Igor Kromin |   Consultant. Coder. Blogger. Tinkerer. Gamer.

NOTE: This article is 3 years or older so its information may no longer be relevant. Read on at your own discretion! Comments for this article have automatically been locked, refer to the FAQ for more details.
Here's how to add basic HTTP authentication to a Weblogic web service. I've had to do this recently at work and was a little confused at how the role-name, principal-name, etc were related so decided to add this as a note for the future and for anyone else who may be interested.

There are two deployment descriptor files that need modification to add authentication. These are web.xml and weblogic.xml.

The web.xml defines the majority of the configuration. Simply add something like this to it:
 web.xml
...
<security-constraint>
<web-resource-collection>
<web-resource-name>Access to the entire application</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>MyUsers</role-name>
</auth-constraint>
<user-data-constraint>
<description>SSL not required</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>default</realm-name>
</login-config>
<security-role>
<role-name>MyUsers</role-name>
</security-role>
...




This sets up authentication for the entire web app without requiring SSL. The role name used is MyUsers, this is just a reference to the actual role that is defined inside the weblogic.xml file.

The next bit of configuration is inside the weblogic.xml file. This is where the role name is connected to the actual principal that may be used to authenticate the web service.
 weblogic.xml
...
<security-role-assignment>
<role-name>MyUsers</role-name>
<principal-name>weblogicuser</principal-name>
</security-role-assignment>
...


This connects the MyUsers role defined in the web.xml to the Weblogic user named weblogicuser. In place of a user, a group can be used too.

The users/groups are defined inside Weblogic under your realm configuration:
wlssecroles.png



That's all there is to it. The web service will now require authentication before any requests are served.

-i

Hope you found this post useful...

...so please read on! I love writing articles that provide beneficial information, tips and examples to my readers. All information on my blog is provided free of charge and I encourage you to share it as you wish. There is a small favour I ask in return however - engage in comments below, provide feedback, and if you see mistakes let me know.

If you want to show additional support and help me pay for web hosting and domain name registration, donations, no matter how small, are always welcome!

Use of any information contained in this blog post/article is subject to this disclaimer.
comments powered by Disqus
Other posts you may like...