0
Ich hatte die containerverwaltete Authentifizierung mit formularbasiertem login-config-Element in web.xml und einer jdbc-Datenquelle für die Benutzer in tomcat, jboss und glassfish in der Vergangenheit verwendet, aber die Konfiguration in weblogic ist sehr kompliziert. Es ist mir gelungen, einen Authentifizierungsanbieter zu erstellen, der mit einer Datenquelle verknüpft ist, indem ich dieses Tutorial http://biemond.blogspot.gr/2008/12/using-database-tables-as-authentication.html befolge, aber wenn mein Benutzer angemeldet ist, gibt HttpServletRequest.isUserInRole false für die Rollen zurück, die ich in meiner web.xml definiert habe, offensichtlich weil ich nicht zugeordnet habe die Gruppen, denen der Benutzer zugeordnet ist. Ich habe eine sehr einfache Datenbank mit einer Tabelle USERS, die die Spalte "email" hat, die der Benutzername und die Spalte "password" ist, welches das Passwort ist. Auch die Tabelle USERS_GROUPS enthält eine Zuordnung zwischen Benutzern und Gruppen. Es hat zwei Spalten "E-Mail" und "Gruppenname". Ich habe auch einen Authentifikator-Anbieter erstellt "Zusammenfassung der Sicherheitsbereiche> myrealm> Providers> WEB_DEMO_SQLAuthenticator". Ich habe alle Anfragen eingestellt, dass es erfordert und meine config.xml in meiner Domain hat diese Form:Wie kann ich die containergesteuerte Authentifizierung in Weblogic 12C mithilfe einer jdbc-Datenquelle implementieren?
<?xml version='1.0' encoding='UTF-8'?>
<domain xmlns="http://xmlns.oracle.com/weblogic/domain" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd">
<name>demoWebApp</name>
<domain-version>12.1.3.0.0</domain-version>
<security-configuration>
<name>demoWebApp</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType">
<sec:name>DefaultAuthenticator</sec:name>
<sec:control-flag>SUFFICIENT</sec:control-flag>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:name>DefaultIdentityAsserter</sec:name>
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:sql-authenticatorType">
<sec:name>WEB_DEMO_SQLAuthenticator</sec:name>
<sec:control-flag>SUFFICIENT</sec:control-flag>
<wls:data-source-name>WEB_DEMO</wls:data-source-name>
<wls:plaintext-passwords-enabled>true</wls:plaintext-passwords-enabled>
<wls:descriptions-supported>false</wls:descriptions-supported>
<wls:sql-get-users-password>SELECT PASSWORD FROM USERS WHERE EMAIL = ?</wls:sql-get-users-password>
<wls:sql-user-exists>SELECT EMAIL FROM USERS WHERE EMAIL = ?</wls:sql-user-exists>
<wls:sql-list-member-groups>SELECT EMAIL FROM USERS_GROUPS WHERE EMAIL = ?</wls:sql-list-member-groups>
<wls:sql-list-users>SELECT EMAIL FROM USERS WHERE EMAIL LIKE ?</wls:sql-list-users>
<wls:sql-list-groups>SELECT GROUPNAME FROM USERS_GROUPS WHERE GROUPNAME LIKE ?</wls:sql-list-groups>
<wls:sql-group-exists>SELECT GROUPNAME FROM USERS_GROUPS WHERE GROUPNAME = ?</wls:sql-group-exists>
<wls:sql-is-member>SELECT EMAIL FROM USERS_GROUPS WHERE GROUPNAME = ? AND EMAIL = ?</wls:sql-is-member>
<wls:password-style>PLAINTEXT</wls:password-style>
<wls:sql-remove-user>DELETE FROM USERS WHERE EMAIL = ?</wls:sql-remove-user>
<wls:sql-remove-group-memberships>DELETE FROM USERS_GROUPS WHERE EMAIL = ? OR GROUPNAME = ?</wls:sql-remove-group-memberships>
<wls:sql-set-user-password>UPDATE USERS SET PASWORD = ? WHERE EMAIL = ?</wls:sql-set-user-password>
<wls:sql-create-group>INSERT INTO USERS_GROUPS VALUES (? , ?)</wls:sql-create-group>
