Role mapping is the process whereby principals (users or groups) are
dynamically mapped to security roles at runtime. In WebLogic Server, a
Role Mapping provider determines what security roles apply to the
principals stored a subject when the subject is attempting to perform an
operation on a WebLogic resource. Because this operation usually
involves gaining access to the WebLogic resource, Role Mapping providers
are typically used with Authorization providers.
WebLogic Server includes
the WebLogic Role Mapping provider,
which is the standard Role Mapping provider for the WebLogic Security
Framework. Note that the Administration Console refers to the WebLogic
Role Mapping provider as the Default Role Mapper.
To configure a Role
If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit (see Use the Change Center).
In the left pane, select Security Realms
and click the name of the realm you are configuring (for example,
Providers > Role Mapping.
The Role Mapping Providers table lists the Role Mapping providers
configured in this security realm
The Create a New Role Mapping Provider page
Name field, enter a name for the Role Mapping
From the Type drop-down list, select the
type of the Role Mapping provider and click
Select Providers > Role Mapping and click
the name of the new Role Mapping provider to complete its
Optionally, under Configuration > Provider
Specific, set Role Deployment Enabled if you want to store
security roles that are created when you deploy a Web application or
an Enterprise JavaBean (EJB).
Save to save your changes.
Change Center, click Activate Changes and then
restart WebLogic Server.