Custom Role Mapping Provider in Weblogic

The default (that is, active) security realm for WebLogic Server includes a WebLogic Role Mapping provider. The WebLogic Role Mapping provider computes dynamic security roles for a specific user (subject) with respect to a specific protected WebLogic resource for each of the default users and WebLogic resources. The WebLogic Role Mapping provider supports the deployment and undeployment of security roles within the system. The WebLogic Role Mapping provider uses the same security policy engine as the WebLogic Authorization provider. If you want to use a role mapping mechanism that already exists within your organization, you could create a custom role mapping provider to tie into that system.

You need 3 Files, a XML File with the configuration, the Provider and the Implementation of a Role.

The Config File:

<?xml version="1.0" ?>
<!DOCTYPE MBeanType SYSTEM "commo.dtd">

<MBeanType
 Name          = "MYRoleMapper"
 DisplayName   = "MYRoleMapper"
 Package       = "MY.security"
 Extends       = "weblogic.management.security. authorization.RoleMapper"
 PersistPolicy = "OnUpdate"
>
 <MBeanAttribute
  Name          = "ProviderClassName"
  Type          = "java.lang.String"
  Writeable     = "false"
  Preprocessor  = "weblogic.management.configuration.LegalHelper.checkClassName(value)"
  Default       = "&quot;MY.security.MYRoleMapperProviderImpl&quot;"
 />

 <MBeanAttribute
  Name          = "Description"
  Type          = "java.lang.String"
  Writeable     = "false"
  Default       = "&quot;MY RM provider &quot;"
 />

 <MBeanAttribute
  Name          = "Version"
  Type          = "java.lang.String"
  Writeable     = "false"
  Default       = "&quot;1.2&quot;"
 />

</MBeanType>

The Actual Provider MYRoleMapperProviderImpl.java:

public class MYRoleMapperProviderImpl implements RoleProvider, RoleMapper {
    private String description;
    private static final Map<String, SecurityRole> NO_ROLES = Collections.unmodifiableMap(new HashMap<String, SecurityRole>(1));

    private final static String RESSOURCE_URL = "<url>";
    private final static String RESSOURCE_EJB = "<ejb>";

    private enum rollen {
        READER;
    }

    @Override
    public void initialize(ProviderMBean mbean, SecurityServices services) {
        description = mbean.getDescription() + "\n" + mbean.getVersion();
    }

    @Override
    public String getDescription() {
        return description;
    }

    @Override
    public void shutdown() {

    }

    @Override
    public RoleMapper getRoleMapper() {
        return this;
    }

    @Override
    public Map<String, SecurityRole> getRoles(Subject subject, Resource resource, ContextHandler handler) {
        Map<String, SecurityRole> roles = new HashMap<String, SecurityRole>();
        Set<Principal> principals = subject.getPrincipals();
        for (Resource res = resource; res != null; res = res.getParentResource()) {
            getRoles(res, principals, roles);
        }
        if (roles.isEmpty()) {
            return NO_ROLES;
        }
        return roles;
    }

    private void getRoles(Resource resource, Set<Principal> principals, Map<String, SecurityRole> roles) {
        if (resource.getType() == RESSOURCE_URL || resource.getType() == RESSOURCE_EJB) {
                            roles.put(rollen.READER.toString(), new MYSecurityRoleImpl(rollen.READER.toString(), "READER Rolle"));          
            }
    }
}

simple Role Implementation:

package MY.security;

import weblogic.security.service.SecurityRole;

public class MYSecurityRoleImpl implements SecurityRole {

    private String _roleName;
       private String _description;
       private int _hashCode;

       public MYSecurityRoleImpl(String roleName, String description)
       {
          _roleName = roleName;
          _description = description;
          _hashCode = roleName.hashCode() + 17;
       }

       public boolean equals(Object secRole)
       {
          if (secRole == null) 
          {
             return false;
          }

          if (this == secRole) 
          {
             return true;
          }

          if (!(secRole instanceof MYSecurityRoleImpl)) 
          {
             return false;
          }

          MYSecurityRoleImpl anotherSecRole = (MYSecurityRoleImpl)secRole;

          if (!_roleName.equals(anotherSecRole.getName())) 
          {
             return false;
          }

          return true;
       }

       public String toString () { return _roleName; }
       public int hashCode () { return _hashCode; }
       public String getName () { return _roleName; }
       public String getDescription () { return _description; }
}

For more information go through documentation

Now you need to configure in weblogic admin console in security realms – providers- new

Happy learning with Vinay in techartifact…..

Create datasource in weblogic by python script

Hi All,

If you want to create datasources in weblogic manually or through program. You can write a python script and invoke that python script with maven to use this in devops. This is quite common requirment. If you want to setup new environment using maven, this will be really helpful.

Below is follow script used for that

adminUserName='weblogic'
adminPassword='Weblogic1'
adminURL='t3://hostname:port'
databasehost='hostname'


connect(UserName, Password, adminURL)
edit()
startEdit()

cd('/')
cmo.createJDBCSystemResource('techartifactDS')

cd('/JDBCSystemResources/techartifact/JDBCResource/techartifactDS')
cmo.setName('techartifactDS')

cd('/JDBCSystemResources/techartifact/JDBCResource/JDBCDataSourceParams/techartifactDS')
set('JNDINames',jarray.array([String('jdbc/techartifactDS')], String))

cd('/JDBCSystemResources/techartifact/JDBCResource/JDBCDriverParams/techartifactDS')
cmo.setUrl('jdbc:oracle:thin:@' + databasehost + ':1521:xe')
cmo.setDriverName('oracle.jdbc.OracleDriver')
cmo.setPassword('passwordFortechartifactDS')

cd('/JDBCSystemResources/techartifact/JDBCResource/JDBCConnectionPoolParams/techartifactDS')
cmo.setTestTableName('SQL SELECT 1 FROM DUAL\r\n\r\n')

cd('/JDBCSystemResources/techartifact/JDBCResource/JDBCDriverParams/techartifactDS/Properties/techartifact')
cmo.createProperty('user')

cd('/JDBCSystemResources/techartifact/JDBCResource/JDBCDriverParams/techartifactDS/Properties/techartifact/Properties/user')
cmo.setValue('techartifact')

cd('/JDBCSystemResources/techartifact/JDBCResource/JDBCDataSourceParams/techartifactDS')
cmo.setGlobalTransactionsProtocol('OnePhaseCommit')

cd('/SystemResources/techartifact')
set('Targets',jarray.array([ObjectName('com.bea:Name=WCP_PORTAL,Type=Cluster')], ObjectName))

activate()

Happy coding with python with Vinay

Setting a WebCenter Maintenance Page

When you shutdown WebCenter, the apache weblogic mod takes over the control of error pages and shows:

Failure of server APACHE bridge:
No backend server available for connection: timed out after 10 seconds or idempotent set to OFF.

Let’s face it that’s not user friendly and needs to be replaced with a nice page.

Solution
You can set a custom error page following the steps below:

*if you haven’t got OHS_HOME, I recommend you set up this environment variable. The path should look similar to the below:
/apps/oracle/product/middleware/Oracle_WT1/instances/instance1/config/OHS/ohs1

First copy your custom html to the server.
Move the files to
$OHS_HOME/htdocs/
For example you have a file called
maintenance.html

Next modify the config file for the weblogic mod
nano $OHS_HOME/mod_wl_ohs.conf
within the Webcenter location add


LOCATION STUFF
ErrorPage http://[hostname]/maintenance.html

Now to test the change, restart OHS. (if you’re in clustered mode run with 1 spaces, 1 OHS only for now)
Stop Spaces.
Go to WebCenter home.
New html maintenance page displays.
Restart spaces in WLS console.
Spaces displays correctly.

Ensure you copy the files/change in every OHS if you’re in a clustered deployment.

——————————————————————————————————————–

You can set up the maintenance page when at the Web server level when the application is down in the App layer. Here is the reference for Oracle HTTP server, same you can do it for any other web server too..!!

You can achieve this by configuring an error page at the WebServer (part of web-tier).

For example, in the case of a Oracle HTTP Server (OHS), you could do the following:

1. Place your maintenance page at /config/OHS//htdocs.

For Example, /config/OHS//htdocs/errorPage500.html

2. Open the OHS httpd.conf located at /config/OHS/ in an editor and search for the string ‘ErrorDocument 403′ which can be seen as commented text. Next to the commented text line, add the below lines for configuring the Error

Pages (500 —> backend server unavailable, 403 —> forbidden request, 404 –> Resource Not available). For the below example, we had 3 html pages errorPage500.html, errorPage403.html and errorPage404.html are deployed in OHS htdocs.

ErrorDocument 500 /errorPage500.html
ErrorDocument 403 /errorPage403.html
ErrorDocument 404 /errorPage404.html

3. Save the changes to the httpd.conf file.

4. Restart OHS server

———————————————————————————————————————-

Maintenance page for weblogic server

In Apache httpd.conf file put the below , replace the /console with proper context root and same with the host and port no.


SetHandler weblogic-handler
WebLogicHost 192.168.50.57
WebLogicPort 7001
ErrorPage /maintain.html

Place your customized maintain.html in the Root directory.

Happy learning with Vinay in techartifact….