All Examples All Security Examples
package examples.security.defaultrealm
about this example
DefaultRealmExtender helps other realm implementations replace
the WebLogic realm. It implements some WebLogic defaults:
- Implements DynamicUserAcl, used by Workspaces to allow
write access to a Workspace creator.
- Ensures that users "guest" and "system" exist. Authentication from
the underlying realm is preferred, but if absent, guest has password
guest, and system has the realm credential as its password.
- Ensures that group "everyone" exists. This group is used by HTTP
code to decide whether to bother requiring authentication.
- Ensures that ACL weblogic.admin exists. If absent in
the underlying realm, it grants permission for the "shutdown",
"lockServer", and "unlockServer" operations for user "system".
- Ensures that ACL managedObject exists. If absent in the
underlying realm, it grants permission for "read" and "write" to user
"system".
- Ensures that ACL weblogic.workspace exists. If absent in
the underlying realm, it grants permission for "read" and "write" to
user "system".
- Allows getPermission to create temporary new ones, if necessary.
Note that this realm does not create any ACLs based on the
weblogic.properties file. Using this realm as a replacement
for the WebLogic realm will result in ignoring "allow" clauses of
servlets and JDBC connection pools.
If you use this class to convert a working realm based on the
weblogic.properties files, you must add certain ACLs to the
realm you write to extend this one:
- weblogic.jdbc.connectionPool.poolID to grant
"reserve" to certain users, as specified in the allow clause of the
properties for connection pool poolID.
- weblogic.servlet granting "execute" to "everyone", which
is the same as setting
weblogic.httpd.requireAuthentication=false.
- weblogic.servlet.virtualName to grant "execute"
permission to certain users, as specified in the allow clause of
properties for the servlet virtualName.
- And, finally, all the ACLs explicitly coded as properties using
weblogic.allow.
how to use this example
Note: The DefaultRealmExtender Realm is dependent on the RdbmsRealm. You must
have first built RdbmsRealm before you can build DefaultRealm with these
instructions.
- Set up your development environment, as described in
Setting your development environment.
- In your development shell, compile this class using a
command like this example for Windows NT:
$ javac -d %SERVER_CLASSES% *.java
- Write a realm that implements one of the Realm interfaces.
A good example is the CachingRealm
used by the RdbmsRealm example, and the DefaultRealmExtender is set up
by default to use the CachingRealm as its underlying realm
implementation. You can alter this by editing the static String
"delegateClassName" in the constructor of DefaultRealmExtender, or
changing the constructor to pass in the name of the underlying realm
implementation. You can also use a Java class resource in a
properties file (a text file with the extension ".properties")
that includes this entry
delegate.class=name of underlying realm implementation
to set the name of the underlying realm implementation.
- Compile your underlying realm into the %SERVER_CLASSES% directory.
- Add users, groups, ACLs, and permissions to your realm and set
up server-side resources in the WebLogic Server that use your ACLs, etc.
- Start the WebLogic Server.
there's more . . .
For more information on ACLs, read the Developers Guide, Using WebLogic
ACLs.