0 Replies Latest reply: Jun 14, 2013 2:57 PM by user1661171 RSS

    WebLogic Server: 10.3.6.0 "no load" WLSGroupImpl in Subject?

    user1661171
      reamlberr

        <realm>

            <sec:authentication-provider xsi:type="wls:open-ldap-authenticatorType">

              <sec:name>ldapClaro</sec:name>

              <sec:control-flag>SUFFICIENT</sec:control-flag>

              <wls:host>XXX.XXX.XXX.XXX</wls:host>

              <wls:principal>uid=zimbra,cn=admins,cn=zimbra</wls:principal>

              <wls:user-base-dn>ou=users,ou=BERR,dc=allware,dc=cl</wls:user-base-dn>

              <wls:credential-encrypted>{AES}e5z5XwEe+WHz/pMXoEnNj2xwzX9Q9AMKXy5cbay6Y78=</wls:credential-encrypted>

              <wls:group-base-dn>ou=groups,ou=BERR,dc=allware,dc=cl</wls:group-base-dn>

              <wls:group-search-scope>onelevel</wls:group-search-scope>

              <wls:group-from-name-filter>(&amp;(cn=%g)(objectclass=groupOfNames))</wls:group-from-name-filter>

              <wls:static-group-object-class>groupOfNames</wls:static-group-object-class>

              <wls:static-group-dns-from-member-dn-filter>(&amp;(member=%M)(objectclass=groupOfNames))</wls:static-group-dns-from-member-dn-filter>

            </sec:authentication-provider>

            <sec:authentication-provider xsi:type="wls:default-authenticatorType">

              <sec:name>weblogic</sec:name>

              <sec:control-flag>SUFFICIENT</sec:control-flag>

            </sec:authentication-provider>

            <sec:authentication-provider xsi:type="wls:default-identity-asserterType">

              <sec:name>identiweblogic</sec:name>

              <sec:active-type>AuthenticatedUser</sec:active-type>

            </sec:authentication-provider>

            <sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType">

              <sec:name>role</sec:name>

            </sec:role-mapper>

            <sec:role-mapper xsi:type="wls:default-role-mapperType">

              <sec:name>allwareroles</sec:name>

            </sec:role-mapper>

            <sec:authorizer xsi:type="wls:default-authorizerType">

              <sec:name>allwareauth</sec:name>

            </sec:authorizer>

            <sec:adjudicator xsi:type="wls:default-adjudicatorType">

              <sec:name>adjudicacionberr</sec:name>

            </sec:adjudicator>

            <sec:credential-mapper xmlns:sam="http://xmlns.oracle.com/weblogic/security/saml2" xsi:type="sam:saml2-credential-mapperType">

              <sec:name>credencialberr</sec:name>

            </sec:credential-mapper>

            <sec:credential-mapper xsi:type="wls:default-credential-mapperType">

              <sec:name>allwacredencial</sec:name>

            </sec:credential-mapper>

            <sec:credential-mapper xsi:type="wls:pki-credential-mapperType">

              <sec:name>allwacred</sec:name>

            </sec:credential-mapper>

            <sec:credential-mapper xsi:type="wls:saml-credential-mapperType">

              <sec:name>allwacre</sec:name>

            </sec:credential-mapper>

            <sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType">

              <sec:name>WebLogicCertPathProvider</sec:name>

            </sec:cert-path-provider>

            <sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>

            <sec:user-lockout-manager>

              <sec:lockout-enabled>false</sec:lockout-enabled>

              <sec:lockout-duration>10</sec:lockout-duration>

            </sec:user-lockout-manager>

            <sec:deploy-role-ignored>false</sec:deploy-role-ignored>

            <sec:deploy-policy-ignored>false</sec:deploy-policy-ignored>

            <sec:deploy-credential-mapping-ignored>true</sec:deploy-credential-mapping-ignored>

            <sec:security-dd-model>CustomRoles</sec:security-dd-model>

            <sec:enable-web-logic-principal-validator-cache>false</sec:enable-web-logic-principal-validator-cache>

            <sec:name>realmberr</sec:name>

          </realm>

       

       

