![]() |
![]() |
Secure access to the WebLogic Platform Tour is provided by WebLogic Server security realm user authentication.
To provide secure access to a Web application using user authentication, update the web.xml and weblogic.xml deployment descriptors to define the following parameters:
Deployment descriptors are XML documents that describe the contents of an application directory or JAR file. The J2EE specification defines standard, portable deployment descriptors for J2EE components and applications, such as web.xml. BEA defines additional WebLogic-specific deployment descriptors, such as weblogic.xml, for deploying a component or application in a WebLogic Server environment.
In a WebLogic Server environment, the deployment descriptors are located in the WEB-INF directory of the Web application root directory, as required by the J2EE specification. The WEB-INF directory also contains two subdirectories for storing compiled Java classes and library JAR files. Note that the root directory of the Web application hierarchy defines the document root. All files under this root directory (except files in the WEB-INF directory) can be served to the client.
Security constraints, such as user authentication, are defined in the web.xml file.
For example, supposed you wanted to define security constraints for the e2ePortal application. Open the web.xml file for the e2ePortal application in WebLogic Workshop, as follows:
This file defines the security constraint information as follows:
<!-- Security --> <security-constraint> <web-resource-collection> <web-resource-name>login</web-resource-name> <url-pattern>/Controller.jpf</url-pattern> </web-resource-collection> <auth-constraint> <role-name>employee</role-name> <role-name>manager</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>employee</web-resource-name> <url-pattern>/Employee.portal</url-pattern> </web-resource-collection> <auth-constraint> <role-name>employee</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>manager</web-resource-name> <url-pattern>/Manager.portal</url-pattern> </web-resource-collection> <auth-constraint> <role-name>manager</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login/loginRedirect.jsp</form-login-page> <form-error-page>/login/login_error.jsp</form-error-page> </form-login-config> </login-config> <security-role> <role-name>employee</role-name> </security-role> <security-role> <role-name>manager</role-name> </security-role> <security-role> <description>Administrator</description> <role-name>Admin</role-name> </security-role> <security-role> <description>all users</description> <role-name>AnonymousRole</role-name> </security-role>
The following table describes the XML elements in the previous code excerpt.
To learn more about configuring security, see Securing Web Applications in Programming WebLogic Security, available on E-docs.
Before proceeding to the next step in the WebLogic Platform Tour:
![]() |
![]() |