0
過去我在web.xml中使用了基於表單的login-config元素的容器管理認證,以及tomcat,jboss和glassfish中的用戶使用了jdbc數據源,但weblogic所需的配置非常複雜。我設法通過遵循本教程http://biemond.blogspot.gr/2008/12/using-database-tables-as-authentication.html創建了一個鏈接到數據源的身份驗證提供程序,但是當我的用戶登錄時,HttpServletRequest.isUserInRole對於我在web.xml中定義的角色返回false,顯然是因爲我沒有映射用戶映射到任何角色的組。我有一個非常簡單的數據庫,其中有一個表USERS,它具有用戶名「email」列和密碼爲「password」的列。此外,表USERS_GROUPS包含用戶和組之間的映射。它有兩列「電子郵件」和「組名」。我還創建了一個身份驗證提供程序「安全領域摘要> myrealm>提供程序> WEB_DEMO_SQLAuthenticator」。它需要我設置了所有的查詢和我在我的域名config.xml中有這種形式:如何使用jdbc數據源在Weblogic 12C中實現容器管理的身份驗證?
<?xml version='1.0' encoding='UTF-8'?>
<domain xmlns="http://xmlns.oracle.com/weblogic/domain" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd">
<name>demoWebApp</name>
<domain-version>12.1.3.0.0</domain-version>
<security-configuration>
<name>demoWebApp</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType">
<sec:name>DefaultAuthenticator</sec:name>
<sec:control-flag>SUFFICIENT</sec:control-flag>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:name>DefaultIdentityAsserter</sec:name>
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:sql-authenticatorType">
<sec:name>WEB_DEMO_SQLAuthenticator</sec:name>
<sec:control-flag>SUFFICIENT</sec:control-flag>
<wls:data-source-name>WEB_DEMO</wls:data-source-name>
<wls:plaintext-passwords-enabled>true</wls:plaintext-passwords-enabled>
<wls:descriptions-supported>false</wls:descriptions-supported>
<wls:sql-get-users-password>SELECT PASSWORD FROM USERS WHERE EMAIL = ?</wls:sql-get-users-password>
<wls:sql-user-exists>SELECT EMAIL FROM USERS WHERE EMAIL = ?</wls:sql-user-exists>
<wls:sql-list-member-groups>SELECT EMAIL FROM USERS_GROUPS WHERE EMAIL = ?</wls:sql-list-member-groups>
<wls:sql-list-users>SELECT EMAIL FROM USERS WHERE EMAIL LIKE ?</wls:sql-list-users>
<wls:sql-list-groups>SELECT GROUPNAME FROM USERS_GROUPS WHERE GROUPNAME LIKE ?</wls:sql-list-groups>
<wls:sql-group-exists>SELECT GROUPNAME FROM USERS_GROUPS WHERE GROUPNAME = ?</wls:sql-group-exists>
<wls:sql-is-member>SELECT EMAIL FROM USERS_GROUPS WHERE GROUPNAME = ? AND EMAIL = ?</wls:sql-is-member>
<wls:password-style>PLAINTEXT</wls:password-style>
<wls:sql-remove-user>DELETE FROM USERS WHERE EMAIL = ?</wls:sql-remove-user>
<wls:sql-remove-group-memberships>DELETE FROM USERS_GROUPS WHERE EMAIL = ? OR GROUPNAME = ?</wls:sql-remove-group-memberships>
<wls:sql-set-user-password>UPDATE USERS SET PASWORD = ? WHERE EMAIL = ?</wls:sql-set-user-password>
<wls:sql-create-group>INSERT INTO USERS_GROUPS VALUES (? , ?)</wls:sql-create-group>
<wls:sql-add-member-to-group>INSERT INTO USERS_GROUPS VALUES(?, ?)</wls:sql-add-member-to-group>
<wls:sql-remove-member-from-group>DELETE FROM USERS_GROUPS WHERE GROUPNAME = ? AND EMAIL = ?</wls:sql-remove-member-from-group>
<wls:sql-remove-group>DELETE FROM USERS_GROUPS WHERE GROUPNAME = ?</wls:sql-remove-group>
<wls:sql-remove-group-member>DELETE FROM USERS_GROUPS WHERE GROUPNAME = ?</wls:sql-remove-group-member>
<wls:sql-list-group-members>SELECT EMAIL FROM USERS_GROUPS WHERE GROUPNAME = ? AND EMAIL LIKE ?</wls:sql-list-group-members>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType">
<sec:name>XACMLRoleMapper</sec:name>
</sec:role-mapper>
<sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType">
<sec:name>XACMLAuthorizer</sec:name>
</sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType">
<sec:name>DefaultAdjudicator</sec:name>
</sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType">
<sec:name>DefaultCredentialMapper</sec:name>
</sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType">
<sec:name>WebLogicCertPathProvider</sec:name>
</sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
<sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
<sec:name>SystemPasswordValidator</sec:name>
<pas:min-password-length>8</pas:min-password-length>
<pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
</sec:password-validator>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{AES}HT7HPcfOUpYRXY6xa6XuJkpi9HxOSG83CxvdVS9swJI2kHYubpy204U5NvKB9qfP78k8NID6f3MU6YOE8dmCG3XypBM2hs3TFBDVNY+qA/SpNC6Sh89ly0eM0trBaylW</credential-encrypted>
<node-manager-username>weblogic</node-manager-username>
<node-manager-password-encrypted>{AES}O0ZR1sqaUUhJ2dJw6vGSuipZ7/65q3AFcGqf8uenlUs=</node-manager-password-encrypted>
</security-configuration>
<server>
<name>AdminServer</name>
<ssl>
<name>AdminServer</name>
<enabled>true</enabled>
</ssl>
<listen-address></listen-address>
<web-service>
