Weblogic Container Security

Create Group in Weblogic Security Realm

  1. Navigate to Security Data Tree/Realms/myrealm/Authentication Providers/DefaultAuthenticator/Groups.

  1. Click New.

  2. Create a new Group called SL_ADMIN (Service Layer Admin) Group.

  1. Group created successfully.

Create User in WebLogic Security Realm

Note: User created in Application server realm should be same as user created in Rules Palette for application security.

User with access to search or create policy in OIPA, can perform the CRUD operation (GET/POST/PUT/DELETE) on /policies API. Similarly user with only search access for OIPA application can perform GET operation on /policies API ( Applies to all the APIs supported for the current release). Though user has access to ADMIN role i.e. SL_ADMIN in application server realm, the API will return response as Unauthorized if the user does not have authorization from the palette for a specific entity.

  1. Navigate to Security Data Tree/Realms/myrealm/Authentication Providers/DefaultAuthenticator/Users.

  1. Click New.

  2. Create a new User called qatester3 (Service Layer Admin ) User.

Note: User/Pwd created should be same as OIPA application user.

  1. User created successfully.

  1. Click the newly created user qatester3 and navigate to Membership tab.

  2. Add the group SL_ADMIN from available groups to chosen groups and SAVE.

Create Global Roles in Weblogic Realm

  1. Navigate to Security Data Tree/Realms/myrealm/RoleMappers/XACMLRoleMapper/Global/Roles.

  2. Click New to add a new Global Role called SL_ADMIN role and click CREATE.

  3. Click the Add Conditions button, to add role conditions.

  4. Select Group from the Predicate list.

  5. In the Group Argument Name, enter SL_ADMIN the group name and click OK.

  6. Click on Save

  1. Now, deploy the application. Once the application is deployed, restart the admin, and managed server instances for changes to take effect.