6.x Security

6.x security is designed around simple incremental building blocks. The administrator first creates a user and assigns him to one or more groups. The groups, in turn , have privileges associated with them in the form of Access Control Lists, or ACLs.

Users

The user is the fundamental unit of access control in WebLogic Server 6.x. Users have only two attributes, their name and their password. This means that after users are created, about the only thing you can do with them is change their password or delete them entirely. Both of these tasks are accomplished from the Security folder in the Administration console. To perform user administration:

  • Expand the security icon.

  • Click on users.

WebLogic Server 6.x provides two users of particular importance. The first is the system user, which is the account used to start and stop the server. The second is the guest user, which is an anonymous account used by the system when authorization is not required.

Tip

You can tighten security considerably by disabling the guest user account.


Groups

A group is a collection of users treated as a single unit for administrative purposes. WebLogic server ships with only two groups already created:

Everyone

All users of the system.

Administrators

Those users with administrative privileges. When shipped, the only member of this group is the system user. In the absence of a strong argument to the contrary, that's the way it should stay.

You will probably find it convenient to create your own groups. A group is created by clicking on the Groups icon under Security, then clicking "Create a new Group." Users can be added one at time or in a comma-separated list. Note that groups can also be added to other groups.

To remove a user from a group, first bring up the group, then click on the checkbox next to the user you want to remove. Click Apply to remove the user.

ACL

An Access Control List, or ACL, is the mechanism the system uses to determine whether a user can access a system resource. ACLs are associated with a resource and consist of lists of users or groups and the permissions granted to them.

The server comes preconfigured with three ACLs:

ACL

Associated Privileges

weblogic.admin

Full administrative control of the server

weblogic.server

Reboot privileges for the server

weblogic.passwordpolity

Unlock a locked user account

It is also possible [1] to define your own access control lists. This is done by clicking the ACL under the Security icon. The access control list has two properties:

[1] Recommended, actually.

Name

Just a name tag.

Permission

The permissions associated with this access control list. New permissions may be created by the developers for custom resources, or existing system permissions may be assigned.

Access control lists can be defined for the following resource types:

Resource

ACL Determines Whether . . .

weblogic.server.< servername >

The user has permission to boot the server.

weblogic.admin

The user can shut the server down, lock it, unlock it, or modify it from the command line.

weblogic.admin.mbean.<instance>

A user can access the mbean.

weblogic.jms.topic.<name>

A user can send or receive messages to the specified topic.

weblogic.jms.queue.<name>

A user can send and receive messages to the specified queue.

weblogic.jndi.< path >

The user can look up, modify, and list the specified path.



BEA WebLogic Server Administration Kit
BEA WebLogic Server Administration Kit (Prentice Hall PTR Advanced Web Development)
ISBN: 0130463868
EAN: 2147483647
Year: 2002
Pages: 134
Authors: Scott Hawkins

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net