3 Replies Latest reply: Feb 21, 2012 11:01 AM by 918713 RSS

    How to map any authenticated user to particular roles?

    918713
      Hi,

      We have a servlet which is using form based authentication. In the auth-constraint section of web.xml, we specified a number of roles which can access the servlet:

                <auth-constraint>
                     <role-name>user</role-name>
                     <role-name>author</role-name>
                     <role-name>customer</role-name>
                </auth-constraint>

      It worked fine in all web servers, but for weblogic, I have to include a weblogic.xml to map particular users into one of these roles:

      <?xml version="1.0" encoding="UTF-8"?>

      <weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90">
      <security-role-assignment>
      <role-name>customer</role-name>
      <principal-name>wlUser1</principal-name>
      </security-role-assignment>
      <jsp-descriptor>
      <page-check-seconds>1</page-check-seconds>
      <verbose>false</verbose>
      </jsp-descriptor>
      </weblogic-web-app>


      In this case, anyone logged in as wlUser1 can access our servlet. It works for weblogic. But imagine I add a new user to WL, I will have to add that user to the deployed weblogic.xml, which is not practical at all.

      Is there a way to may any authenticated user into some roles? Is there any better ways to do it?

      Please help.

      Thanks.

      -Aston