18 WebLogic Server Security

This chapter describes how to create and monitor security realms and how to monitor and configure WebLogic Server users and groups.

A security realm comprises mechanisms for protecting WebLogic Server resources. Each security realm consists of a set of configured security providers, users, groups, security roles, and security policies. A user must be defined in a security realm in order to access any WebLogic Server resources belonging to that realm. When a user attempts to access a particular WebLogic Server resource, WebLogic Server tries to authenticate and authorize the user by checking the security role assigned to the user in the relevant security realm and the security policy of the particular WebLogic Server resource.

Note:

To log into a domain partition, you must have the administrator role. For complete information, see Configuring Security in Using WebLogic Server MT.

If you are logged into a domain partition, navigate from the Domain Partition menu.

This chapter includes the following sections:

Create security realms

To create a new security realm:

  1. From the WebLogic Domain menu, select Security, then select Security Realms.

    The Security Realms table displays information about the security realms that have been configured in the current domain.

  2. Click Create.
  3. On the Create a Security Realm page, enter a name for the new security realm in the Name field.
  4. Click Create.

The new security realm contains the following WebLogic Server security providers with the default configuration settings:

  • DefaultAuthenticator

  • DefaultIdentityAsserter

  • SystemPasswordValidator

  • XACMLAuthorizer

  • DefaultAdjudicator

  • XACMLRoleMapper

  • DefaultCredentialMapper

  • WebLogicCertPathProvider

After creating your security realm, you can change the security providers and provider settings from the WebLogic Server Administration Console.

For more information, see Configuration Options.

Monitor security realms

To monitor the security realms configured in a domain:

  1. From the WebLogic Domain menu, select Security, then select Security Realms.

    The Security Realms table displays information about the security realms that have been configured in the current domain, such as:

    • Name

    • Default Realm

    • Deploy Credential Mapping Ignored

    • Deploy Policy Ignored

    • Deploy Role Ignored

    For more information about these fields, see Configuration Options.

    Optionally, select View to access the following table options:

    • Columns: add or remove the columns displayed in the table

    • Detach: detach the table (viewing option)

    • Sort: sort the columns in ascending or descending order

    • Reorder: change the order of the columns displayed

    • Query by Example

Monitor WebLogic Server users and groups

This section describes how to monitor the users and groups in your domain. This section includes the following tasks:

Monitor users

To monitor users:

  1. From the WebLogic Domain menu, select Security, then select Users and Groups.

    If you are logged into a domain partition, from the Domain Partition menu, select Security, then select Users and Groups.

  2. Select the Users page.

    The Users table displays information about the users that have been configured in the current domain, such as:

    • Name

    • Description

    • Groups

    • Provider

    For more information about these fields, see Configuration Options.

    Optionally, select View to access the following table options:

    • Columns: add or remove the columns displayed in the table

    • Detach: detach the table (viewing option)

    • Sort: sort the columns in ascending or descending order

    • Reorder: change the order of the columns displayed

    • Query by Example

Monitor groups

To monitor groups:

  1. From the WebLogic Domain menu, select Security, then select Users and Groups.

    If you are logged into a domain partition, from the Domain Partition menu, select Security, then select Users and Groups.

  2. Select the Groups page.

    The Groups table displays information about the groups that have been configured in the current domain, such as:

    • Name

    • Description

    • Provider

    For more information about these fields, see Configuration Options.

    Optionally, select View to access the following table options:

    • Columns: add or remove the columns displayed in the table

    • Detach: detach the table (viewing option)

    • Sort: sort the columns in ascending or descending order

    • Reorder: change the order of the columns displayed

    • Query by Example

Configure WebLogic Server users

This section describes how to create and configure users in your WebLogic Server domain. This section includes the following tasks:

Create a new user

To create a new user:

  1. From the WebLogic Domain menu, select Security, then select Users and Groups.

    If you are logged into a domain partition, from the Domain Partition menu, select Security, then select Users and Groups.

  2. Select the Users page.

    The Users table displays information about the users that have been configured in the current domain, such as:

    • Name

    • Description

    • Groups

    • Provider

    For more information about these fields, see Configuration Options.