      AND WEB:

      web.xml

      <?xml version="1.0" encoding="UTF-8"?>

      <web-app id="WebApp_ID" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

          <display-name>WEBBERR-war</display-name>

          <servlet>

              <servlet-name>mvc-dispatcher</servlet-name>

              <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>

              <load-on-startup>1</load-on-startup>

          </servlet>

          <filter>

              <filter-name>ResponseOverrideFilter</filter-name>

              <filter-class>org.displaytag.filter.ResponseOverrideFilter</filter-class>

          </filter>

          <filter-mapping>

              <filter-name>ResponseOverrideFilter</filter-name>

              <url-pattern>*.htm</url-pattern>

          </filter-mapping>

          <filter-mapping>

              <filter-name>ResponseOverrideFilter</filter-name>

              <url-pattern>*.jsp</url-pattern>

          </filter-mapping>

          <servlet-mapping>

              <servlet-name>mvc-dispatcher</servlet-name>

              <url-pattern>*.htm</url-pattern>

          </servlet-mapping>

          <context-param>

              <param-name>contextConfigLocation</param-name>

              <param-value>/WEB-INF/mvc-dispatcher-servlet.xml</param-value>

          </context-param>

          <listener>

              <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>

          </listener>

          <welcome-file-list>

              <welcome-file>index.htm</welcome-file>

          </welcome-file-list>

          <error-page>

              <error-code>404</error-code>

              <location>/WEB-INF/error.jsp</location>

          </error-page>

          <error-page>

              <error-code>403</error-code>

              <location>/WEB-INF/errorAcceso.jsp</location>

          </error-page>

          <session-config>

              <session-timeout>60</session-timeout>

          </session-config>

          <!--LOGIN-->

          <security-constraint>

              <web-resource-collection>

                  <web-resource-name>Success</web-resource-name>

                  <url-pattern>/index.htm</url-pattern>

                  <http-method>GET</http-method>

                  <http-method>POST</http-method>

              </web-resource-collection>

          </security-constraint>

          <security-constraint>

              <display-name>Constrain1</display-name>

              <web-resource-collection>

                  <web-resource-name>home</web-resource-name>

                  <description>inicio</description>

                  <url-pattern>/WEBBERR-war/index.htm</url-pattern>

                  <url-pattern>/WEBBERR-war/</url-pattern>

              </web-resource-collection>

              <auth-constraint>

                  <description/>

                  <role-name>Administrador</role-name>

                  <role-name>UsuarioSGA</role-name>

                  <role-name>AtencionCliente</role-name>

              </auth-constraint>

          </security-constraint>

          <login-config>

              <auth-method>FORM</auth-method>

              <realm-name>realmberr</realm-name>

              <form-login-config>

                  <form-login-page>/login.htm</form-login-page>

                  <form-error-page>/WEB-INF/errorAcceso.jsp</form-error-page>

              </form-login-config>

          </login-config>

          <security-role>

              <description>Los Usuarios Administradores de sistema WEBBERR</description>

              <role-name>Administrador</role-name>

          </security-role>

          <security-role>

              <description>los usuarios normales del sistema WEBBERR</description>

              <role-name>UsuarioSGA</role-name>

          </security-role>

          <security-role>

              <description>los usuarios de atencion al cliente</description>

              <role-name>AtencionCliente</role-name>

          </security-role>

          <!--LOGIN FIN-->

      </web-app>

       

       

      In Class :

       

       

      Class

      import java.security.Principal;

       

      import java.util.ArrayList;

      import java.util.Set;

      import javax.security.auth.Subject;

      import weblogic.security.Security;

      import weblogic.security.principal.WLSGroupImpl;

      import weblogic.security.principal.WLSUserImpl;

       

      subject = Security.getCurrentSubject();

        

            allPrincipals = subject.getPrincipals();

              for (Principal principal : allPrincipals) {

              

                  if (principal instanceof WLSGroupImpl) {

                  

                      roles.add(principal.getName());

                  }

                  if (principal instanceof WLSUserImpl) {

                  

                      user = principal.getName();

                  }

      }

       

      In Class READ WLSUserImpl but not WLSGroupImpl with provider OpenLdap, but realm "myrealm" provider Ldapweblogic  work! ¿?, in Console view all User and Group with provider OpenLdap.

      http://img839.imageshack.us/img839/5838/4qq.png