This is a discussion on Re: Using exsiting Oracle infra to secure web services - Weblogic ; Kevin, With the Autorization Provider you wrote, were you able to leverage resource permissions already defined in Oracle? In other words, were you able to access access privileges already defined in Oracle from the custom Authorization Provider. For example, suppose ...
With the Autorization Provider you wrote, were you able to leverage resource permissions
already defined in Oracle? In other words, were you able to access access privileges
already defined in Oracle from the custom Authorization Provider. For example,
suppose user "jsmith" only had read permissions on table FOO and user "jsmith"
was trying to use a Session bean that updated FOO. Can we leverage this security
policy defined in Oracle?
>You'll need to build security providers for Oracle. WLS doesn't ship
>like this, and the examples really don't provide any insight. Having
>done this, I can tell you that you'll need:
>1. Authentication: authentication provider, login module (probably),
>validator (if you want to store more in the principals). This also requires
>MBean be created (there are good examples for this).
>2. Authorization: authorization provider, and access decision. Also
>3. Roles: role provider, role mapper, and (possibly) a security role
> Also needs an MBean.
>It took me about a week to get this going, and then another week with
>to overcome a few issues (one that caused infinite recursion that's gone
>because I got things configured correctly) and to find out what I had
>to do in
>terms of Threads--you have to synchronize everything.
>Make your providers deployable, and you can use the security defined
>in your deployment
>descriptors to validate roles. Just cache that stuff in some hash maps.
>Hope this helps. Good luck.
>>Our system currently uses an Oracle RDBMS for security - users and roles
>>within the database. We are now adding web services and EJBs using WLS
>>like to leverage the existing security database by either having WLS
>>use it directly
>>or somehow intialize the necessary WLS security structures from the
>>The idea is to not change the way security is handled now (and thereby
>>legacy apps) but also not add additional administrative tasks such as
>>users and roles to WLS. I've read almost all the security related documentation
>>and theres so much there that one or both approaches seem feasible but
>>sure. Is either or both approaches feasible and can someone layout the
>>Thanks in advance,