Declarative Security, Roles, and Portal 8.1 - Weblogic

This is a discussion on Declarative Security, Roles, and Portal 8.1 - Weblogic ; I am using Portal 8.1 SP3. I am trying to decipher the relationship between Global and Scoped Roles defined in the WebLogic Console, roles defined using declarative security in XML files, and Visitor Roles defined in the Portal Admin application. ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Declarative Security, Roles, and Portal 8.1

  1. Declarative Security, Roles, and Portal 8.1

    I am using Portal 8.1 SP3.

    I am trying to decipher the relationship between Global and Scoped Roles defined in the WebLogic Console, roles defined using declarative security in XML files, and Visitor Roles defined in the Portal Admin application.

    Here is my scenario:

    Portal Application using forms-based authentication. I need to grant access to a portal to all authenticated users. I would like to do so without having to add all of my users (>50,000) to a group in my LDAP user repository.

    This does not appear to be possible using declarative security. I do not have a principal which refers to all of my user population. Can I use FORM as an auth-method and require users to authenticate without specifying an auth-constraint?

    Once a user has authenticated to my application, I would like to use visitor roles to control access to a handful of individual portal resources (portlets, books, etc).

    Again, this does not appear to be possible using declarative security. Defining these visitor roles through the Portal Admin application places the role information in WebLogic's embedded LDAP directory. Is there a way to use these roles declaratively in the web.xml?

  2. Re: Declarative Security, Roles, and Portal 8.1

    Support case S-20042 implies that I can map a role to the "everyone" group, which is created by default.

    However, when I do this, I am not challenged to authenticate. If I map my role (in weblogic.xml) to anything but "everyone" than I am able to authenticate.

    Does the everyone group work with declarative security?

+ Reply to Thread