WebLogic Server offers the
following types of Authorization providers:
The XACML Authorization provider
is the standard Authorization provider for the WebLogic Security
Framework. It implements XACML 2.0, the standard access control policy
The WebLogic Authorization provider is an Authorization
provider for the WebLogic Security Framework that implements a
proprietary policy language. Note that the Administration Console
refers to the WebLogic Authorization provider as the Default
Authorizer, even though the XACML Authorization provider is configured
by default instead.
The Realm Adapter Authorization
provider accesses user and group information stored in
Compatibility security realms.
Each security realm must have one at least one Authorization provider
To configure an Authorization provider:
If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit (see Use the Change Center).
In the left pane, select Security Realms,
then click the name of the realm you are configuring (for example,
Providers > Authorization and click
The page appears.
Name field of Create a New Authorization
Provider, enter a name for the Authorization provider.
From the Type drop-down list, select the
type of the Authorization provider and click
Expand Providers > Authorization and
click the name of the new Authorization provider to complete its
Optionally, on the Configuration:Provider
Specific page for the Authorization provider, check
Policy Deployment Enabled. Do this if you want
to store security policies that are created when you deploy a Web
application or an Enterprise JavaBean (EJB).
To activate these changes, in the Change
Center, click Activate
finish configuring the Authorization provider, reboot WebLogic