WLS 6.1 sp2 EJB ServletAuthentication.weak
frank.ren...@nordea.com
I work with an web application where some parts of the application is
open and other parts need authorisation.
I use the functionality in wls 6.1 which is given by
ServletAuthentication to authorise users. The users is stored in an
LDAP.
My problem is that I have an EJB which dont work after a user has
logged in..more exact, after the ServletAuthentication.weak is run, the
EJB lookup fails....
I would be grateful for any help to solve this problem...or hints in
this matter.
Best regards
Frank
sti...@gmail.com
frank.ren...@nordea.com skrev:
> Hi
> ....
> My problem is that I have an EJB which dont work after a user has
> logged in..more exact, after the ServletAuthentication.weak is run, the
> EJB lookup fails....
>
> ....
> Frank
Do you get a security exception?
The story is:
1) define the user 'topsecprincipal' in Weblogic LDAP
2) define in weblogic.xml mapping the user to a role 'topsecrole':
<weblogic-web-app>
<context-root>/toptime</context-root>
<security-role-assignment>
<role-name>topsecrole</role-name>
<principal-name>topsecprincipal</principal-name>
</security-role-assignment>
</weblogic-web-app>
3) define in web.xml (for web applications) the required role for
access
<security-constraint>
<web-resource-collection>
<web-resource-name>example</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>topsecrole</role-name>
</auth-constraint>
</security-constraint>
or in ejb-jar.xml equivalent security role assignment for ejb's
http://e-docs.bea.com/wls/docs81/ejb/DDreference-ejb-jar.html#1115858
Otherwise post your exceptions here...
(yeah, I'm danish)