Administration Console Online Help

Previous Next Open TOC in new window
Content starts here

Access policies for JNDI resources

Before you begin

This subtask is part of the main task for creating a security policy. Start with the main task: Create policies for resource instances.

Security policies for Java Naming and Directory Interface (JNDI) resources apply to a specific type of WebLogic resource that uses the industry-standard JNDI SPI to enable connectivity to heterogeneous enterprise naming and directory services.

To access policies for a JNDI resource:

  1. In the left pane of the Administration Console, expand Environment and select Servers.
  2. In the Servers table select the name of a server that contains the JNDI resource.
  3. On the server's Configuration: General page, click the View JNDI Tree link.

    The JNDI tree for the server appears in a new Administration Console window.

  4. In the new Administration Console window, expand the JNDI tree and select the node where you want to create the security policy.

    The settings table for the selected resource appears on the right side. Note that the item you select is reflected in the table label.

  5. In the Settings table, select the Security tab. Then select the Policies sub-tab.
  6. If you have more than one authorization provider configured for the realm: from the Authorization Providers list select the provider you want to use to secure this resource.
  7. Select one of the methods from the Methods list or select ALL.

    For more information, see JNDI Operations.

  8. Under Policy Conditions, click Add Conditions.
  9. On the Choose a Predicate page, in the Predicate List, select a condition.

    Oracle recommends that you use the Role condition where possible. Basing conditions on security roles enables you to create one security policy that takes into account multiple users or groups, and is a more efficient method of management.

    For more information, see Security Policy Conditions.

  10. The next steps depend on the condition that you chose:
    • If you selected Role, click Next, enter the name of a security role in the argument field, and click Add. If the security role that you name does not already exist, create one by that name after you finish creating policies.
    • If you selected Group or User, click Next , enter a name in the argument field, and click Add. If the user or group that you name does not already exist, create one by that name.
    • If you selected a boolean predicate (Server is in development mode , Allow access to everyone, or Deny access to everyone), there are no arguments to enter. Click Finish and go to step 10..
    • If you selected a context predicate, such as Context element's name equals a numeric constant, click Next and enter the context name and an appropriate value. It is your responsibility to ensure that the context name and/or value exists at runtime.
    • If you selected a time-constrained predicate, such as Access occurs between specified hours, click Next and provide values for the Edit Arguments fields.
  11. Click Finish.
  12. (Optional) Create additional conditions.
  13. (Optional) The WebLogic Security Service evaluates conditions in the order they appear in the list. To change the order, select the check box next to a condition and click the Move Up or Move Down button.
  14. (Optional) Use other buttons in the Policy Conditions section to specify relationships between the conditions:
    • Select And/Or between expressions to switch the and / or statements.
    • Click Combine or Uncombine to merge or unmerge selected expressions. See Combine Conditions.
    • Click Negate to make a condition negative; for example, NOT Group Operators excludes the Operators group from the role.
  15. Click Save.

After you finish

If your policies grant access to roles, specify users and groups for your roles. See Manage security roles.

Back to Top