How to enable basic authentication to weblogic applications.

  1. Create an AppTesters group for the basic authentication on weblogic and add a user to it.
  1. Prepare a policy file that will be used to enable the basic authentication for your application.

Below are the contents of the policy file.

<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" PolicyId="urn:bea:xacml:2.0:entitlement:resource:type@E@Fapp@G@M@Oapplication@Esample" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
   <Description>Grp(AppTesters)</Description>
   <Target>
    <Resources>
     <Resource>
      <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">type=&lt;app&gt;, application=sample</AttributeValue>
        <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:resource:resource-ancestor-or-self" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
      </ResourceMatch>
     </Resource>
    </Resources>
   </Target>
   <Rule RuleId="primary-rule" Effect="Permit">
    <Condition>
     <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
       <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">AppTesters</AttributeValue>
       <SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:subject:group" DataType="http://www.w3.org/2001/XMLSchema#string"/>
     </Apply>
    </Condition>
   </Rule>
   <Rule RuleId="deny-rule" Effect="Deny"/>
</Policy>

If you are using versioning for your application your policy file will look like below.

<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" PolicyId="urn:bea:xacml:2.0:entitlement:resource:type@E@Fapp@G@M@Oapplication@Esample#v1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
   <Description>Grp(AppTesters)</Description>
   <Target>
    <Resources>
     <Resource>
      <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">type=&lt;app&gt;, application=sample#v1</AttributeValue>
        <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:resource:resource-ancestor-or-self" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
      </ResourceMatch>
     </Resource>
    </Resources>
   </Target>
   <Rule RuleId="primary-rule" Effect="Permit">
    <Condition>
     <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
       <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">AppTesters</AttributeValue>
       <SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:subject:group" DataType="http://www.w3.org/2001/XMLSchema#string"/>
     </Apply>
    </Condition>
   </Rule>
   <Rule RuleId="deny-rule" Effect="Deny"/>
</Policy>

The changes are highlighted in blue for the versioned deployments.

  1. Create a basicAuth.py script to apply the policy to your deployment.
connect("weblogic","weblogic123","t3://127.0.0.1:7001")
cd('/SecurityConfiguration/base_domain/Realms/myrealm/Authorizers/XACMLAuthorizer')
xacmlFile = open('myPolicy.txt','r')
xacmlDoc = xacmlFile.read()
print(xacmlDoc)
cmo.addPolicy(xacmlDoc)
exit()

  1.  In case you are using versioning , you will require to delete unused policies. For that create a script , basicdel.py

connect(“weblogic”,”weblogic123″,”t3://localhost:7001″)

cd(‘/SecurityConfiguration/base_domain/Realms/myrealm/Authorizers/XACMLAuthorizer’)

cmo.deletePolicy(‘urn:bea:xacml:2.0:entitlement:resource:type@E@Fapp@G@M@Oapplication@Esample#v1′,’1.0’)

exit()

In this example we will be applying the basic authentication policy to sample.war application deployed on oracle weblogic.

  1. source $DOMAIN_HOME/bin/setDomainEnv.sh

Perform the deployment.

java weblogic.Deployer -securityModel CustomRolesAndPolicies -adminurl t3://localhost:7001 -user weblogic -password weblogic123 -deploy -name sample -source sample.war -targets test

Incase you are using a versioned deployment use : 

java weblogic.Deployer -securityModel CustomRolesAndPolicies -adminurl t3://localhost:7001 -user weblogic -password Welcome1 -deploy -name sample -source sample.war -appversion 1.0

Apply the policy : 

java weblogic.WLST basicAuth.py

Once you apply the policy you will get a pop-up for user-id/password on the browser.

Subscribe
Notify of
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments