Administration Console Online Help

Previous Next Open TOC in new window
Content starts here

Stop importing roles and policies

You can configure the Advanced security model so that it copies security roles and policies from deployment descriptors on initial deployment into the security provider data repositories. However, if you redeploy one of these Web applications, WebLogic Server will re-import the security data from the redeployed module's deployment descriptors. This re-import operation can override any modifications that you might have made to the roles and policies that you originally imported.

For example, when you deploy EJB1, you import a role named PrivilegedUser that grants access to a principal named “john.” Then you use the Administration Console to add “pat” along with "john" to the PrivilegedUser role. If you redeploy EJB1 without stopping the importing of roles and policies, WebLogic Server will re-import the definition of the PrivilegedUser role. The imported definition will override your modifications and "pat" will no longer be in the role.

Caution: Failure to stop importing roles and policies may result in inconsistent security configurations when your Web application and EJB resources are redeployed. If you do not perform this step or perform this step incorrectly, you will see the following message the next time you load a module's Policy Editor page: The information presented below may not be accurate. To ensure that you are viewing accurate information, you may need to delete and redeploy your WebLogic resources.

To stop importing roles and policies:

  1. If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit (see Use the Change Center).
  2. In the left pane of the Administration Console, select Security Realms.
  3. On the Summary of Security Realms page, select the name of the realm into which you originally imported the roles and policies (for example, myrealm).
  4. On the Settings page, select the Configuration tab. Then select the General subtab.
  5. On the Configuration: General page, click the Advanced toggle button to expand the Advanced section.
  6. In the When Deploying Web Applications or EJBs list, select Ignore Roles and Polices From DD.

    For information about this selection, see Configuration Options.

  7. Click Save.
  8. To activate these changes, in the Change Center of the Administration Console, click Activate Changes.
    Not all changes take effect immediately—some require a restart (see Use the Change Center).

Back to Top