Custom Role Mapping Provider in Weblogic

The default (that is, active) security realm for WebLogic Server includes a WebLogic Role Mapping provider. The WebLogic Role Mapping provider computes dynamic security roles for a specific user (subject) with respect to a specific protected WebLogic resource for each of the default users and WebLogic resources. The WebLogic Role Mapping provider supports the deployment and undeployment of security roles within the system. The WebLogic Role Mapping provider uses the same security policy engine as the WebLogic Authorization provider. If you want to use a role mapping mechanism that already exists within your organization, you could create a custom role mapping provider to tie into that system.

You need 3 Files, a XML File with the configuration, the Provider and the Implementation of a Role.

The Config File:

<?xml version="1.0" ?>
<!DOCTYPE MBeanType SYSTEM "commo.dtd">

<MBeanType
 Name          = "MYRoleMapper"
 DisplayName   = "MYRoleMapper"
 Package       = "MY.security"
 Extends       = "weblogic.management.security. authorization.RoleMapper"
 PersistPolicy = "OnUpdate"
>
 <MBeanAttribute
  Name          = "ProviderClassName"
  Type          = "java.lang.String"
  Writeable     = "false"
  Preprocessor  = "weblogic.management.configuration.LegalHelper.checkClassName(value)"
  Default       = "&quot;MY.security.MYRoleMapperProviderImpl&quot;"
 />

 <MBeanAttribute
  Name          = "Description"
  Type          = "java.lang.String"
  Writeable     = "false"
  Default       = "&quot;MY RM provider &quot;"
 />

 <MBeanAttribute
  Name          = "Version"
  Type          = "java.lang.String"
  Writeable     = "false"
  Default       = "&quot;1.2&quot;"
 />

</MBeanType>

The Actual Provider MYRoleMapperProviderImpl.java:

public class MYRoleMapperProviderImpl implements RoleProvider, RoleMapper {
    private String description;
    private static final Map<String, SecurityRole> NO_ROLES = Collections.unmodifiableMap(new HashMap<String, SecurityRole>(1));

    private final static String RESSOURCE_URL = "<url>";
    private final static String RESSOURCE_EJB = "<ejb>";

    private enum rollen {
        READER;
    }

    @Override
    public void initialize(ProviderMBean mbean, SecurityServices services) {
        description = mbean.getDescription() + "\n" + mbean.getVersion();
    }

    @Override
    public String getDescription() {
        return description;
    }

    @Override
    public void shutdown() {

    }

    @Override
    public RoleMapper getRoleMapper() {
        return this;
    }

    @Override
    public Map<String, SecurityRole> getRoles(Subject subject, Resource resource, ContextHandler handler) {
        Map<String, SecurityRole> roles = new HashMap<String, SecurityRole>();
        Set<Principal> principals = subject.getPrincipals();
        for (Resource res = resource; res != null; res = res.getParentResource()) {
            getRoles(res, principals, roles);
        }
        if (roles.isEmpty()) {
            return NO_ROLES;
        }
        return roles;
    }

    private void getRoles(Resource resource, Set<Principal> principals, Map<String, SecurityRole> roles) {
        if (resource.getType() == RESSOURCE_URL || resource.getType() == RESSOURCE_EJB) {
                            roles.put(rollen.READER.toString(), new MYSecurityRoleImpl(rollen.READER.toString(), "READER Rolle"));          
            }
    }
}

simple Role Implementation:

package MY.security;

import weblogic.security.service.SecurityRole;

public class MYSecurityRoleImpl implements SecurityRole {

    private String _roleName;
       private String _description;
       private int _hashCode;

       public MYSecurityRoleImpl(String roleName, String description)
       {
          _roleName = roleName;
          _description = description;
          _hashCode = roleName.hashCode() + 17;
       }

       public boolean equals(Object secRole)
       {
          if (secRole == null) 
          {
             return false;
          }

          if (this == secRole) 
          {
             return true;
          }

          if (!(secRole instanceof MYSecurityRoleImpl)) 
          {
             return false;
          }

          MYSecurityRoleImpl anotherSecRole = (MYSecurityRoleImpl)secRole;

          if (!_roleName.equals(anotherSecRole.getName())) 
          {
             return false;
          }

          return true;
       }

       public String toString () { return _roleName; }
       public int hashCode () { return _hashCode; }
       public String getName () { return _roleName; }
       public String getDescription () { return _description; }
}

For more information go through documentation

Now you need to configure in weblogic admin console in security realms – providers- new

Happy learning with Vinay in techartifact…..

Vinay

I am an Oracle ACE in Oracle ADF/Webcenter. Sr Java Consultant-working on Java/J2EE/Oracle ADF/Webcenter Portal/ content and Hibernate for several years. I'm an active member of the OTN JDeveloper/Webcenter forum. Passionate about learning new technologies. I am here to share my knowledge. Give your views and suggestion on [email protected] .

More Posts - Website

Follow Me:
TwitterLinkedInGoogle PlusYouTube