Sunday, July 3, 2011

Setting Up Basic Authentication in Weblogic

Most of the times, it is recommended to use basic authentication mechanism for security purposes, if the SSL security can not be implemented. Here, I am going to show you the mechanism to do that in weblogic server. We need to do amendments in three areas; weblogic server, web.xml and weblogic.xml files.

Hope you enjoy the ride of it.
Create user, group and role in weblogic server.
Open weblogic admin console (home page) and go to “Security Realms” in the left panel





Create the users, groups and roles in weblogic domain
Click on myrealm link


















Click on Users and Groups section























Click on New in User section






















Put Name as “user”; Description as user; Password as password


















Click on OK to successfully create the user


Click on Groups section to create new group

















Click on New button and provide
Name: usergroup; Description: usergroup; Provider: DefaultAuthenticator
Click on OK to successfully create the usergroup.



Go on “Roles and Policies” section
















Click on ‘+’ to expand the Global Roles link. Click on Roles. It will Open Global Roles Page
















Click on New – Enter new role name

Provide role name as “consumer” provider name as XACMLRoleMapper (note: it is showing as a default one; don’t need to change it)
















Click ‘OK’ after entering the role name, it returns back to the ‘Global Roles’ page with newly created ‘Role’


Click on “Users and Groups” tab or link as part of Navigation bar. Go to Users tab



















Go to the Users section and Click on the “user” hyperlink. It opens the ‘Settings of the user-name’ screen.




















Go to “Groups” section and Select the ‘uergroup’ from the Available list of Groups. Move the selected ‘uergroup’ to right list (Chosen). Click on Save



















Click on “Security Realms” link and then link on myrealm and Go on ‘Roles and Policies’ tab



Click on ‘Global Roles’ + symbol – it expand as in tree-hierarchy


Click on ‘Roles’ + symbol – it expand as in tree-hierarchy


















Select the Radio Button against the newly created Role (consumer), then click on ‘Edit Role’ button


Click on Add Condition button. Choose ‘Group’ as the predicate and click on Next



















Choose ‘Group’ in the Predicate List and click on Next





















On the next page, type the Group name as “usergroup” and click ‘Add’


Click on Finish. On the next page, select the CheckBox against the Group name and Save


















Entries in web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
      id="WebApp_ID" version="2.5">
      <display-name>Sample Rest Interface</display-name>
      <servlet>
            <servlet-name>Sample Rest Interface</servlet-name>
            <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
            <init-param>
                  <param-name>com.sun.jersey.config.property.packages</param-name>
                  <param-value>test</param-value>
            </init-param>
            <load-on-startup>1</load-on-startup>
      </servlet>
      <servlet-mapping>
            <servlet-name>Sample Rest Interface</servlet-name>
            <url-pattern>/*</url-pattern>
      </servlet-mapping>
       <security-constraint>
            <web-resource-collection>    
                  <web-resource-name>webservice</web-resource-name>
                  <url-pattern>/*</url-pattern>
                  <http-method>POST</http-method>
            </web-resource-collection>

             <auth-constraint>
                  <role-name>consumer</role-name>
           </auth-constraint>
     </security-constraint>
      <login-config>
            <auth-method>BASIC</auth-method>
            <realm-name>default</realm-name>
      </login-config>
     <security-role>
            <role-name>consumer</role-name>
      </security-role>
</web-app>

Changes in Weblogic.xml
<?xml version="1.0" encoding="UTF-8"?>
<weblogic-web-app xmlns:wls="http://xmlns.oracle.com/weblogic/weblogic-web-app"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd http://xmlns.oracle.com/weblogic/weblogic-web-app http://xmlns.oracle.com/weblogic/weblogic-web-app/1.2/weblogic-web-app.xsd">
      <security-role-assignment>
            <role-name>consumer</role-name>
            <principal-name>usergroup</principal-name>
      </security-role-assignment>
</weblogic-web-app>
 
Posted by at
Labels:

3 comments:

Anonymous said...

Thanks Snehanshu.. This one really helped me totally.. the biggest part is creating the global Role.. I missed it and.. see that it doesnt work..

February 12, 2015 at 3:09 PM
Unknown said...

Thank you!!! This article helped me a lot.

October 13, 2016 at 7:38 PM
Rajesh Bhatia said...

Many many thanks Snehanshu.. it took me 2 days to get to this link.. God bless.

November 17, 2019 at 6:11 AM

Post a Comment

Subscribe to: Post Comments (Atom)

Total Pageviews