  3. Click Create.
  4. From the Create a User page, you can define the properties for your new user, including:

    • Name (must be unique)

    • Description

    • Provider

    • Password

    For more information about these fields, see Configuration Options.

  5. Click Create.

Configure user general settings

To configure general settings for a user:

  1. From the WebLogic Domain menu, select Security, then select Users and Groups.

    If you are logged into a domain partition, from the Domain Partition menu, select Security, then select Users and Groups.

  2. Select the Users page.

    The Users table displays information about the users that have been configured in the current domain.

  3. In the Users table, select the name of the user you want to configure.
  4. Select General Settings.
  5. From the General Settings page, you can change the description for the selected user. Enter a description in the Description field.

    For more information, see Configuration Options.

  6. Click Save.

Configure user password settings

To configure password settings for a user:

  1. From the WebLogic Domain menu, select Security, then select Users and Groups.

    If you are logged into a domain partition, from the Domain Partition menu, select Security, then select Users and Groups.

  2. Select the Users page.

    The Users table displays information about the users that have been configured in the current domain.

  3. In the Users table, select the name of the user you want to configure.
  4. Select Passwords.
  5. From the Passwords page, you can change the password for the selected user. Enter a password in the New Password and Confirm Password fields.

    For more information, see Configuration Options.

  6. Click Save.

Configure user attribute settings

To configure attribute settings for a user:

  1. From the WebLogic Domain menu, select Security, then select Users and Groups.

    If you are logged into a domain partition, from the Domain Partition menu, select Security, then select Users and Groups.

  2. Select the Users page.

    The Users table displays information about the users that have been configured in the current domain.

  3. In the Users table, select the name of the user you want to configure.
  4. Select Attributes.
  5. From the Attributes page, you can modify the values of the attributes for this selected user.

    For more information, see Configuration Options.

  6. Click Save.

Configure user group settings

To configure group settings for a user:

  1. From the WebLogic Domain menu, select Security, then select Users and Groups.

    If you are logged into a domain partition, from the Domain Partition menu, select Security, then select Users and Groups.

  2. Select the Users page.

    The Users table displays information about the users that have been configured in the current domain.

  3. In the Users table, select the name of the user you want to configure.
  4. Select Groups.
  5. From the Groups page, you can configure group membership for the selected user.

    For more information, see Configuration Options.

  6. Click Save.

Configure WebLogic Server groups

This section describes how to create and configure groups in your WebLogic Server domain. This section includes the following tasks:

Create a new group

To create a new group:

  1. From the WebLogic Domain menu, select Security, then select Users and Groups.

    If you are logged into a domain partition, from the Domain Partition menu, select Security, then select Users and Groups.

  2. Select the Groups page.

    The Groups table displays information about the groups that have been configured in the current domain, such as:

    • Name

    • Description

    • Provider

    For more information about these fields, see Configuration Options.

  3. Click Create.
  4. From the Create a New Group page, you can define the properties for your new group, including:

    • Name (must be unique)

    • Description

    • Provider

    For more information about these fields, see Configuration Options.

  5. Click Create.

Configure group general settings

To configure general settings for a group:

  1. From the WebLogic Domain menu, select Security, then select Users and Groups.

    If you are logged into a domain partition, from the Domain Partition menu, select Security, then select Users and Groups.

  2. Select the Groups page.

    The Groups table displays information about the groups that have been configured in the current domain.

  3. In the Groups table, select the name of the group you want to configure.
  4. Select General Settings.
  5. From the General Settings page, you can change the description for the selected group. Enter a description in the Description field.

    For more information, see Configuration Options.

  6. Click Save.

Configure group membership settings

To configure membership settings for a group:

  1. From the WebLogic Domain menu, select Security, then select Users and Groups.

    If you are logged into a domain partition, from the Domain Partition menu, select Security, then select Users and Groups.

  2. Select the Groups page.

    The Groups table displays information about the groups that have been configured in the current domain.

  3. In the Groups table, select the name of the group you want to configure.
  4. Select Membership.
  5. From the Membership page, you can configure group membership for the selected group.

    For more information, see Configuration Options.

  6. Click Save.