?
Solved

J2EE security EJB Roles  and weblogic server

Posted on 2010-08-17
6
Medium Priority
?
652 Views
Last Modified: 2013-12-10
In EJB security and Weblogic server, We see Roles and Groups and Users.I have a doubt here.

Suppose , using weblogic admin console I create the following

I create  a role 'R1' and attach it to  Group 'G1'

I create  a role 'R2' and attach it to  Group 'G1'

I create  a role 'R3' and attach it to  Group 'G1'


Next ...,

I create a user'U1' with password "u1xx" and attach it to group 'G1'

I create a user'U2' with password "u2xx" and attach it to group 'G1'

I create a user'U3' with password "u3xx" and attach it to group 'G1'


Now, problem is , how does a user say  'U1'  will know which Role he is having ?  where is that  connection ?


I have read the doc and deployment descriptor but this part is not clear. So, if you are calling an EJB  with user 'U1' and password 'u1xx'  how does it know which role it has acquired ?  Of course ,Weblogic server will tell you, its attached to Group G1 because it knows 'U1'  is attached to Group 'G1' though but it can not tell you the Role....And unless you know the Role , you can't get the EJB method permission specific to each Role !

Could you please clarify this part ?
0
Comment
Question by:cofactor
  • 4
  • 2
6 Comments
 
LVL 10

Expert Comment

by:ECollin
ID: 33462160
hi,

the weblogic server security framework will answer this question for you :
U1 belongs to G1, therefore he will be assigned the R1 role. Next, you use the ejb deployment descriptors to set your security constraints.

U can also create "local" roles to your EJBs and map them to global roles using the weblogic-ejb-jar.xml file.

Emmanuel
0
 

Author Comment

by:cofactor
ID: 33462488
>>>U1 belongs to G1, therefore he will be assigned the R1 role
why R1 ?  please see we have attached R1,R2,R3 to G1 ....so we can not really say that U1 will be assigned the R1 role ....is not it ?
Not happy with the answer.  Have you understood my query ?
0
 
LVL 10

Expert Comment

by:ECollin
ID: 33482803
of course the user will have also R2 and R3 roles.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 10

Expert Comment

by:ECollin
ID: 33482805
A user can be granted several roles, not only one.
0
 

Author Comment

by:cofactor
ID: 33495052
>>>A user can be granted several roles, not only one.

we are not granting roles to the user directly.  we are adding roles  to the group.  and a user is attached to the group.

So, as per your comments , you are saying when  we add a user 'U1'  to a group ,  user  'U1'  get all roles belong to that group.

I had a confusion exactly here. I assume its a SET i.e user can get only one role from the group but NOT ALL.  ...is not groups are just like SET ? I'm confused here.


ALSO, I have seen old Weblogic servers i.e 7 or below  had a "Role"  settings under "Security Realm" in the admin console....but now Weblogic 9 and above have  "Global Role"  there instead.
what does  this "Global Role" does ?  I have read the weblogc documentation but not able to distinguish the difference between  old   "Role"  and current "Global Role"   .....how are they different ?
0
 
LVL 10

Accepted Solution

by:
ECollin earned 1400 total points
ID: 33508565
hi,

you can grant roles directly to users if you want but it's easier to grant them directly to groups.
A user can have several roles at a time.

Global roles (Role in prévious versions) are visible from all resources and applications in the domain. You can have enterprise application roles, web application roles or ejb roles that are only visible from their own application.

Emmanuel
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Java functions are among the best things for programmers to work with as Java sites can be very easy to read and prepare. Java especially simplifies many processes in the coding industry as it helps integrate many forms of technology and different d…
Basic understanding on "OO- Object Orientation" is needed for designing a logical solution to solve a problem. Basic OOAD is a prerequisite for a coder to ensure that they follow the basic design of OO. This would help developers to understand the b…
The viewer will learn how to implement Singleton Design Pattern in Java.
This tutorial explains how to use the VisualVM tool for the Java platform application. This video goes into detail on the Threads, Sampler, and Profiler tabs.
Suggested Courses
Course of the Month16 days, 11 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question