The Oracle WebLogic Server security features provide end-to-end security for applications on the WebLogic server.
The Oracle WebLogic Server Security Management plug-in provides processes to work with WebLogic Server security configurations. Steps are provided to create and manage role mappers, roles, realms, and authentication providers.
This plug-in includes the following steps:
See Installing plug-ins in HCL Deploy for installing and removing plug-ins.
| Version | Description |
|---|---|
| 2 | Refactored plugin to meet UC standards, changed some step names |
| 1 | Plugin that provides several steps to be executed on elements related to WLS Security Realm. |
To use this plug-in, the Oracle WebLogic Server version 10g or later and agent must be installed.
To access this plug-in in the palette, click Application Server > WebLogic > WebLogic Security Management.
All steps have a required property, which points to the location of a Java bean configuration file. The file contains information for accessing the WebLogic server. The plug-in contains a example file that you can use; however, you can use your own file. The example file is wlsMetadata.xml.
When you create an authentication provider or realm, use the Create or Update step for the object. Do not use the Update step to create objects.
After you deploy changes, you must restart the WebLogic server for the changes to take effect. The server does not detect changes until it is restarted.
Step properties also specify the following information.
The steps rely on the following files on the WebLogic server. You provide the path to them in step properties.
Summary
Usage
Troubleshooting
Steps
<OracleServerDirectory>/wlserver_version/server/lib/wlthint3client.jar <OracleServerDirectory>/wlserver_version/server/lib/wljmxclient.jar <OracleServerDirectory>/wlserver_version/server/lib/wlclient.jar All steps also require connection information for accessing the WebLogic server. Access information is defined in a Java beans configuration file. You provide the path to it in step properties. The wlsMetadata.xml file provided with the plug-in is a working example. You can provide your own file.
You create JMX or XML properties files that define the security objects to create or modify. Objects such as role mapper, roles, realm, authentication provider, users and groups. You provide the path to it in step properties. Example files are provided with the plug-in for roles, users, and groups.
roles.xml users_groups.xmlIf you experience one of the following problems when you use the plug-in, check the associated tip for resolving the issue.
Check that the Host Name property is a simple hostname or IP address. Do not use a protocol in the property value. For example, omit http:.
After you change security objects, you must restart the WebLogic server for changes to take effect. After the restart, changes can be viewed in the user interface.
Use XML files to specify changes to these objects, rather than JMX files. Some errors can be caused by trying to create an object that already exists. For example, if you attempt to create a role that already exists, the step fails.
If the created authentication provider has a name that matches the provider type rather than the name you specified, an incorrect step might have been used. Use the Create or Update Authentication Provider step. Do not use the Update Authentication Provider step when you create an authentication provider.
You can set up and use a wlfullclient.jar file. See the instructions in the Oracle documentation.
Process steps in WLS Security Management plug-in
Use this step to create a role mapper on a WebLogic server.
| Name | Type | Description | Required |
|---|---|---|---|
| JMX JAR Path | String | The path to the wlfullclient.jar file, which is located in the /server/lib directory. Specify the complete directory structure, for example: WebLogic_home_directory/server/lib/wlfullclient.jar. | Yes |
| Metadata File Path | String | The path to the wlsMetadata.xml file. The file contains connection information for the WebLogic server. An example file is located in the /extras directory. | No |
| Password | Password | The password to use to authenticate with the WebLogic server. | Yes |
| Realm | String | The name of the security realm for which the role mapper is created. | Yes |
| Role Mapper Name | String | The name of the role mapper to be created. | Yes |
| Role Mapper Properties | String | The path of the role mapper properties file. | Yes |
| Role Mapper Type | Enumeration | The type of role mapper to be created. Specify either DefaultRoleMapper or XACMLRoleMapper. | Yes |
| User Name | String | The user name to use to authenticate with the WebLogic server. | Yes |
| WebLogic Hostname | String | The host name of the computer where the WebLogic server is installed. | Yes |
| WebLogic Port | String | The port number of the WebLogic server. | Yes |
Use this step to create an authentication provider on the WebLogic server.
| Name | Type | Description | Required |
|---|---|---|---|
| Authentication Provider Name | String | The name of the authentication provider to be created. | Yes |
| Authentication Provider Properties | String | The path to the authentication provider properties file. | Yes |
| Authentication Provider Type | String | The type of authentication provider to be created. | Yes |
| JMX JAR Path | String | The path to the wlfullclient.jar file, which is located in the /server/lib directory. Specify the complete directory structure, for example: WebLogic_home_directory/server/lib/wlfullclient.jar. | Yes |
| Metadata File Path | String | The path to the wlsMetadata.xml file. The file contains connection information for the WebLogic server. An example file is located in the /extras directory. | Yes |
| Password | Password | The password to use to authenticate with the WebLogic server. | Yes |
| Realm | String | The name of the security realm for which the authentication provider is created. | Yes |
| User Name | String | The user name to use to authenticate with the WebLogic server. | Yes |
| WebLogic Hostname | String | The host name of the computer where the WebLogic server is installed. | Yes |
| Weblogic Port | String | The port number of the WebLogic server. | Yes |
Use this step to create or update a realm on a WebLogic server.
