help desperately needed for RoleMapper/Authorization in WL8.1SP2 - Weblogic

This is a discussion on help desperately needed for RoleMapper/Authorization in WL8.1SP2 - Weblogic ; Hi, We have been trying to make a role mapper and authorization process work on WL 8.1SP2 for last few days and have not been able to. We have implemented a RoleMapper on similar lines to the one given in ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: help desperately needed for RoleMapper/Authorization in WL8.1SP2

  1. help desperately needed for RoleMapper/Authorization in WL8.1SP2


    Hi,
    We have been trying to make a role mapper and authorization process work on WL
    8.1SP2 for last few days and have not been able to. We have implemented a RoleMapper
    on similar lines to the one given in sample code on bea's site. The other settings
    that we have done are:

    1. Provided a security policy for inididual methods of EJB, these should be accessible
    to say "xyz" role only.
    2. In realm set "Check Roles and Policies for" to all web applications.
    3. Deploy the rolemapper. We also have an authentication provider and an identity
    asserter deployed. Rest all are default provided.

    In my rolemapper I am printing the roles being returned.

    The problem we are getting is, when no roles are returned by getRoles method of
    our rolemapper, even in that case user is being allowed to access protected method.
    The expected behaviour here is, the user should be denied access with an exception.
    The same code is working on WL 8.1 (without any service pack) and throwing an
    exception "insufficient previlages...".

    I'll be highly thankful to anyone who can help me on this. If there is any more
    information that I should provide for proper diagnosis of problem please do let
    me know.

    regards,
    Vikas.

  2. Re: help desperately needed for RoleMapper/Authorization in WL8.1SP2


    If the code is behaving differently between 8.1 and 8.1 SP2 I'd suggest you open
    a BEA support case on the problem.

    "vikas tyagi" wrote:
    >
    >Hi,
    >We have been trying to make a role mapper and authorization process work
    >on WL
    >8.1SP2 for last few days and have not been able to. We have implemented
    >a RoleMapper
    >on similar lines to the one given in sample code on bea's site. The other
    >settings
    >that we have done are:
    >
    >1. Provided a security policy for inididual methods of EJB, these should
    >be accessible
    >to say "xyz" role only.
    >2. In realm set "Check Roles and Policies for" to all web applications.
    >3. Deploy the rolemapper. We also have an authentication provider and
    >an identity
    >asserter deployed. Rest all are default provided.
    >
    >In my rolemapper I am printing the roles being returned.
    >
    >The problem we are getting is, when no roles are returned by getRoles
    >method of
    >our rolemapper, even in that case user is being allowed to access protected
    >method.
    >The expected behaviour here is, the user should be denied access with
    >an exception.
    >The same code is working on WL 8.1 (without any service pack) and throwing
    >an
    >exception "insufficient previlages...".
    >
    >I'll be highly thankful to anyone who can help me on this. If there is
    >any more
    >information that I should provide for proper diagnosis of problem please
    >do let
    >me know.
    >
    >regards,
    >Vikas.



  3. Re: help desperately needed for RoleMapper/Authorization in WL8.1SP2


    Finally we could figure out what was going wrong ( thanks to a very helpful guy
    at BEA support), while defining security policy , the inherited policy statement
    was "Caller is member of group everyone". This needs to be changed to "Caller
    is member of group users".

    If anyone faces this same issue, this might be of help.



    Vikas.

+ Reply to Thread