This discussion is archived
2 Replies Latest reply: Feb 7, 2013 7:29 AM by 935795 RSS

Role and Principal/User mapping

935795 Newbie
Currently Being Moderated
Hello,
I have a web application that uses Form based authentication. The authentic users are in the Active directory. The roles and groups are configured in web and weblogic xmls. I have configured the LDAP provider in weblogic and can see the users of Active Directory. Now, how to map the user/principal of active directory to a role in my web application. I am using a weblogic tutorial http://docs.oracle.com/cd/E24329_01/web.1211/e24485/thin_client.htm#i1057576 and have done as indicated. But there is some link missing.

web.xml
<!-- Homepage access -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Homepage</web-resource-name>
<!-- Actions -->
<url-pattern>/home.action</url-pattern>

<!-- Pages -->
<url-pattern>/espManager.jsp</url-pattern>

<!-- HTTP Methods -->
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<!--
login security
-->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>ES Manager Application</realm-name>
     <!-- <realm-name>myrealm</realm-name> -->
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginError.jsp</form-error-page>
</form-login-config>
</login-config>

<!--
Security roles
-->
<security-role>
<description>Power Users</description>
     <role-name>admin</role-name>
</security-role>

weblogic.xml
<weblogic-web-app>
...
<security-role-assignment>
<role-name>admin</role-name>
<principal-name>STPAdminGroup</principal-name>
<principal-name>raj.so</principal-name>
</security-role-assignment>
...
</weblogic-web-app>

How do I tell weblogic that the user raj.so who also belongs to the group STPAdminGroup is authorised to access the home page? I get a 403:forbidden when i use the login credentials of raj.so and password.
Is there anything I have to do other than configuring 'ES Manager Application' security realm?

Your help will be very useful.

Regards,
Raj
  • 1. Re: Role and Principal/User mapping
    935795 Newbie
    Currently Being Moderated
    Hi,

    I just rewrote the web.xml with a non-existing security realm and that did not produce a different error messages.

    <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>ABCDEFGHIJKLMN REALM</realm-name>
    <form-login-config>
    <form-login-page>/login.jsp</form-login-page>
    <form-error-page>/loginError.jsp</form-error-page>
    </form-login-config>
    </login-config>

    At the moment, the only error message is from j_security_check and tells 403 forbidden. This is not sufficient and am blindfolded.
    May I know how you debug login problems.

    Regards,
    Raj
  • 2. Re: Role and Principal/User mapping
    935795 Newbie
    Currently Being Moderated
    hello weblogic users,

    I have made a discovery, but yet to see the light. Can someone who has made login for thier apps help.

    I replaced a newly created security realm with the default realm - myrealm. I deleted the active directory ldap with the weblogic embedded ldap. The weblogic.xml now is
    <security-role-assignment>
    <role-name>admin</role-name>
    <principal-name>system</principal-name>
    </security-role-assignment>

    That means the application in war should let the weblogic admin console user - system.
    This works :-)

    So, I created a user myadmin in the embedded ldap server and tried to login. That is no permitted. Does this give a clue? Or Do you understand why, what is happening?

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points