WebLogic Server gives a choice of models for securing each Web application or EJB. One choice is to configure the Advanced security model so that it copies security roles and policies from deployment descriptors on initial deployment into the security provider data repositories (each security provider contains its own logic for importing security data). Then you can use the Administration Console to modify, remove, or add to the security roles and policies. See Using the Advanced Security Model.
Caution: To re-import security data from modules that you have already deployed and already imported security data, BEA recommends that you delete the module and then reinstall it. See Manage security for Web applications and EJBs.
To copy security information from deployment descriptors on initial deployment:
Note: This configuration applies to all Web applications and EJBs that you deploy using the Advanced security model. For example, if you deploy two Web applications, and if in the Install Application assistant you specify that both Web applications should use the Advanced security model, then when you finish the assistant, WebLogic Server will copy roles and policies from both of the Web applications. If you redeploy one of these Web applications, WebLogic Server will re-copy the security data from the redeployed module's deployment descriptors. To prevent this re-copy operation, reconfigure the Advanced model as described later in this topic.
For information about this selection, see Configuration Options.
This selection causes WebLogic Server to copy the roles and policies for Web application and EJB resources from the deployment descriptors into the configured Authorization and Role Mapping providers’ databases each time you deploy the resource.
After you finish
Caution: After you deploy your Web applications and EJBs, you must change the When Deploying Web Applications or EJBs list to Ignore roles and policies from DD. Otherwise, when you redeploy any Web application or EJB that uses the Advanced model, WebLogic Server will re-import its security data, which could override security configurations that you set in the Administration Console. See Stop importing roles and policies