| BEA WebLogic Server 9.1 Security Schema Reference | ||||||
DETAILS: DOCUMENTATION | ELEMENTS | ATTRIBUTES | FRAMES | NO FRAMES |
Specifies the default security model for Web applications or EJBs that are secured by this security realm. You can override this default during deployment.
Choose one of these security models:
Deployment Descriptors Only (DDOnly)
Uses only the roles and policies in the J2EE deployment descriptor (DD) and the WebLogic Server DD.
Performs security checks only for URLs or EJB methods that are protected by a policy in the deployment descriptor.
Each time you deploy the module, the Security Service copies the roles and policies in the deployment descriptors.
Applies for the life of the deployment. If you want to use a different model, you must delete the deployment and reinstall it.
Customize Roles Only (CustomRoles)
Uses policies defined in the J2EE DD and ignores any Principal mappings in the WebLogic Server DD. An administrator completes the role mappings using the Administration Console.
Performs security checks only for URLs or EJB methods that are protected by a policy in the deployment descriptor.
Each time you deploy the module, the Security Service copies the roles and policies in the deployment descriptors.
Applies for the life of the deployment. If you want to use a different model, you must delete the deployment and reinstall it.
Customize Roles and Policies
(CustomRolesAndPolicies)
Ignores any roles and policies defined in deployment descriptors. An administrator uses the Administration Console to secure the resources.
Performs security checks for all URLs or EJB methods in the module.
Applies for the life of the deployment. If you want to use a different model, you must delete the deployment and reinstall it.
Advanced (Advanced)
You configure how this model behaves by setting values for the following options:
When Deploying Web Applications or EJBs
When using the WebLogic Scripting Tool or JMX APIs, there is no
single MBean attribute for this setting. Instead, you must set the
values for the DeployPolicyIgnored
and
DeployRoleIgnored
attributes of
RealmMBean
.
Check Roles and Policies
(FullyDelegateAuthorization)
Combined Role Mapping Enabled
(CombinedRoleMappingEnabled)
You can change the configuration of this model. Any changes immediately apply to all modules that use the Advanced model. For example, you can specify that all modules using this model will copy roles and policies from their deployment descriptors into the appropriate provider databases upon deployment. After you deploy all of your modules, you can change this behavior to ignore roles and policies in deployment descriptors so that when you redeploy modules they will not re-copy roles and policies.
Prior to WebLogic Server version 9.0 the Advanced model was the only security model available. Use this model if you want to continue to secure EJBs and Web Applications as in releases prior to 9.0.
"DDOnly", "CustomRoles", "CustomRolesAndPolicies", "Advanced"
| BEA WebLogic Server 9.1 Security Schema Reference | ||||||
DETAILS: DOCUMENTATION | ELEMENTS | ATTRIBUTES | FRAMES | NO FRAMES |
Version: 9.1