tutorial

How to enable basic authentication to weblogic applications.

Below are the contents of the policy file. If you are using versioning for your application your policy file will look like below. The changes…

Prasad Gujar

· Modified

  1. Create an AppTesters group for the basic authentication on weblogic and add a user to it.
  1. Prepare a policy file that will be used to enable the basic authentication for your application.

Below are the contents of the policy file.

<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" PolicyId="urn:bea:xacml:2.0:entitlement:resource:type@E@Fapp@G@M@Oapplication@Esample" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
   <Description>Grp(AppTesters)</Description>
   <Target>
    <Resources>
     <Resource>
      <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">type=&lt;app&gt;, application=sample</AttributeValue>
        <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:resource:resource-ancestor-or-self" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
      </ResourceMatch>
     </Resource>
    </Resources>
   </Target>
   <Rule RuleId="primary-rule" Effect="Permit">
    <Condition>
     <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
       <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">AppTesters</AttributeValue>
       <SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:subject:group" DataType="http://www.w3.org/2001/XMLSchema#string"/>
     </Apply>
    </Condition>
   </Rule>
   <Rule RuleId="deny-rule" Effect="Deny"/>
</Policy>

If you are using versioning for your application your policy file will look like below.

<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" PolicyId="urn:bea:xacml:2.0:entitlement:resource:type@E@Fapp@G@M@Oapplication@Esample#v1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
   <Description>Grp(AppTesters)</Description>
   <Target>
    <Resources>
     <Resource>
      <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">type=&lt;app&gt;, application=sample#v1</AttributeValue>
        <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:resource:resource-ancestor-or-self" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
      </ResourceMatch>
     </Resource>
    </Resources>
   </Target>
   <Rule RuleId="primary-rule" Effect="Permit">
    <Condition>
     <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
       <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">AppTesters</AttributeValue>
       <SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:subject:group" DataType="http://www.w3.org/2001/XMLSchema#string"/>
     </Apply>
    </Condition>
   </Rule>
   <Rule RuleId="deny-rule" Effect="Deny"/>
</Policy>

The changes are highlighted in blue for the versioned deployments.

  1. Create a basicAuth.py script to apply the policy to your deployment.
connect("weblogic","weblogic123","t3://127.0.0.1:7001")
cd('/SecurityConfiguration/base_domain/Realms/myrealm/Authorizers/XACMLAuthorizer')
xacmlFile = open('myPolicy.txt','r')
xacmlDoc = xacmlFile.read()
print(xacmlDoc)
cmo.addPolicy(xacmlDoc)
exit()

  1.  In case you are using versioning , you will require to delete unused policies. For that create a script , basicdel.py

connect(“weblogic”,”weblogic123″,”t3://localhost:7001″)

cd(‘/SecurityConfiguration/base_domain/Realms/myrealm/Authorizers/XACMLAuthorizer’)

cmo.deletePolicy(‘urn:bea:xacml:2.0:entitlement:resource:type@E@Fapp@G@M@Oapplication@Esample#v1′,’1.0’)

exit()

In this example we will be applying the basic authentication policy to sample.war application deployed on oracle weblogic.

  1. source $DOMAIN_HOME/bin/setDomainEnv.sh

Perform the deployment.

java weblogic.Deployer -securityModel CustomRolesAndPolicies -adminurl t3://localhost:7001 -user weblogic -password weblogic123 -deploy -name sample -source sample.war -targets test

Incase you are using a versioned deployment use : 

java weblogic.Deployer -securityModel CustomRolesAndPolicies -adminurl t3://localhost:7001 -user weblogic -password Welcome1 -deploy -name sample -source sample.war -appversion 1.0

Apply the policy : 

java weblogic.WLST basicAuth.py

Once you apply the policy you will get a pop-up for user-id/password on the browser.

Subscribe
Notify of
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments