This section describes security considerations to be aware of when developing applications using Liquid Data controls. The following sections are included:
The WebLogic Workshop Application Properties (Tools —> Application Properties) allow you to set the connection information to connect to the domain in which you are running. You can either use the connection information specified in the domain boot.properties file or override that information with a specified username and password.
When you create a Liquid Data Control (.jcx) file and are connecting to a local Liquid Data server (Liquid Data on the same domain as Workshop), the user specified in the Application Properties is used to connect to the Liquid Data server. When you create a Liquid Data Control and are connecting to a remote Liquid Data server (Liquid Data on a different domain from Workshop), you specify the connection information in the Liquid Data Control Wizard Connection information dialog (see Figure 1-5).
When you create a Liquid Data Control, the Control Wizard displays all queries to which the specified user has access privileges. The access privileges are defined by any security policies set on the queries, either directly or indirectly.
Note: The security credentials specified through the Application Properties or through the Liquid Data Control Wizard are only used for creating the Liquid Data Control (.jcx) file, not for testing queries through the control. To test a query through the control, you must get the user credentials either through the application (from a login page, for example) or by using the run-as property in the Web Service file.
For testing, you can use the run-as property to test a control running as a specified user. To set the run-as property in a Web Service, open the Web Service and enter a user for the run-as property in the WebLogic Workshop property editor. Queries run through a Liquid Data Control used by the Web Service
When a query is run from an application, the application must have a mechanism for getting the security credential. The credential can come from a login screen, it can be hard-coded in the application, or it can be imbedded in a J2EE component (for example, using the run-as property in a .jws Web Service file).
Note: The Liquid Data Control property editor shows a run-as property, but the run-as property in the Liquid Data Control does not cause the Liquid Data Control to run as the specified user. If you want to use this feature, you must specify the run-as property in the .jws file, not in the .jcx file.
If the Liquid Data server is on different domain from WebLogic Workshop, then both domains must be set up as trusted domains. This is true even if security is not enabled on Liquid Data.
Domains are considered trusted domains if they share the same security credentials. With trusted domains, a user that exists on one domain need not be authenticated on the other domain (as long as the user exists on both domains).
Note: After configuring domains as trusted, you must restart the domains before the trusted configuration takes effect.
Perform the following steps to configure domains as a trusted:
Figure 1-20 Setting up Trusted Domains
For more details on WebLogic security, see Configuring Security for a WebLogic Domain in the WebLogic Server documentation.