Avitek Medical Records Development Tutorials
This tutorial describes how to create the users, groups, and global security roles that are required by the MedRec application.
After you finish this tutorial, you will be able to log in to all three MedRec Web applications as the appropriate type of user (administrator, patient, or physician) and start using the application.
Before starting this tutorial:
MedRecDomain
and MedRecServer
, and start MedRecServer
. See Tutorial 1: Creating a WebLogic Domain and Server Instance for Development.MedRecEar
. See Tutorial 15: Using WLST and the Administration Console to Deploy the MedRec Package for Production.
To create the required users, groups, and security roles using the Administration Console:
http://
host
:7101/console
where host
refers to the computer on which MedRecServer is running. If your browser is on the same computer as MedRecServer, you can use the URL http://localhost:7101/console
.
This setting means that the WebLogic Security Service will perform security checks on all URL (Web) and EJB resources. For more information, see Understanding How to Check Security Roles and Security Policies in Securing WebLogic Resources.
Ignore Roles and Policies From DD
. This setting indicates that you will set security for Web Application and EJB resources in the Administration Console, not in deployment descriptors. For more information, see Understanding the On Future Redeploys Setting in Securing WebLogic Resources.
MedRecServer
. (See Starting and Stopping Servers: Quick Reference in Managing Server Startup and Shutdown.)The Groups table displays all groups currently defined in the WebLogic Authentication provider's database.
MedRecPatients
, with a description of MedRecPatients can log on to the MedRec Patients Web site
, and DefaultAuthenticator
provider.The Users table displays all users currently defined in the WebLogic Authentication provider's database.
MedRecAdmins
group from the Available to the Chosen choice box.mary@md.com
, a MedRec physician
who also uses the weblogic
password and the DefaultAuthenticator
provider, and belongs in the MedRecPhysicians
group.larry@bball.com
, a MedRec patient
who also uses the weblogic
password and the DefaultAuthenticator
provider, and belongs in the MedRecPatients
group.The Roles table displays all global and scoped roles currently defined in the WebLogic Role Mapping provider's database.
The Global Roles table displays all global roles currently defined in the WebLogic Role Mapping provider's database.
MedRecPatient
and to grant this global role to the MedRecPatients
group.Now that you have created all the required users, groups, and roles, you can actually log in to the various MedRec Web applications and start using them. First navigate to the following start page in a browser:
http://
host
:7101/start.jsp
In the preceding URL, host
refers to the computer that hosts MedRecServer
. If your browser is on the same computer as MedRecServer
, you can use localhost
; for example: http://localhost:7101/start.jsp
.
The main MedRec application page appears. Click on the links to log in in to the different Web applications, using the following username/passwords:
larry@bball.com
, weblogic
admin@avitek.com
, weblogic
mary@md.com
, weblogic
Nmtoken
in the Extensible Markup Language (XML) recommendation. The BEA convention is that group names are plural, and security role names are singular.Group
role condition. Individual users could also be granted a security role, but this is a less typical practice.
The MedRec application has been coded such that only certain roles are allowed to access certain modules, in particular login to Web Applications such as patient
, physician
, and admin
. This tutorial showed you first how to create groups to represent patients, administrators, and physicians, then how to create individual users and assign them to a particular group, and finally, how to map a group to a role. Once this security configuration is in place, you can log in to the applications using the appropriate user.
You might have noticed, however, that in Step 3: Create users and add the users to groups., you did not create an actual patient user. This is because patients, along with their personal information, are stored in the PointBase database and are authenticated using a Custom DBMS Authenticator. The database also stores the group to which the user is assigned. You must, however, use the Administration Console to create the MedRecPatients
group and the MedRecPatient
role, and then map the group to the role.
The next tutorials show how to secure specific resources, such as Web applications and EJBs.