J2EE security EJB Roles  and weblogic server

Posted on 2010-08-17
Medium Priority
Last Modified: 2013-12-10
In EJB security and Weblogic server, We see Roles and Groups and Users.I have a doubt here.

Suppose , using weblogic admin console I create the following

I create  a role 'R1' and attach it to  Group 'G1'

I create  a role 'R2' and attach it to  Group 'G1'

I create  a role 'R3' and attach it to  Group 'G1'

Next ...,

I create a user'U1' with password "u1xx" and attach it to group 'G1'

I create a user'U2' with password "u2xx" and attach it to group 'G1'

I create a user'U3' with password "u3xx" and attach it to group 'G1'

Now, problem is , how does a user say  'U1'  will know which Role he is having ?  where is that  connection ?

I have read the doc and deployment descriptor but this part is not clear. So, if you are calling an EJB  with user 'U1' and password 'u1xx'  how does it know which role it has acquired ?  Of course ,Weblogic server will tell you, its attached to Group G1 because it knows 'U1'  is attached to Group 'G1' though but it can not tell you the Role....And unless you know the Role , you can't get the EJB method permission specific to each Role !

Could you please clarify this part ?
Question by:cofactor
  • 4
  • 2
LVL 10

Expert Comment

ID: 33462160

the weblogic server security framework will answer this question for you :
U1 belongs to G1, therefore he will be assigned the R1 role. Next, you use the ejb deployment descriptors to set your security constraints.

U can also create "local" roles to your EJBs and map them to global roles using the weblogic-ejb-jar.xml file.


Author Comment

ID: 33462488
>>>U1 belongs to G1, therefore he will be assigned the R1 role
why R1 ?  please see we have attached R1,R2,R3 to G1 ....so we can not really say that U1 will be assigned the R1 role ....is not it ?
Not happy with the answer.  Have you understood my query ?
LVL 10

Expert Comment

ID: 33482803
of course the user will have also R2 and R3 roles.
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

LVL 10

Expert Comment

ID: 33482805
A user can be granted several roles, not only one.

Author Comment

ID: 33495052
>>>A user can be granted several roles, not only one.

we are not granting roles to the user directly.  we are adding roles  to the group.  and a user is attached to the group.

So, as per your comments , you are saying when  we add a user 'U1'  to a group ,  user  'U1'  get all roles belong to that group.

I had a confusion exactly here. I assume its a SET i.e user can get only one role from the group but NOT ALL.  ...is not groups are just like SET ? I'm confused here.

ALSO, I have seen old Weblogic servers i.e 7 or below  had a "Role"  settings under "Security Realm" in the admin console....but now Weblogic 9 and above have  "Global Role"  there instead.
what does  this "Global Role" does ?  I have read the weblogc documentation but not able to distinguish the difference between  old   "Role"  and current "Global Role"   .....how are they different ?
LVL 10

Accepted Solution

ECollin earned 1400 total points
ID: 33508565

you can grant roles directly to users if you want but it's easier to grant them directly to groups.
A user can have several roles at a time.

Global roles (Role in prévious versions) are visible from all resources and applications in the domain. You can have enterprise application roles, web application roles or ejb roles that are only visible from their own application.


Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Introduction This article is the last of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers our test design approach and then goes through a simple test case example, how …
In this post we will learn different types of Android Layout and some basics of an Android App.
Video by: Michael
Viewers learn about how to reduce the potential repetitiveness of coding in main by developing methods to perform specific tasks for their program. Additionally, objects are introduced for the purpose of learning how to call methods in Java. Define …
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question