J2EE security EJB Roles and weblogic server

In EJB security and Weblogic server, We see Roles and Groups and Users.I have a doubt here.

Suppose , using weblogic admin console I create the following

I create  a role 'R1' and attach it to  Group 'G1'

I create  a role 'R2' and attach it to  Group 'G1'

I create  a role 'R3' and attach it to  Group 'G1'


Next ...,

I create a user'U1' with password "u1xx" and attach it to group 'G1'

I create a user'U2' with password "u2xx" and attach it to group 'G1'

I create a user'U3' with password "u3xx" and attach it to group 'G1'


Now, problem is , how does a user say  'U1'  will know which Role he is having ?  where is that  connection ?


I have read the doc and deployment descriptor but this part is not clear. So, if you are calling an EJB  with user 'U1' and password 'u1xx'  how does it know which role it has acquired ?  Of course ,Weblogic server will tell you, its attached to Group G1 because it knows 'U1'  is attached to Group 'G1' though but it can not tell you the Role....And unless you know the Role , you can't get the EJB method permission specific to each Role !

Could you please clarify this part ?
cofactorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ECollinCommented:
hi,

the weblogic server security framework will answer this question for you :
U1 belongs to G1, therefore he will be assigned the R1 role. Next, you use the ejb deployment descriptors to set your security constraints.

U can also create "local" roles to your EJBs and map them to global roles using the weblogic-ejb-jar.xml file.

Emmanuel
0
cofactorAuthor Commented:
>>>U1 belongs to G1, therefore he will be assigned the R1 role
why R1 ?  please see we have attached R1,R2,R3 to G1 ....so we can not really say that U1 will be assigned the R1 role ....is not it ?
Not happy with the answer.  Have you understood my query ?
0
ECollinCommented:
of course the user will have also R2 and R3 roles.
0
Introduction to Web Design

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.

ECollinCommented:
A user can be granted several roles, not only one.
0
cofactorAuthor Commented:
>>>A user can be granted several roles, not only one.

we are not granting roles to the user directly.  we are adding roles  to the group.  and a user is attached to the group.

So, as per your comments , you are saying when  we add a user 'U1'  to a group ,  user  'U1'  get all roles belong to that group.

I had a confusion exactly here. I assume its a SET i.e user can get only one role from the group but NOT ALL.  ...is not groups are just like SET ? I'm confused here.


ALSO, I have seen old Weblogic servers i.e 7 or below  had a "Role"  settings under "Security Realm" in the admin console....but now Weblogic 9 and above have  "Global Role"  there instead.
what does  this "Global Role" does ?  I have read the weblogc documentation but not able to distinguish the difference between  old   "Role"  and current "Global Role"   .....how are they different ?
0
ECollinCommented:
hi,

you can grant roles directly to users if you want but it's easier to grant them directly to groups.
A user can have several roles at a time.

Global roles (Role in prévious versions) are visible from all resources and applications in the domain. You can have enterprise application roles, web application roles or ejb roles that are only visible from their own application.

Emmanuel
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Java App Servers

From novice to tech pro — start learning today.