Securing some parts of a WebApp in WebLogic


These are the steps to protect some urls of a web application deployed in WebLogic:

AUTHENTICATION PROVIDERS

Create appropiate authentication provider configuration. Restart WebLogic AdminServer and check that you are getting users, groups and user/groups membership from the external ldap repository

DEPLOYMENT DESCRIPTORS

Supose:

  • You have a group in LDAP called extranetgroup. User joe belongs to extranetgroup
  • You want to protect application under /extranet/* url pattern

web.xml:

Create the appropiate security configuration in web.xml:

 <security-constraint>
        <display-name>mySecurityConstraint</display-name>
        <web-resource-collection>
            <web-resource-name>extranet</web-resource-name>
            <description/>
            <url-pattern>/extranet/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <description/>
            <role-name>extranetrole</role-name>
        </auth-constraint>
        <user-data-constraint>
            <description/>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
    <security-role>
        <description/>
        <role-name>extranetrole</role-name>
    </security-role>

weblogic.xml:

Create the appropiate security in weblogic.xml*. Here is where you map roles to LDAP principals (users or groups)

<security-role-assignment>
    <role-name>extranetrole</role-name>
    <principal-name>extranetgroup</principal-name>
</security-role-assignment>

Please notice that you don’t need to inform

Deploy or redeploy your applicaction with DDonly security model

DDonly-deployment

(*) If your application is ear packaged (with weblogic-application.xml included) bear in mind that this file has preference over weblogic.xml

Enjoy 😉

IT

javier mugueta View All →

Me and my circumstance

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: