|
 |
| e-docs > WebLogic Server > Administration Console Online Help > Security |
|
Administration Console Online Help
|
Default Role Mapping --> General
Tasks Additional Documentation Attributes
Use this tab to configure a Role Mapping provider for a security realm. Role Mapping providers support security policies (dynamic role associations) by obtaining a computed set of roles granted to a requestor for a given resource. Role Mapping providers supply Authorization providers with this role information so that the Authorization Provider can answer the "is access allowed?" question for resources that use role-based security (that is, Web application and Enterprise JavaBean container resources).
The WebLogic Security Framework will use business logic and the current operation parameters (obtained from the J2EE and WebLogic deployment descriptor files) to determine which roles (if any) apply to the particular Subject at the moment in which access is required for a given resource. If multiple Role Mapping providers are configured, the set of roles returned by all Role Mapping providers will be intersected by the WebLogic Security Framework.
By default, the WebLogic Role Mapping provider is configured in myrealm. You can use a Custom Role Mapping provider instead of the WebLogic Role Mapping provider. For a Custom Role Mapping provider to appear on the Role Mapper tab, the MBean JAR file for the provider must be in the WL_HOME\lib\mbeantypes directory.
A Role Mapping provider that supports deploying roles on behalf of Web application or Enterprise JavaBean (EJB) deployments needs to implement the DeployableRoleProvider Security Service Provider Interface (SSPI) instead of the RoleProvider SSPI. You also need to enable the Role Deployment Enabled attribute on this tab. The Role Deployment Enabled attribute is enabled by default for the WebLogic Role Mapping provider.
During application deployment, WebLogic Server reads role mappings from the weblogic.xml and weblogic-ejb-jar.xml files. This information is used to populate the WebLogic Role Mapping provider. Any changes made to the role mappings through the WebLogic Server Administration Console are not persisted to the weblogic.xml and weblogic-ejb-jar.xml files. Before you deploy the application again (which will happen if you redeploy it through the WebLogic Server Administration Console, modify it on disk, or restart WebLogic Server), you need enable the Ignore Security Data in Deployment Descriptors attribute on the General tab for the security realm.
Configuring a Role Mapping Provider
(Requires an Internet connection.)
Introduction to WebLogic Security
Developing Security Providers for WebLogic Server
Securing a WebLogic Server Deployment
Upgrading Security in WebLogic Server Version 6.x to WebLogic Server Version 7.0
The Security page in the WebLogic Server documentation
|
|
|
|
||
 |
|
|
 |
 |
 |
|
||
