您的位置: 首页  >  技术问答  >  在 Weblogic 中配置容器管理的安全性

在 Weblogic 中配置容器管理的安全性

分类: 技术问答 2022-07-24 15:04:16
问题描述:

有人知道这方面的任何指南吗?我是 weblogic 和容器管理安全性的完全新手.我已经做的是:

Anyone know of any guides for this? I'm a complete newbie to weblogic and to container-managed security. What I've done already is:

  1. 在 Weblogic 中设置 LDAP 身份验证器
  2. 在 Eclipse 中创建了一个简单的 web 应用程序
  3. 配置 web.xml:添加了 security-constraint、security-role 和 login-config 元素.使用的领域名称是myrealm",它已经存在于 Weblogic 中.我使用的角色名称是Admin",它是 Weblogic 中的全局角色
  4. 创建一个简单的jsp页面login.jsp".它实际上不做任何登录,而只是一个 Hello World 类型的事情.我在 web.xml 的 login-config 中将此页面设置为 form-login-page 和 form-error-page
  5. 将此 web 应用程序导出到一个 war 文件并将其部署到 Weblogic 中
  6. 我通过访问 http://weblogic-server/test/login.jsp 对其进行了测试,我希望我会被要求首先使用 LDAP 用户登录.这不会发生,它只是显示 Hello World jsp.
  1. setup an LDAP authenticator in Weblogic
  2. created a simple webapp in Eclipse
  3. Configure web.xml: Added security-constraint, security-role and login-config elements. The realm name used is "myrealm" which already exists in Weblogic. The role name I used is "Admin" which is a global role in Weblogic
  4. Create a simple jsp page "login.jsp". It doesn't actually do any logging in but just a Hello World type of thing. I set this page as form-login-page and form-error-page in login-config in web.xml
  5. Export this webapp to a war file and deploy it in Weblogic
  6. I test it by accessing http://weblogic-server/test/login.jsp, and I expect that I'll be asked to login using an LDAP user first. This doesn't happen, it just shows the Hello World jsp.

我还尝试添加 weblogic.xml 以将管理员"角色映射到特定的 LDAP 用户(不起作用).

I've also tried adding a weblogic.xml to map the "Admin" role to a specific LDAP user (didn't work).

有什么建议吗?似乎缺乏这类东西的在线参考资料(或者我真的不知道我应该搜索什么)

Any advice? It seems there's a lack of online references for this sort of thing (or I don't really know what I should be searching for)

我也尝试过使用 BASIC auth 而不是 FORM(运气不好)

I've also tried using BASIC auth instead of FORM (no luck)

我的 web.xml 设置如下:

My web.xml settings are below:

<security-constraint>
<display-name>Test SC</display-name>
<web-resource-collection>
    <web-resource-name>Test WR</web-resource-name>
    <url-pattern>/hello.jsp</url-pattern>
    <http-method>*</http-method>
</web-resource-collection>
<auth-constraint>
    <role-name>Admin</role-name>
</auth-constraint>
</security-constraint>

<security-role>
<role-name>Admin</role-name>
</security-role>

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>myrealm</realm-name>
</login-config>

登录页面必须进行某种登录,其中包含 2 个必填字段.您已经保护了 web.xml 中的 hello_world.jsp 页面并转到该页面,将显示登录页面.

The login page must do some sort of logging in, with the 2 required fields. You have protect the hello_world.jsp page in the web.xml and go to that pages, the login page will be presented.

顺序不正确:应该是security-constraintlogin-configsecurity-role.在 web-resource-collection 中,* 的值对于 http-method 无效.如果你想保护每一种方法,就把它放在一边.

The order is incorrect: it should be security-constraint, login-config and security-role. Within the web-resource-collection the value of * is invalid for http-method. If you want to protect every method just leave it away.

注意:服务器日志可能暗示了 web.xml 中元素的错误顺序.

Note: the server logging whould have hinted the incorrect order of elements in your web.xml.

相关推荐