Administration Console Online Help

    Previous Next  Open TOC in new window 
Content starts here

Configure Role Mapping providers

Role mapping is the process whereby principals (users or groups) are dynamically mapped to security roles at runtime. In WebLogic Server, a Role Mapping provider determines what security roles apply to the principals stored in a subject when the subject is attempting to perform an operation on a WebLogic resource. Because this operation usually involves gaining access to the WebLogic resource, Role Mapping providers are typically used with Authorization providers.

WebLogic Server includes two types of Role Mapping providers:

  • the XACML Role Mapping provider, which is the standard Role Mapping provider for the WebLogic Security Framework. It implements XACML 2.0, the standard access control policy markup language.
  • the WebLogic Role Mapping provider, which is a Role Mapping provider for the WebLogic Security Framework that implements a proprietary policy language. Note that the Administration Console refers to the WebLogic Role Mapping provider as the Default Role Mapper, even though the XACML Role Mapping provider is configured by default instead.

To configure a Role Mapping provider:

  1. If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit (see Use the Change Center).
  2. In the left pane, select Security Realms and click the name of the realm you are configuring (for example, myrealm).
  3. Select Providers > Role Mapping.

    The Role Mapping Providers table lists the Role Mapping providers configured in this security realm

  4. Click New.

    The Create a New Role Mapping Provider page appears.

  5. In the Name field, enter a name for the Role Mapping provider.
  6. From the Type drop-down list, select the type of the Role Mapping provider and click OK.
  7. Select Providers > Role Mapping and click the name of the new Role Mapping provider to complete its configuration.
  8. Optionally, under Configuration > Provider Specific, set Role Deployment Enabled if you want to store security roles that are created when you deploy a Web application or an Enterprise JavaBean (EJB).
  9. Click Save to save your changes.
  10. In the Change Center, click Activate Changes and then restart WebLogic Server.

  Back to Top