3 Replies Latest reply on Feb 19, 2019 11:32 AM by Florin Marcus

    Security per server

    Ibrahim Kobeissy

      Hello guys,

       

      i'm using Weblogic v 10.3.6.0 with Jdev 11.1.2.3

      we are developing two ADF applications that should be eventually targeted to 2 diffrent type of users,

      we are trying to handle access to those applications without writing code,

      what we need is to be able to define a ReadOnlySqlAuthenticator for each application so that each application can be accessed separately

      i have the following questions pls :

      - is it possible to define  ReadOnlySqlAuthenticator  per managed Server on the same Weblogic domain ?

      - if it's not possible can anyone guide me through how can i possibly achieve what we need

       

      Thanks 

        • 1. Re: Security per server
          Timo Hahn

          To my knowledge, this is not possible as the realm is handled in the admin server.

          Anyway, this question should be moved over to WebLogic Server - Security space, or asked there.

           

          Timo

          • 2. Re: Security per server
            Martien van den Akker

            Indeed, to my knowledge, this is indeed not possible.

            The authenticators are defined in the realm on domain level. You can have only one active realm in a domain and you cannot differentiate over managed servers.

            Although you can have multiple authenticators, these are domain level.

            And in essence, the user and the application do not bother about managed servers.

             

            However, the only thing the authenticator does is to check if the user is valid within one of the authenticators, and to what groups they are assigned. So you could have two sql authenticators, one with users and groups for application A and one for Application B.

            You'll need to define the access-rights through application specific roles that you map to the specific groups. So if you map the roles for Application A to the ApplicationA-groups and Application B accordingly, then I think you achieve the same as intended by Weblogic.

             

            Regards,
            Martien

            • 3. Re: Security per server
              Florin Marcus

              Weblogic always have had this restriction - security being applied per domain and not server instance - but this changed with the introduction of Domain Partitions, what you are looking for should be possible without Martien's clever workaround from above.

              Check this link:

              https://blogs.oracle.com/fusionmiddlewaresupport/domain-partitions-for-multi-tenancy-in-weblogic-server-1221-v2

               

              I haven't used it personally, though you can find plenty of documentation online.