Solved

J2EE security EJB Roles  and weblogic server

Posted on 2010-08-17
6
635 Views
Last Modified: 2013-12-10
In EJB security and Weblogic server, We see Roles and Groups and Users.I have a doubt here.

Suppose , using weblogic admin console I create the following

I create  a role 'R1' and attach it to  Group 'G1'

I create  a role 'R2' and attach it to  Group 'G1'

I create  a role 'R3' and attach it to  Group 'G1'


Next ...,

I create a user'U1' with password "u1xx" and attach it to group 'G1'

I create a user'U2' with password "u2xx" and attach it to group 'G1'

I create a user'U3' with password "u3xx" and attach it to group 'G1'


Now, problem is , how does a user say  'U1'  will know which Role he is having ?  where is that  connection ?


I have read the doc and deployment descriptor but this part is not clear. So, if you are calling an EJB  with user 'U1' and password 'u1xx'  how does it know which role it has acquired ?  Of course ,Weblogic server will tell you, its attached to Group G1 because it knows 'U1'  is attached to Group 'G1' though but it can not tell you the Role....And unless you know the Role , you can't get the EJB method permission specific to each Role !

Could you please clarify this part ?
0
Comment
Question by:cofactor
  • 4
  • 2
6 Comments
 
LVL 10

Expert Comment

by:ECollin
ID: 33462160
hi,

the weblogic server security framework will answer this question for you :
U1 belongs to G1, therefore he will be assigned the R1 role. Next, you use the ejb deployment descriptors to set your security constraints.

U can also create "local" roles to your EJBs and map them to global roles using the weblogic-ejb-jar.xml file.

Emmanuel
0
 

Author Comment

by:cofactor
ID: 33462488
>>>U1 belongs to G1, therefore he will be assigned the R1 role
why R1 ?  please see we have attached R1,R2,R3 to G1 ....so we can not really say that U1 will be assigned the R1 role ....is not it ?
Not happy with the answer.  Have you understood my query ?
0
 
LVL 10

Expert Comment

by:ECollin
ID: 33482803
of course the user will have also R2 and R3 roles.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 10

Expert Comment

by:ECollin
ID: 33482805
A user can be granted several roles, not only one.
0
 

Author Comment

by:cofactor
ID: 33495052
>>>A user can be granted several roles, not only one.

we are not granting roles to the user directly.  we are adding roles  to the group.  and a user is attached to the group.

So, as per your comments , you are saying when  we add a user 'U1'  to a group ,  user  'U1'  get all roles belong to that group.

I had a confusion exactly here. I assume its a SET i.e user can get only one role from the group but NOT ALL.  ...is not groups are just like SET ? I'm confused here.


ALSO, I have seen old Weblogic servers i.e 7 or below  had a "Role"  settings under "Security Realm" in the admin console....but now Weblogic 9 and above have  "Global Role"  there instead.
what does  this "Global Role" does ?  I have read the weblogc documentation but not able to distinguish the difference between  old   "Role"  and current "Global Role"   .....how are they different ?
0
 
LVL 10

Accepted Solution

by:
ECollin earned 350 total points
ID: 33508565
hi,

you can grant roles directly to users if you want but it's easier to grant them directly to groups.
A user can have several roles at a time.

Global roles (Role in prévious versions) are visible from all resources and applications in the domain. You can have enterprise application roles, web application roles or ejb roles that are only visible from their own application.

Emmanuel
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
Basic understanding on "OO- Object Orientation" is needed for designing a logical solution to solve a problem. Basic OOAD is a prerequisite for a coder to ensure that they follow the basic design of OO. This would help developers to understand the b…
Viewers will learn about the regular for loop in Java and how to use it. Definition: Break the for loop down into 3 parts: Syntax when using for loops: Example using a for loop:
This video teaches viewers about errors in exception handling.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now