| Name | Type | Description | Required |
|---|---|---|---|
| JMX JAR Path | String | The path to the wlfullclient.jar file which is located in the /server/lib directory. Specify the complete directory structure, for example: WebLogic_home_directory/server/lib/wlfullclient.jar. | Yes |
| Metadata File Path | String | The path to the wlsMetadata.xml file. The file contains connection information for the WebLogic server. An example file is located in the /extras directory. | Yes |
| Password | Password | The password to use to authenticate with the WebLogic server. | Yes |
| Realm | String | The name of the realm to be created on the WebLogic server. | Yes |
| Realm Properties Path | String | The path to the realm properties file. | Yes |
| User Name | String | The user name to use to authenticate with the WebLogic server. | Yes |
| WebLogic Hostname | String | The host name of the computer where the WebLogic server is installed. | Yes |
| WebLogic Port | String | The port number of the WebLogic server. | Yes |
Use this step to manage users and groups that are associated with a security realm by using an XML file.
| Name | Type | Description | Required |
|---|---|---|---|
| JMX JAR Path | String | The path to the wlfullclient.jar file, which is located in the /server/lib directory. Specify the complete directory structure, for example: WebLogic_home_directory/server/lib/wlfullclient.jar. | Yes |
| Metadata File Path | String | The path to the wlsMetadata.xml file. The file contains connection information for the WebLogic server. An example file is located in the /extras directory. | Yes |
| Password | Password | The password to use to authenticate with the WebLogic server. | Yes |
| User Name | String | The user name to use to authenticate with the WebLogic server. | Yes |
| WebLogic Hostname | String | The host name of the computer where the WebLogic server is installed. | Yes |
| WebLogic Port | String | The port number of the WebLogic server. | Yes |
| XML File Path | String | The path to the XML file that defines the actions to take for the specified users and groups. An example XML file, which is named users_groups.xml, is located in the /extras directory. | Yes |
Use this step to manages roles on a WebLogic server using an XML file.
| Name | Type | Description | Required |
|---|---|---|---|
| JMX JAR Path | String | The path to the wlfullclient.jar file which is located in the server/lib directory. Specify the complete directory structure, for example: WebLogic_home_directory/server/lib/wlfullclient.jar. | Yes |
| Metadata File Path | String | The path to the wlsMetadata.xml file. The file contains connection information for the WebLogic server. An example file is located in the /extras directory. | Yes |
| Password | Password | The password to use to authenticate with the WebLogic server. | Yes |
| Role Operations | String | The path to the XML file that contains the role operations. This file describes the operations that are associated with each properties. An example XML file, which is named roles.xml, is located in the /extras directory. | Yes |
| User Name | String | The user name to use to authenticate with the WebLogic server. | Yes |
| WebLogic Hostname | String | The host name of the computer where the WebLogic server is installed. | Yes |
| WebLogic Port | String | The port number of the WebLogic server. | Yes |
Use this step to update an authentication provider on a WebLogic server.
| Name | Type | Description | Required |
|---|---|---|---|
| Authentication Provider Name | String | The name of the authentication provider to be updated. | Yes |
| Authentication Provider Properties | String | The path to the authentication provider properties file. | Yes |
| Authentication Provider Type | String | The type of authentication provider to be updated. | Yes |
| JMX JAR Path | String | The path to the wlfullclient.jar file, which is located in the /server/lib directory. Specify the complete directory structure, for example: WebLogic_home_directory/server/lib/wlfullclient.jar. | Yes |
| Metadata File Path | String | The path to the wlsMetadata.xml file. The file contains connection information for the WebLogic server. An example file is located in the /extras directory. | Yes |
| Password | Password | The password to use to authenticate with the WebLogic server. | Yes |
| Realm | String | The name of the security realm for which the authentication provider is updated. | Yes |
| User Name | String | The user name to use to authenticate with the WebLogic server. | Yes |
| WebLogic Hostname | String | The host name of the computer where the WebLogic server is installed. | Yes |
| WebLogic Port | String | The port number of the WebLogic server. | Yes |
Use this step to update a security realm on a WebLogic server.
| Name | Type | Description | Required |
|---|---|---|---|
| JMX JAR Path | String | The path to the wlfullclient.jar file which is location in the /server/lib directory. Specify the complete directory structure, for example: WebLogic_home_directory/server/lib/wlfullclient.jar. | Yes |
| Metadata File Path | String | The path to the wlsMetadata.xml file. The file contains connection information for the WebLogic server. An example file is located in the /extras directory. | Yes |
| Password | Password | The password to use to authenticate with the WebLogic server. | Yes |
| Realm | String | The name of the security realm to be updated. | Yes |
| Realm Properties Path | String | The path to the realm properties file. | Yes |
| User Name | String | The user name to use to authenticate with the WebLogic server. | Yes |
| WebLogic Hostname | String | The host name of the computer where the WebLogic server is installed. | Yes |
| WebLogic Port | String | The port number of the WebLogic server. | Yes |
