The default (that is, active) security realm for WebLogic Server includes a WebLogic Role Mapping provider. The WebLogic Role Mapping provider computes dynamic security roles for a specific user (subject) with respect to a specific protected WebLogic resource for each of the default users and WebLogic resources. The WebLogic Role Mapping provider supports the deployment and undeployment of security roles within the system. The WebLogic Role Mapping provider uses the same security policy engine as the WebLogic Authorization provider. If you want to use a role mapping mechanism that already exists within your organization, you could create a custom role mapping provider to tie into that system.
You need 3 Files, a XML File with the configuration, the Provider and the Implementation of a Role.
The Config File:
<?xml version="1.0" ?>
<!DOCTYPE MBeanType SYSTEM "commo.dtd">
<MBeanType
Name = "MYRoleMapper"
DisplayName = "MYRoleMapper"
Package = "MY.security"
Extends = "weblogic.management.security. authorization.RoleMapper"
PersistPolicy = "OnUpdate"
>
<MBeanAttribute
Name = "ProviderClassName"
Type = "java.lang.String"
Writeable = "false"
Preprocessor = "weblogic.management.configuration.LegalHelper.checkClassName(value)"
Default = ""MY.security.MYRoleMapperProviderImpl""
/>
<MBeanAttribute
Name = "Description"
Type = "java.lang.String"
Writeable = "false"
Default = ""MY RM provider ""
/>
<MBeanAttribute
Name = "Version"
Type = "java.lang.String"
Writeable = "false"
Default = ""1.2""
/>
</MBeanType>
The Actual Provider MYRoleMapperProviderImpl.java:
public class MYRoleMapperProviderImpl implements RoleProvider, RoleMapper {
private String description;
private static final Map<String, SecurityRole> NO_ROLES = Collections.unmodifiableMap(new HashMap<String, SecurityRole>(1));
private final static String RESSOURCE_URL = "<url>";
private final static String RESSOURCE_EJB = "<ejb>";
private enum rollen {
READER;
}
@Override
public void initialize(ProviderMBean mbean, SecurityServices services) {
description = mbean.getDescription() + "\n" + mbean.getVersion();
}
@Override
public String getDescription() {
return description;
}
@Override
public void shutdown() {
}
@Override
public RoleMapper getRoleMapper() {
return this;
}
@Override
public Map<String, SecurityRole> getRoles(Subject subject, Resource resource, ContextHandler handler) {
Map<String, SecurityRole> roles = new HashMap<String, SecurityRole>();
Set<Principal> principals = subject.getPrincipals();
for (Resource res = resource; res != null; res = res.getParentResource()) {
getRoles(res, principals, roles);
}
if (roles.isEmpty()) {
return NO_ROLES;
}
return roles;
}
private void getRoles(Resource resource, Set<Principal> principals, Map<String, SecurityRole> roles) {
if (resource.getType() == RESSOURCE_URL || resource.getType() == RESSOURCE_EJB) {
roles.put(rollen.READER.toString(), new MYSecurityRoleImpl(rollen.READER.toString(), "READER Rolle"));
}
}
}
simple Role Implementation:
package MY.security;
import weblogic.security.service.SecurityRole;
public class MYSecurityRoleImpl implements SecurityRole {
private String _roleName;
private String _description;
private int _hashCode;
public MYSecurityRoleImpl(String roleName, String description)
{
_roleName = roleName;
_description = description;
_hashCode = roleName.hashCode() + 17;
}
public boolean equals(Object secRole)
{
if (secRole == null)
{
return false;
}
if (this == secRole)
{
return true;
}
if (!(secRole instanceof MYSecurityRoleImpl))
{
return false;
}
MYSecurityRoleImpl anotherSecRole = (MYSecurityRoleImpl)secRole;
if (!_roleName.equals(anotherSecRole.getName()))
{
return false;
}
return true;
}
public String toString () { return _roleName; }
public int hashCode () { return _hashCode; }
public String getName () { return _roleName; }
public String getDescription () { return _description; }
}
For more information go through documentation
Now you need to configure in weblogic admin console in security realms – providers- new
Happy learning with Vinay in techartifact…..