All Examples  All Security Examples

package examples.security.defaultrealm

DefaultRealmExtender

about this example

DefaultRealmExtender helps other realm implementations replace the WebLogic realm. It implements some WebLogic defaults:

Implements DynamicUserAcl, used by Workspaces to allow write access to a Workspace creator.
Ensures that users "guest" and "system" exist. Authentication from the underlying realm is preferred, but if absent, guest has password guest, and system has the realm credential as its password.
Ensures that group "everyone" exists. This group is used by HTTP code to decide whether to bother requiring authentication.
Ensures that ACL weblogic.admin exists. If absent in the underlying realm, it grants permission for the "shutdown", "lockServer", and "unlockServer" operations for user "system".
Ensures that ACL managedObject exists. If absent in the underlying realm, it grants permission for "read" and "write" to user "system".
Ensures that ACL weblogic.workspace exists. If absent in the underlying realm, it grants permission for "read" and "write" to user "system".
Allows getPermission to create temporary new ones, if necessary.

Note that this realm does not create any ACLs based on the weblogic.properties file. Using this realm as a replacement for the WebLogic realm will result in ignoring "allow" clauses of servlets and JDBC connection pools.

If you use this class to convert a working realm based on the weblogic.properties files, you must add certain ACLs to the realm you write to extend this one:

weblogic.jdbc.connectionPool.poolID to grant "reserve" to certain users, as specified in the allow clause of the properties for connection pool poolID.
weblogic.servlet granting "execute" to "everyone", which is the same as setting weblogic.httpd.requireAuthentication=false.
weblogic.servlet.virtualName to grant "execute" permission to certain users, as specified in the allow clause of properties for the servlet virtualName.
And, finally, all the ACLs explicitly coded as properties using weblogic.allow.

how to use this example

Note: The DefaultRealmExtender Realm is dependent on the RdbmsRealm. You must have first built RdbmsRealm before you can build DefaultRealm with these instructions.

Set up your development environment, as described in Setting your development environment.
In your development shell, compile this class using a command like this example for Windows NT:
```
$ javac -d %SERVER_CLASSES% *.java
```
Write a realm that implements one of the Realm interfaces. A good example is the CachingRealm used by the RdbmsRealm example, and the DefaultRealmExtender is set up by default to use the CachingRealm as its underlying realm implementation. You can alter this by editing the static String "delegateClassName" in the constructor of DefaultRealmExtender, or changing the constructor to pass in the name of the underlying realm implementation. You can also use a Java class resource in a properties file (a text file with the extension ".properties") that includes this entry
```
  delegate.class=name of underlying realm implementation
```
to set the name of the underlying realm implementation.
Compile your underlying realm into the %SERVER_CLASSES% directory.
Add users, groups, ACLs, and permissions to your realm and set up server-side resources in the WebLogic Server that use your ACLs, etc.
Start the WebLogic Server.

there's more . . .

For more information on ACLs, read the Developers Guide, Using WebLogic ACLs.