You can easily setup the
Basic Authentication in Weblogic by using this post. I assume you are
having basic knowledge about JEE. If yes, then you just need to
configure Group and User in Weblogic Admin console, and modify the
web.xml and weblogic.xml files in WEB-INF folder. That's it. You are
done and your application resources are secured.
Lets
perform the two activities - Weblogic Configuration and Web
Application Configuration:
Weblogic Configuration
(You
may use existing users and groups and move to next activity)
Use the following steps:
Now, after performing all the above mentioned activities, basic authentication are up and running. You can test it by accessing the secure page on browser.
Note: Above steps will setup the basic authentication and the browser would provide the login window and it cannot be customized. If you want a custom Login page then please refer the Form Authentication.
Use the following steps:
- Login
to Weblogic Admin console and go to Security Realms > [myrealm]
>Users and Groups (tab)
- Select
Groups tab in second tab row
- Click
on new button
- Fill
the required fields (Group: testGroup etc) and click on Ok to
create the group. (Keep the DefaultAuthenticator as provider)
- Now
similarly, create the test user by clicking the new button on
Users tab. (Keep the DefaultAuthenticator as provider)
- Now
we need to associate the test user with newly created group
testGroup. Go to the users list on Users tab.
- Click
on the newly created user test
- Click
on Groups tab.
- Select the testGroup and click on Save to complete the steps.
- In
web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Page</web-resource-name>
<url-pattern>/securepages/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>xAdmin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>default</realm-name>
</login-config>
<security-role>
<role-name>xAdmin</role-name>
</security-role>
- security-constraint
tag contains the resource information like Name and URL patterns
and which role can access that information using auth-constraint
tag. As you can see I have given name Secure Page and secured all
the pages under /securepages directory/context. You can give any
name to the role that would have the access to resources defined
in URL patterns. This name is an identifier only nothing to do
with group we created in above activity. But later we need to map
it with actual weblogic group.
- login-config
tag describes what method we are going to use for authentication
or how the login form would appear. Here we are using the BASIC,
similarly for form-authentication you can use FORM. In Admin
console you can check or config which realm you want to use. Same
we need to set in realm-name tag
- You
know we have given role in auth-constaint, same we need to
declare in web.xml. So in short, we use security-role tag for
role declaration.
- In
weblogic.xml
<security-role-assignment>
<role-name>xAdmin</role-name>
<principal-name>testGroup</principal-name>
</security-role-assignment>
- weblogic.xml
is also part of WEB-INF directory. Since we have defined the
resources to be secured, role that can access them, BASIC
authentication method and role declaration the only part remains
to map the declared role with weblogic group or individual user.
That is done using setting weblogic group in principal-name and
declared role in role-name tag.
Now, after performing all the above mentioned activities, basic authentication are up and running. You can test it by accessing the secure page on browser.
Note: Above steps will setup the basic authentication and the browser would provide the login window and it cannot be customized. If you want a custom Login page then please refer the Form Authentication.
Script automate the updates of web.xml and weblogic.xml
Use this script to automate the updating of web.xml and weblogic.xml in any war file#!/bin/bash war_file= ws_name= ROLE_NAME= while getopts f:n:r: option do case "${option}" in f) war_file=${OPTARG};; n) ws_name=${OPTARG};; r) ROLE_NAME=${OPTARG};; esac done OLD_TXT="<\/web-app>" NEW_TEXT="\n <security-constraint>\n <web-resource-collection>\n <web-resource-name>Secured-Pages<\/web-resource-name>\n <url-pattern>\/*<\/url-pattern>\n <\/web-resource-collection>\n <auth-constraint>\n <role-name>$ROLE_NAME<\/role-name>\n <\/auth-constraint>\n <\/security-constraint>\n \n <login-config>\n <auth-method>BASIC<\/auth-method>\n <realm-name>default<\/realm-name>\n <\/login-config>\n \n <security-role>\n <role-name>$ROLE_NAME<\/role-name>\n <\/security-role>\n<\/web-app>\n" cp $war_file $war_file.original jar xvf $war_file cd WEB-INF/ sed -i -r "s/$OLD_TXT/$NEW_TEXT/g" web.xml echo "<weblogic-web-app xmlns="'"http://www.bea.com/ns/weblogic/weblogic-web-app"'"> <context-root>"BanksESB_$ws_name"</context-root> <security-role-assignment> <role-name>$ROLE_NAME</role-name> <principal-name>$ROLE_NAME</principal-name> </security-role-assignment> </weblogic-web-app>" > weblogic.xml cd .. jar cvfM $war_file WEB-INF/* #zip war_file WEB-INF/* rm -r WEB-INF/
No comments:
Post a Comment