Administration Console Online Help

WebLogic Role Mapping Provider-->General

Tasks Related Topics Attributes

Overview

Use this page to configure a WebLogic Role Mapping provider.

Note: The WebLogic Server Administration Console refers to the WebLogic Role Mapping provider as the Default Role Mapper.

Role Mapping providers support security policies by obtaining a computed set of roles granted to a requestor for a given resource. Role Mapping providers supply Authorization providers with this role information so that the Authorization provider can answer the "is access allowed?" question for WebLogic resources that use role-based security.

The WebLogic Security Framework uses business logic and the current operation parameters (obtained from the J2EE and WebLogic deployment descriptor files) to determine which roles (if any) apply to the particular Subject at the moment in which access is required for a given resource. If multiple Role Mapping providers are configured, the set of roles returned by all Role Mapping providers will be unioned by the WebLogic Security Framework.

By default, the WebLogic Role Mapping provider is configured in the default security realm (myrealm). You can use a Custom Role Mapping provider instead of the WebLogic Role Mapping provider. For a Custom Role Mapping provider to be available through the WebLogic Server Administration Console, the MBean JAR file for the provider must be in the WL_HOME\lib\mbeantypes directory.

A Role Mapping provider that stores security roles that are created when deploying Web application or Enterprise JavaBean (EJB) deployments needs to implement the DeployableRoleProvider Security Service Provider Interface (SSPI) instead of the RoleProvider SSPI. You also need to enable the Role Deployment Enabled attribute on this page. The Role Deployment Enabled attribute is enabled by default for the WebLogic Role Mapping provider.

During application deployment, WebLogic Server reads security roles from the weblogic.xml and weblogic-ejb-jar.xml files. This information is used to populate the WebLogic Role Mapping provider. Any changes made to the security roles through the WebLogic Server Administration Console are not persisted to the weblogic.xml and weblogic-ejb-jar.xml files. Before you deploy the application again (which will happen if you redeploy it through the WebLogic Server Administration Console, modify it on disk, or restart WebLogic Server), you need enable the Check Roles and Policies and Future Redeploys options on the General page for a security realm.

Tasks

Configuring a New Security Realm

Configuring the WebLogic Role Mapping Provider

Configuring a Custom Security Provider

Attributes

Table 188-1

Attribute Label	Description	Value Constraints
Name	The name of this WebLogic Role Mapping provider. MBean: `weblogic.security. providers.authorization. DefaultRoleMapperMBean` Attribute: `Name`
Description	A short description of this WebLogic Role Mapping provider. MBean: `weblogic.security. providers.authorization. DefaultRoleMapperMBean` Attribute: `Description`	Default: "Weblogic Role Mapping Provider"
Version	The version number of this WebLogic Role Mapping provider. MBean: `weblogic.security. providers.authorization. DefaultRoleMapperMBean` Attribute: `Version`	Default: "1.0"
Role Deployment Enabled	Specifies whether this WebLogic Role Mapping provider stores security roles that are created while deploying a Web application or an Enterprise JavaBean (EJB). MBean: `weblogic.security. providers.authorization. DefaultRoleMapperMBean` Attribute: `RoleDeploymentEnabled`	Default: new java.lang.Boolean(true) Valid values: true false