All Examples All Security Examples
The CachingRealm implements an interface also contained in this package, a CacheableRealm, which adds one important piece of functionality to the realm, a method that allows you to set the cache with a Realm object.
Another class in this package, LRUTable, provides an expedient way to manage a large number of realm entities in memory. An LRU (least recently used) table stores values by key much like a Hashtable, but only a configurable number of the most recently used entries are retained. An LRU table is a more efficient lookup mechanism than a simple Hashtable.
Also included in this package is a DDL file, weblogic.realm_ddl, for creating and populating the tables required by the RdbmsRealm. That structure is, simply:
Table name | Columns |
---|---|
aclentries | A_NAME ACL name |
A_PRINCIPAL User associated with the ACL name and permission |
|
A_PERMISSION ACL permission |
|
groupmembers | GM_GROUP Group name |
GM_MEMBER User with membership in the group |
|
users | U_NAME Username |
U_PASSWORD Password |
Database-related details are externalized in a Java class resource properties file, weblogic.realm_properties. The RdbmsRealm is set up by default to depend upon an Oracle database. Entries for other DBMSs are commented out in the properties file. To set up the realm for use with another database, you should edit the connection-related information, and make adjustments to the syntax of the JDBC PreparedStatements that retrieve information from the database according to your environment. Other caching-related configuration details are also editable in this file.
To use the RdbmsRealm example, you first edit configuration files to set up your database environment, then compile and install the RdbmsRealm class and properties files. You then run the RdbmsRealm example once to create database tables and insert rows in them, and then again to execute a unit test to ensure that the realm and database environment are working.
After you have tested the realm, you can add a weblogic.security.realmClass property to the weblogic.properties file. The DefaultRealmExtender class, as distributed, depends on RdbmsRealm and CacheableRealm to implement its methods. The DefaultRealmExtender, CacheableRealm, and RdbmsRealm classes extend the default WebLogic realm so that all users, groups, and ACLs are retrieved from the database. However, the DefaultRealmExtender provides the "system" and "guest" users, and the "everyone" group. You can reference them in ACLs you insert into the database, but you do not add them as users or groups in the database.
Note: If you are using Microsoft SDK for Java, supply the optional parameter -ms on the build command line.
To compile without a build script, use a command like this:
$ cd \weblogic\examples\security\rdbmsrealm $ javac -d %SERVER_CLASSES% *.java
$ java examples.security.rdbmsrealm.RdbmsRealm fromScratch.weblogic
The first SQL statements in the DDL file drop the RdbmsRealm tables; the first time you run the example, these DROP statements will display database server error messages, which you can ignore.
$ java examples.security.rdbmsrealm.RdbmsRealm
The unit test uses the RdbmsRealm methods to list the users, groups, and ACLs in the database.
To extend the default WebLogic realm with RdbmsRealm, you build the DefaultRealmExtender class and register it as the WebLogic security class in the weblogic.properties file. The DefaultRealmExtender class, as distributed, uses the CachingRealm and RdbmsRealm to substitute the database as WebLogic's source for users, groups, permissions, and ACLs. The DefaultRealmExtender class also implements some standard security features that WebLogic requires, such as the "system" and "guest" users and the "everyone" group. See DefaultRealmExtender for a complete description.
$ java examples.security.rdbmsrealm.RdbmsRealm fromScratch.weblogic
This step is important because the ACLs you uncommented in the weblogic.realm_ddl file are required for WebLogic to properly initialize the new realm.
$ cd /weblogic/examples/security/defaultrealm $ javac -d %SERVER_CLASSES% *.java
weblogic.security.realmClass=examples.security.defaultrealm.DefaultRealmExtender
To see that the RdbmsRealm is working, you can use the WebLogic Console or the T3AdminRealm servlet. Access the T3AdminRealm servlet from a browser with a URL like this:
http://WebLogicHost:WebLogicPort/T3AdminRealm
where WebLogicHost is the name of the computer running WebLogic and WebLogicPort is the port WebLogic is listening on, usually 7001. The servlet displays all of the users, groups, and ACLs known in the realm. Note that the servlet displays the "system" and "guest" users, the "everyone" group, and a few ACLs, all of which are supplied by the DefaultRealmExtender class.
As another test, try loading the helloWorld servlet in your browser. The ACL for this servlet gives "execute" permission to the "engineering" group, whose members are "anno" and "bob". You should only be allowed to load the servlet when you log in as one of these users.