Igor Kromin |   Consultant. Coder. Blogger. Tinkerer. Gamer.

Here's how to add basic HTTP authentication to a Weblogic web service. I've had to do this recently at work and was a little confused at how the role-name, principal-name, etc were related so decided to add this as a note for the future and for anyone else who may be interested.

There are two deployment descriptor files that need modification to add authentication. These are web.xml and weblogic.xml.

The web.xml defines the majority of the configuration. Simply add something like this to it:
 web.xml
...
<security-constraint>
<web-resource-collection>
<web-resource-name>Access to the entire application</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>MyUsers</role-name>
</auth-constraint>
<user-data-constraint>
<description>SSL not required</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>default</realm-name>
</login-config>
<security-role>
<role-name>MyUsers</role-name>
</security-role>
...




This sets up authentication for the entire web app without requiring SSL. The role name used is MyUsers, this is just a reference to the actual role that is defined inside the weblogic.xml file.

The next bit of configuration is inside the weblogic.xml file. This is where the role name is connected to the actual principal that may be used to authenticate the web service.
 weblogic.xml
...
<security-role-assignment>
<role-name>MyUsers</role-name>
<principal-name>weblogicuser</principal-name>
</security-role-assignment>
...


This connects the MyUsers role defined in the web.xml to the Weblogic user named weblogicuser. In place of a user, a group can be used too.

The users/groups are defined inside Weblogic under your realm configuration:
wlssecroles.png



That's all there is to it. The web service will now require authentication before any requests are served.

-i

Have comments or feedback on what I wrote? Please share them below! Found this useful? Consider sending me a small tip.
comments powered by Disqus
Other posts you may like...
Hi! You can search my blog here ⤵
Or browse the recent top tags...

Recent Blog Posts

How to fix Google Cloud SDK dev server error - No module named ipaddr

Adorable but totally metal - Metal Earth 3D Guardians of the Galaxy Groot model kit

Riverside Expressway Cam shut down permanently

Inserting Google DFP ads with Backbone, Underscore and jQuery

How to resolve the domain is already mapped to a project error in Google App Engine

A quick look at the Nyko Super MiniBoss wireless controllers for the SNES mini

Loading and displaying a collection from bootstrapped data in Backbone.js

Add this handy function to your Bash profile file to display the compiled JDK version for a .class file

How does PCBWay stack up as a low budget PCB fab

Resolving the Cannot reference X before supertype constructor is called compiler error in Java

Recent Galleries

BMB-012 Nanoblock T-Rex Skeleton Model assembly

Tiny Arcade revision 6 kit assembly and decal application

Atari Lynx repair - Part 5 - McWill LED screen mod installation

Atari Lynx repair - Part 4 - screen cover replacement

Atari Lynx repair - Part 2 - re-capping the motherboard

Atari Lynx repair - Part 3 - broken speaker replacement

Atari Lynx repair - Part 1 - introduction and case disassembly

Building a custom Atari Lynx game box storage shelf unit in a day

Protecting old Atari Lynx game boxes with snug fit plastic sleeves

Monument Valley 2 is released and does not disappoint

Blogs and Friends

Matt Moores Blog
Georgi's FlatPress Guide
Perplexing Permutations
The Security Sleuth
Ilia Rogatchevski
Travelling Fairy

Blog Activity

Blog Activity