3 Replies Latest reply: Dec 13, 2012 9:41 AM by René van Wijk RSS

    Meaning of /security/realm-name in weblogic-application.xml?

      Hi all,

      within the weblogic-application.xml file I can specify a "realm-name" within the "security" tag.

      My first thought was that I can select one of a list of configured realms within a weblogic domain.
      I have created a second realm with the name "SampleRealm". To verify, that this realm is valid I made it the default realm, restarted the server and connected to the
      AdminServer. Afterwards I switched the default realm back to "myrealm" and restarted the server again.

      When I start the application with "realm-name" in "weblogic-application.xml", which is not the "default realm" I am getting an error message:

      weblogic.security.service.InvalidParameterException: [Security:090396]Security Realm SampleRealm does not exist

      Whe I active "SampleRealm" (make it the default realm), I can start the application.

      So I have two questions:
      1) Why can I configure a "realm-name" inside weblogic-application.xml if the only valid value is the name of the realm which is configured as default-realm?
      2) Is there any other intended use of multiple realms within one domain than being able to import/export from an existing realm into a new one?

        • 1. Re: Meaning of /security/realm-name in weblogic-application.xml?
          René van Wijk
          You sort of wish this (from the documentation http://docs.oracle.com/cd/E24329_01/web.1211/e24368/app_xml.htm#i1007581)

          "<realm-name> Optional 1 Names a security realm to be used by the application. If none is specified, the system default realm is used"

          holds true.

          For the second question:
          - http://docs.oracle.com/cd/E24329_01/web.1211/e24422/overview.htm#SECMG117

          "You can configure multiple security realms in a domain; however, only one can be the active security realm."

          When you look at that line, it also makes sense why the realm-name configuration does not work, as only one can be active and that is the default domain.
          • 2. Re: Meaning of /security/realm-name in weblogic-application.xml?

            I know these documentations.

            For 1): The fact, that I can configure a "realm-name" in weblogic-application.xml misleaded me to the assumption, that I can specify one of the configured realms inside the domain. But this is not true. (If I configure a realm, which is not the default realm, I get an exception.)

            The way it is working now seems to be a manual version of the useless box (http://www.youtube.com/watch?v=aqAUmgE3WyM) - I have to change the "realm-name" to the name of the default realm. So there is no sense, specifying that value at all - is it?

            • 3. Re: Meaning of /security/realm-name in weblogic-application.xml?
              René van Wijk
              "So there is no sense, specifying that value at all - is it?"

              You are absolutely right!

              Just leave it alone, as it will automatically pick the default realm anyway.

              But the video is fun, thanks :-)