These are the steps to protect some urls of a web application deployed in WebLogic:
AUTHENTICATION PROVIDERS
Create appropiate authentication provider configuration. Restart WebLogic AdminServer and check that you are getting users, groups and user/groups membership from the external ldap repository
DEPLOYMENT DESCRIPTORS
Supose:
- You have a group in LDAP called extranetgroup. User joe belongs to extranetgroup
- You want to protect application under /extranet/* url pattern
web.xml:
Create the appropiate security configuration in web.xml:
<security-constraint> <display-name>mySecurityConstraint</display-name> <web-resource-collection> <web-resource-name>extranet</web-resource-name> <description/> <url-pattern>/extranet/*</url-pattern> </web-resource-collection> <auth-constraint> <description/> <role-name>extranetrole</role-name> </auth-constraint> <user-data-constraint> <description/> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <security-role> <description/> <role-name>extranetrole</role-name> </security-role>
weblogic.xml:
Create the appropiate security in weblogic.xml*. Here is where you map roles to LDAP principals (users or groups)
<security-role-assignment> <role-name>extranetrole</role-name> <principal-name>extranetgroup</principal-name> </security-role-assignment>
Please notice that you don’t need to inform
Deploy or redeploy your applicaction with DDonly security model
(*) If your application is ear packaged (with weblogic-application.xml included) bear in mind that this file has preference over weblogic.xml
Enjoy 😉
approaching off the bow 