[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

J2EE security EJB Roles  and weblogic server

Posted on 2010-08-17
6
Medium Priority
?
649 Views
Last Modified: 2013-12-10
In EJB security and Weblogic server, We see Roles and Groups and Users.I have a doubt here.

Suppose , using weblogic admin console I create the following

I create  a role 'R1' and attach it to  Group 'G1'

I create  a role 'R2' and attach it to  Group 'G1'

I create  a role 'R3' and attach it to  Group 'G1'


Next ...,

I create a user'U1' with password "u1xx" and attach it to group 'G1'

I create a user'U2' with password "u2xx" and attach it to group 'G1'

I create a user'U3' with password "u3xx" and attach it to group 'G1'


Now, problem is , how does a user say  'U1'  will know which Role he is having ?  where is that  connection ?


I have read the doc and deployment descriptor but this part is not clear. So, if you are calling an EJB  with user 'U1' and password 'u1xx'  how does it know which role it has acquired ?  Of course ,Weblogic server will tell you, its attached to Group G1 because it knows 'U1'  is attached to Group 'G1' though but it can not tell you the Role....And unless you know the Role , you can't get the EJB method permission specific to each Role !

Could you please clarify this part ?
0
Comment
Question by:cofactor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 10

Expert Comment

by:ECollin
ID: 33462160
hi,

the weblogic server security framework will answer this question for you :
U1 belongs to G1, therefore he will be assigned the R1 role. Next, you use the ejb deployment descriptors to set your security constraints.

U can also create "local" roles to your EJBs and map them to global roles using the weblogic-ejb-jar.xml file.

Emmanuel
0
 

Author Comment

by:cofactor
ID: 33462488
>>>U1 belongs to G1, therefore he will be assigned the R1 role
why R1 ?  please see we have attached R1,R2,R3 to G1 ....so we can not really say that U1 will be assigned the R1 role ....is not it ?
Not happy with the answer.  Have you understood my query ?
0
 
LVL 10

Expert Comment

by:ECollin
ID: 33482803
of course the user will have also R2 and R3 roles.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 10

Expert Comment

by:ECollin
ID: 33482805
A user can be granted several roles, not only one.
0
 

Author Comment

by:cofactor
ID: 33495052
>>>A user can be granted several roles, not only one.

we are not granting roles to the user directly.  we are adding roles  to the group.  and a user is attached to the group.

So, as per your comments , you are saying when  we add a user 'U1'  to a group ,  user  'U1'  get all roles belong to that group.

I had a confusion exactly here. I assume its a SET i.e user can get only one role from the group but NOT ALL.  ...is not groups are just like SET ? I'm confused here.


ALSO, I have seen old Weblogic servers i.e 7 or below  had a "Role"  settings under "Security Realm" in the admin console....but now Weblogic 9 and above have  "Global Role"  there instead.
what does  this "Global Role" does ?  I have read the weblogc documentation but not able to distinguish the difference between  old   "Role"  and current "Global Role"   .....how are they different ?
0
 
LVL 10

Accepted Solution

by:
ECollin earned 1400 total points
ID: 33508565
hi,

you can grant roles directly to users if you want but it's easier to grant them directly to groups.
A user can have several roles at a time.

Global roles (Role in prévious versions) are visible from all resources and applications in the domain. You can have enterprise application roles, web application roles or ejb roles that are only visible from their own application.

Emmanuel
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This exercise is about for the following scenario: Dmgr and One node with 2 application server. Each application server contains it owns application. Application server name as follows server1 contains app1 server2 contains app1 Prereq…
Go is an acronym of golang, is a programming language developed Google in 2007. Go is a new language that is mostly in the C family, with significant input from Pascal/Modula/Oberon family. Hence Go arisen as low-level language with fast compilation…
Viewers will learn about the regular for loop in Java and how to use it. Definition: Break the for loop down into 3 parts: Syntax when using for loops: Example using a for loop:
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question