<wls:sql-add-member-to-group>INSERT INTO USERS_GROUPS VALUES(?, ?)</wls:sql-add-member-to-group>
<wls:sql-remove-member-from-group>DELETE FROM USERS_GROUPS WHERE GROUPNAME = ? AND EMAIL = ?</wls:sql-remove-member-from-group>
<wls:sql-remove-group>DELETE FROM USERS_GROUPS WHERE GROUPNAME = ?</wls:sql-remove-group>
<wls:sql-remove-group-member>DELETE FROM USERS_GROUPS WHERE GROUPNAME = ?</wls:sql-remove-group-member>
<wls:sql-list-group-members>SELECT EMAIL FROM USERS_GROUPS WHERE GROUPNAME = ? AND EMAIL LIKE ?</wls:sql-list-group-members>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType">
<sec:name>XACMLRoleMapper</sec:name>
</sec:role-mapper>
<sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType">
<sec:name>XACMLAuthorizer</sec:name>
</sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType">
<sec:name>DefaultAdjudicator</sec:name>
</sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType">
<sec:name>DefaultCredentialMapper</sec:name>
</sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType">
<sec:name>WebLogicCertPathProvider</sec:name>
</sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
<sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
<sec:name>SystemPasswordValidator</sec:name>
<pas:min-password-length>8</pas:min-password-length>
<pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
</sec:password-validator>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{AES}HT7HPcfOUpYRXY6xa6XuJkpi9HxOSG83CxvdVS9swJI2kHYubpy204U5NvKB9qfP78k8NID6f3MU6YOE8dmCG3XypBM2hs3TFBDVNY+qA/SpNC6Sh89ly0eM0trBaylW</credential-encrypted>
<node-manager-username>weblogic</node-manager-username>
<node-manager-password-encrypted>{AES}O0ZR1sqaUUhJ2dJw6vGSuipZ7/65q3AFcGqf8uenlUs=</node-manager-password-encrypted>
</security-configuration>
<server>
<name>AdminServer</name>
<ssl>
<name>AdminServer</name>
<enabled>true</enabled>
</ssl>
<listen-address></listen-address>
<web-service>
<name>AdminServer</name>
<web-service-persistence>
<name>AdminServer</name>
<web-service-logical-store>
<name>WseeStore</name>
<persistence-strategy>LOCAL_ACCESS_ONLY</persistence-strategy>
<request-buffering-queue-jndi-name>weblogic.wsee.BufferedRequestQueue</request-buffering-queue-jndi-name>
<response-buffering-queue-jndi-name>weblogic.wsee.BufferedResponseQueue</response-buffering-queue-jndi-name>
</web-service-logical-store>
</web-service-persistence>
</web-service>
<coherence-cluster-system-resource>defaultCoherenceCluster</coherence-cluster-system-resource>
</server>
<production-mode-enabled>true</production-mode-enabled>
<embedded-ldap>
<name>demoWebApp</name>
<credential-encrypted>{AES}ZJssc/1PU9tdjuviahUTvExJtL9ksS4c+7zKUC1IEJfl13jH/gns/tIil0D2g+rN</credential-encrypted>
</embedded-ldap>
<configuration-version>12.1.3.0.0</configuration-version>
<app-deployment>
<name>state-management-provider-memory-rar-12.1.3</name>
<target>AdminServer</target>
<module-type>rar</module-type>
<source-path>C:/Oracle/Middleware/Oracle_Home/oracle_common/modules/com.oracle.state-management.state-management-provider-memory-rar-impl_12.1.3.rar</source-path>
<security-dd-model>DDOnly</security-dd-model>
<staging-mode>nostage</staging-mode>
</app-deployment>
<app-deployment>
<name>_auto_generated_ear_</name>
<target>AdminServer</target>
<module-type>ear</module-type>
<source-path>C:\dev\eclipse_workspaces\WebAppDemo\.metadata\.plugins\org.eclipse.wst.server.core\tmp0\demoWebApp\_auto_generated_ear_</source-path>
<security-dd-model>DDOnly</security-dd-model>
<staging-mode xsi:nil="true"></staging-mode>
<plan-staging-mode xsi:nil="true"></plan-staging-mode>
<cache-in-app-directory>false</cache-in-app-directory>
</app-deployment>
<jms-server>
<name>WseeJaxwsJmsServer</name>
<target>AdminServer</target>
<persistent-store>WseeJaxwsFileStore</persistent-store>
</jms-server>
<jms-server>
<name>WseeJmsServer</name>
<target>AdminServer</target>
<persistent-store>WseeFileStore</persistent-store>
</jms-server>
<jms-server>
<name>WseeSoapjmsJmsServer</name>
<target>AdminServer</target>
<persistent-store>WseeSoapjmsFileStore</persistent-store>
</jms-server>
<self-tuning>
<work-manager>
<name>weblogic.wsee.jaxws.mdb.DispatchPolicy</name>
<target>AdminServer</target>
</work-manager>
<work-manager>
<name>weblogic.wsee.mdb.DispatchPolicy</name>
<target>AdminServer</target>
</work-manager>
</self-tuning>
<file-store>
<name>WseeJaxwsFileStore</name>
<directory>WseeJaxwsFileStore</directory>
<target>AdminServer</target>
</file-store>
<file-store>
<name>WseeFileStore</name>
<directory>WseeFileStore</directory>
<target>AdminServer</target>
</file-store>
<file-store>
<name>WseeSoapjmsFileStore</name>
<directory>WseeSoapjmsFileStore</directory>
<target>AdminServer</target>
</file-store>
<jms-system-resource>
<name>WseeJaxwsJmsModule</name>
<target>AdminServer</target>
<sub-deployment>
<name>WseeJaxwsJmsServerSub</name>
<target>WseeJaxwsJmsServer</target>
</sub-deployment>
<descriptor-file-name>jms/wseejaxwsjmsmodule-jms.xml</descriptor-file-name>
</jms-system-resource>
<jms-system-resource>
<name>WseeJmsModule</name>
<target>AdminServer</target>
<sub-deployment>
<name>BEA_JMS_MODULE_SUBDEPLOYMENT_WSEEJMSServer</name>
<target>WseeJmsServer</target>
</sub-deployment>
<descriptor-file-name>jms/wseejmsmodule-jms.xml</descriptor-file-name>
</jms-system-resource>
<jms-system-resource>
<name>WseeSoapjmsJmsModule</name>
<target>AdminServer</target>
<sub-deployment>
<name>WseeSoapjmsJmsServerSub</name>
<target>WseeSoapjmsJmsServer</target>
</sub-deployment>
<descriptor-file-name>jms/wseesoapjmsmodule-jms.xml</descriptor-file-name>
</jms-system-resource>
<admin-server-name>AdminServer</admin-server-name>
<jdbc-system-resource>
<name>WEB_DEMO</name>
<target>AdminServer</target>
<descriptor-file-name>jdbc/WEB_DEMO-1358-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
<saf-agent>
<name>ReliableWseeJaxwsSAFAgent</name>
<target>AdminServer</target>
<store>WseeJaxwsFileStore</store>
</saf-agent>
<saf-agent>
<name>ReliableWseeSAFAgent</name>
<target>AdminServer</target>
<store>WseeFileStore</store>
</saf-agent>
<coherence-cluster-system-resource>
<name>defaultCoherenceCluster</name>
<descriptor-file-name>coherence/defaultCoherenceCluster-coherence.xml</descriptor-file-name>
</coherence-cluster-system-resource>
</domain>Ich kann den Benutzer sieht, dass ich in der WebLogic-Konsole und ihre zugehörigen Gruppen erstellen unter Zusammenfassung der Sicherheitsbereiche myrealm> Benutzer und Gruppen, aber ich weiß im Grunde nicht, wie man Gruppen Rollen zuordnen kann. Kann mir jemand dabei helfen? Vielen Dank! Ich würde es vorziehen, dass meine Rolle zur Gruppenzuordnung entweder in der Datenbank oder in der weblogic.xml definiert wäre ...