Role mapping is the process whereby principals (users or groups) are
dynamically mapped to security roles at runtime. In WebLogic Server, a
Role Mapping provider determines what security roles apply to the
principals stored in a subject when the subject is attempting to perform
an operation on a WebLogic resource. Because this operation usually
involves gaining access to the WebLogic resource, Role Mapping providers
are typically used with Authorization providers.
WebLogic Server includes
two types of Role Mapping providers:
the XACML Role Mapping
provider, which is the standard Role Mapping provider for the
WebLogic Security Framework. It implements XACML 2.0, the standard
access control policy markup language.
the WebLogic Role Mapping
provider, which is a Role Mapping provider for the WebLogic
Security Framework that implements a proprietary policy language.
Note that the Administration Console refers to the WebLogic Role
Mapping provider as the Default Role Mapper, even though the XACML
Role Mapping provider is configured by default instead.
To configure a Role
If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit (see Use the Change Center).
In the left pane, select Security Realms
and click the name of the realm you are configuring (for example,
Providers > Role Mapping.
The Role Mapping Providers table lists the Role Mapping providers
configured in this security realm
The Create a New Role Mapping Provider page
Name field, enter a name for the Role Mapping
From the Type drop-down list, select the
type of the Role Mapping provider and click
Select Providers > Role Mapping and click
the name of the new Role Mapping provider to complete its
Optionally, under Configuration > Provider
Specific, set Role Deployment Enabled if you want to store
security roles that are created when you deploy a Web application or
an Enterprise JavaBean (EJB).
Save to save your changes.
Change Center, click Activate Changes and then
restart WebLogic Server.