<name>AdminServer</name>
<web-service-persistence>
<name>AdminServer</name>
<web-service-logical-store>
<name>WseeStore</name>
<persistence-strategy>LOCAL_ACCESS_ONLY</persistence-strategy>
<request-buffering-queue-jndi-name>weblogic.wsee.BufferedRequestQueue</request-buffering-queue-jndi-name>
<response-buffering-queue-jndi-name>weblogic.wsee.BufferedResponseQueue</response-buffering-queue-jndi-name>
</web-service-logical-store>
</web-service-persistence>
</web-service>
<coherence-cluster-system-resource>defaultCoherenceCluster</coherence-cluster-system-resource>
</server>
<production-mode-enabled>true</production-mode-enabled>
<embedded-ldap>
<name>demoWebApp</name>
<credential-encrypted>{AES}ZJssc/1PU9tdjuviahUTvExJtL9ksS4c+7zKUC1IEJfl13jH/gns/tIil0D2g+rN</credential-encrypted>
</embedded-ldap>
<configuration-version>12.1.3.0.0</configuration-version>
<app-deployment>
<name>state-management-provider-memory-rar-12.1.3</name>
<target>AdminServer</target>
<module-type>rar</module-type>
<source-path>C:/Oracle/Middleware/Oracle_Home/oracle_common/modules/com.oracle.state-management.state-management-provider-memory-rar-impl_12.1.3.rar</source-path>
<security-dd-model>DDOnly</security-dd-model>
<staging-mode>nostage</staging-mode>
</app-deployment>
<app-deployment>
<name>_auto_generated_ear_</name>
<target>AdminServer</target>
<module-type>ear</module-type>
<source-path>C:\dev\eclipse_workspaces\WebAppDemo\.metadata\.plugins\org.eclipse.wst.server.core\tmp0\demoWebApp\_auto_generated_ear_</source-path>
<security-dd-model>DDOnly</security-dd-model>
<staging-mode xsi:nil="true"></staging-mode>
<plan-staging-mode xsi:nil="true"></plan-staging-mode>
<cache-in-app-directory>false</cache-in-app-directory>
</app-deployment>
<jms-server>
<name>WseeJaxwsJmsServer</name>
<target>AdminServer</target>
<persistent-store>WseeJaxwsFileStore</persistent-store>
</jms-server>
<jms-server>
<name>WseeJmsServer</name>
<target>AdminServer</target>
<persistent-store>WseeFileStore</persistent-store>
</jms-server>
<jms-server>
<name>WseeSoapjmsJmsServer</name>
<target>AdminServer</target>
<persistent-store>WseeSoapjmsFileStore</persistent-store>
</jms-server>
<self-tuning>
<work-manager>
<name>weblogic.wsee.jaxws.mdb.DispatchPolicy</name>
<target>AdminServer</target>
</work-manager>
<work-manager>
<name>weblogic.wsee.mdb.DispatchPolicy</name>
<target>AdminServer</target>
</work-manager>
</self-tuning>
<file-store>
<name>WseeJaxwsFileStore</name>
<directory>WseeJaxwsFileStore</directory>
<target>AdminServer</target>
</file-store>
<file-store>
<name>WseeFileStore</name>
<directory>WseeFileStore</directory>
<target>AdminServer</target>
</file-store>
<file-store>
<name>WseeSoapjmsFileStore</name>
<directory>WseeSoapjmsFileStore</directory>
<target>AdminServer</target>
</file-store>
<jms-system-resource>
<name>WseeJaxwsJmsModule</name>
<target>AdminServer</target>
<sub-deployment>
<name>WseeJaxwsJmsServerSub</name>
<target>WseeJaxwsJmsServer</target>
</sub-deployment>
<descriptor-file-name>jms/wseejaxwsjmsmodule-jms.xml</descriptor-file-name>
</jms-system-resource>
<jms-system-resource>
<name>WseeJmsModule</name>
<target>AdminServer</target>
<sub-deployment>
<name>BEA_JMS_MODULE_SUBDEPLOYMENT_WSEEJMSServer</name>
<target>WseeJmsServer</target>
</sub-deployment>
<descriptor-file-name>jms/wseejmsmodule-jms.xml</descriptor-file-name>
</jms-system-resource>
<jms-system-resource>
<name>WseeSoapjmsJmsModule</name>
<target>AdminServer</target>
<sub-deployment>
<name>WseeSoapjmsJmsServerSub</name>
<target>WseeSoapjmsJmsServer</target>
</sub-deployment>
<descriptor-file-name>jms/wseesoapjmsmodule-jms.xml</descriptor-file-name>
</jms-system-resource>
<admin-server-name>AdminServer</admin-server-name>
<jdbc-system-resource>
<name>WEB_DEMO</name>
<target>AdminServer</target>
<descriptor-file-name>jdbc/WEB_DEMO-1358-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
<saf-agent>
<name>ReliableWseeJaxwsSAFAgent</name>
<target>AdminServer</target>
<store>WseeJaxwsFileStore</store>
</saf-agent>
<saf-agent>
<name>ReliableWseeSAFAgent</name>
<target>AdminServer</target>
<store>WseeFileStore</store>
</saf-agent>
<coherence-cluster-system-resource>
<name>defaultCoherenceCluster</name>
<descriptor-file-name>coherence/defaultCoherenceCluster-coherence.xml</descriptor-file-name>
</coherence-cluster-system-resource>
</domain>我可以看到我在WebLogic控制檯創建用戶和他們相關聯基團在安全領域摘要myrealm>用戶和組,但我不知道如何將組與角色關聯。任何人都可以幫助我嗎?謝謝!我寧願我的組合關聯角色將在數據庫或weblogic.xml中定義...