1
 6 ACCPTED  2012-08-20 16:40:49

In weblogic.xml you have assigned the role RobMon which means that when the user RobMon is authenticated he will be assigned the RobMon role. ,这意味着在对用户RobMon进行身份验证时,将为他分配RobMon角色。

In the tutorial the principal group users is used instead of RobMon user which means that all the users of the group will be assigned the role after being authenticated.

Check that principal RobMon exists in your security realm. I think that the user RobMon does not exist in your security realm. You probably wanted to assign the role to the user monitor. So the configuration in weblogic.wml should be: 

    <wls:security-role-assignment>
      <wls:role-name>RobMon</wls:role-name>
      <wls:principal-name>monitor</wls:principal-name>
    </wls:security-role-assignment>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question security-role-assignment, migrating from weblogic to jboss How to create Spring security Role on SAP Commerce cloud (Hybris) How to fix role in Spring Security? how to use getRoles method of Weblogic role mapping provider? how to use spring security for user role management? How to configure ROLE prefix Spring Security How to use dynamic Role in Spring Security How to authorize a link based on role in Spring Security 4 How to access role in JSP using spring security? How to override role for a specific endpoint in Spring Security?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM