How to create security role in weblogic

问题

I followed this totorial to create security role in weblogic: http://blog.whitehorses.nl/2010/01/29/weblogic-web-application-container-security-part-1/

I create in weblogic server group RobMon and user monitor with pass. Then I create this xml:

my web.xml:

<security-constraint>

    <web-resource-collection>
        <web-resource-name>my-application</web-resource-name>
        <url-pattern>/admin</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>RobMon</role-name>
    </auth-constraint>
</security-constraint>

<security-role>
    <role-name>RobMon</role-name>
</security-role>

<login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
        <form-login-page>/login</form-login-page>
        <form-error-page>/login</form-error-page>
    </form-login-config>
</login-config>

weblogic.xml:

<wls:security-role-assignment>
    <wls:role-name>RobMon</wls:role-name>
    <wls:principal-name>RobMon</wls:principal-name>
</wls:security-role-assignment>

and now I want to println role and principles:

    Subject subject = Security.getCurrentSubject();
    Set<Principal> allPrincipals = subject.getPrincipals();
    for (Principal principal : allPrincipals) {
        if (principal instanceof WLSGroupImpl) {
            logger.error(principal.getName() + "??????????");
            roles.add(principal.getName());
        }
        if (principal instanceof WLSUserImpl) {
            logger.error(principal.getName() + "!!!!!!!!!!!");
            user = principal.getName();
        }
    }

but this prints me something else what I want

 admin!!!!!!!!!!!
 Administrators??????????

it should println monitor and RobMon. What is wrong ?

回答1:

In weblogic.xml you have assigned the role RobMon to the user RobMon which means that when the user RobMon is authenticated he will be assigned the RobMon role.

In the tutorial the principal group users is used instead of RobMon user which means that all the users of the group will be assigned the role after being authenticated.

Check that principal RobMon exists in your security realm. I think that the user RobMon does not exist in your security realm. You probably wanted to assign the role to the user monitor. So the configuration in weblogic.wml should be:

    <wls:security-role-assignment>
      <wls:role-name>RobMon</wls:role-name>
      <wls:principal-name>monitor</wls:principal-name>
    </wls:security-role-assignment>

来源：https://stackoverflow.com/questions/11903739/how-to-create-security-role-in-weblogic