Securing WebLogic Resources
The following sections describe the features and functions of users and groups:
Note: For information about how to perform administrative tasks related to users and groups using the weblogic.Admin
command-line utility (rather than the WebLogic Server Administration Console GUI), see Using weblogic.Admin Commands to Manage Users and Groups in WebLogic Server Command Reference.
A user is an entity that can be authenticated. A user can be a person or a software entity, such as a Java client. Each user is given a unique identity within a security realm. For more efficient security management, BEA recommends adding users to groups. A group is a collection of users who usually have something in common, such as working in the same department in a company.
Notes: The instructions in this section apply to the WebLogic Authentication provider only. If you customize the default security configuration to use a custom Authentication provider, you must use the administration tools supplied by that security provider to create a user.
When upgrading to the WebLogic Authentication provider,you cannot automatically load existing users into the WebLogic Authentication provider's database. For this release of WebLogic Server, adding existing users is a manual step. If you have many existing users, consider using the Realm Adapter Authentication provider. See Configuring a Realm Adapter Authentication Provider in Managing WebLogic Security.
The Users page displays all the users currently defined in the WebLogic Authentication provider's database.
Note: If multiple WebLogic Authentication providers are configured in the security realm, an intermediate page will list them in a table. From the table, select which WebLogic Authentication provider's database should store information for the new user before performing step 5.
Do not use commas or any other characters in this comma-separated list: \t, < >, #, |, &, ?, ( ), { }. User names are case sensitive.
The default minimum password length for a user defined in the WebLogic Authentication provider is 8 characters. Do not use the user name/password combination weblogic
/weblogic
in a production environment.
In the Common Criteria certified configuration, the password must contain at least 8 characters.
BEA recommends adding users to groups because groups allow you to manage a number of users at the same time. This is generally more efficient than managing each user individually.
In the procedure that follows, it is assumed that you have already created groups as described in Creating Groups, or that you will use the default groups described in Default Groups.
The Users page displays all the users currently defined in the WebLogic Authentication provider's database.
If you have many users, use the Filter By field at the top of the page to retrieve and list only the users that match your search criteria, then click the hyperlinked name. The Filter By field uses the asterisk (*
) as the wildcard character.
The Users page displays all the users currently defined in the WebLogic Authentication provider's database.
If you have many users, use the Filter By field at the top of the page to retrieve and list only the users that match your search criteria, then click the hyperlinked name. The Filter By field uses the asterisk (*
) as the wildcard character.
The Users page displays all the users currently defined in the WebLogic Authentication provider's database.
By default, WebLogic Server defines the groups shown in Table 3-1.
Users, when they log in (for example, through a Web page). The |
|
By default, this group contains the user information entered as part of the installation process (that is, the Configuration Wizard), and the |
|
By default, this group is empty. Any user assigned to the |
|
By default, this group is empty. Any user assigned to the |
|
By default, this group is empty. Any user assigned to the |
For more information about the default security roles, see Default Global Roles.
You can add to the default groups by creating your own, as described in Creating Groups.
Notes: The instructions in this section apply to the WebLogic Authentication provider only. If you customize the default security configuration to use a custom Authentication provider, you must use the administration tools supplied by that security provider to create a group.
When upgrading to the WebLogic Authentication provider, you cannot automatically load existing groups into the WebLogic Authentication provider's database. For this release of WebLogic Server, adding existing groups is a manual step. If you have many existing groups, consider using the Realm Adapter Authentication provider. See Configuring a Realm Adapter Authentication Provider in Managing WebLogic Security.
The Groups page displays all the groups currently defined in the WebLogic Authentication provider's database.
Note: If multiple WebLogic Authentication providers are configured in the security realm, an intermediate page will list them in a table. From the table, select which WebLogic Authentication provider's database should store information for the new group before performing step 5.
Optionally, you can nest groups within other groups.
Note: In the procedure that follows, it is assumed that you have already created groups as described in Creating Groups or that you will use the default groups described in Default Groups.
To nest a group within another group:
The Groups page displays all the groups currently defined in the WebLogic Authentication provider's database.
If you have many groups, use the Filter By field at the top of the page to retrieve and list only the groups that match your search criteria, then click the hyperlinked name. The Filter By field uses the asterisk (*
) as the wildcard character.
The Groups page displays all the groups currently defined in the WebLogic Authentication provider's database.
If you have many groups, use the Filter By field at the top of the page to retrieve and list only the groups that match your search criteria, then click the hyperlinked name. The Filter By field uses the asterisk (*
) as the wildcard character.
The Groups page displays all the groups currently defined in the WebLogic Authentication provider's database.