Configuring GreaterCause Users

At this point, we assume that you have installed the WebLogic server. If you have not done so, you may want to do it now. The "Implementing Application Security" section of Chapter 5 identifies three administrator roles supported by the application for performing administrative-related functions. The principals (users and groups) are defined in the default security realm myrealm in the WebLogic Server Domain mydomain.

The principal-to-role mapping is declared in the WebLogic-specific deployment descriptor weblogic.xml, as follows:

 <security-role-assignment>    <role-name>NPOAdministrator</role-name>    <principal-name>NPOAdmin</principal-name> </security-role-assignment> <security-role-assignment>    <role-name>PortalAdministrator</role-name>    <principal-name>PortalAdmin</principal-name> </security-role-assignment> <security-role-assignment>    <role-name>SiteAdministrator</role-name>    <principal-name>SiteAdmin</principal-name> </security-role-assignment> 

The roles identified in the vendor-specific deployment descriptor are mapped to the roles used by the web components in the web.xml deployment descriptor using the security-role-ref elements, as follows:

 <security-role-ref>    <role-name>SiteAdminRole</role-name>    <role-link>SiteAdministrator</role-link> </security-role-ref> <security-role-ref>    <role-name>PortalAdminRole</role-name>    <role-link>PortalAdministrator</role-link> </security-role-ref> <security-role-ref>    <role-name>NPOAdminRole</role-name>    <role-link>NPOAdministrator</role-link> </security-role-ref> 

The principals identified in the vendor-specific deployment descriptor are created in the default security realm myrealm, as follows:

1. Bring up the WebLogic console using the URL http://localhost:7001/console.

2. Select mydomain | Security | Realms | myrealm | Groups in the left-hand frame. Configure three new groups: SiteAdmin, PortalAdmin, and NPOAdmin. These groups are the principals mapped to their respective role names in the weblogic.xml deployment descriptors.

3. Select mydomain | Security | Realms | myrealm | Users in the left-hand frame. Configure users and associate them with a group created in Step 2. These usernames can be used for signing on to the GreaterCause application. Use the Groups tab for assigning a user to a group.

A Portal-Alliance administrator (Group PortalAdmin) can only be associated with one Portal-Alliance registration. Similarly, an NPO administrator (Group NPOAdmin) can only be associated with one NPO registration. Therefore, for each new PortalAlliance or NPO registration, create a user entry under the appropriate group. The preconfigured test data accompanying the download requires the existence of certain Portal-Alliance and NPO Administrators. The Portal-Alliance administrators that must be added to the group PortalAdmin can be located in the ADMIN table with a non-null value in the column Portal_ID. The NPO administrators that must be added to the group NPOAdmin can be located in the ADMIN table with a non-null value in the column EIN.

When signing in as SiteAdmin (using the username created for this purpose), any attempt to change Portal-Alliance or NPO information will be preceded with an Enter Portal ID or Enter EIN page to identify the Portal-Alliance or NPO being modified, respectively. However, signing in as PortalAdmin (using the username created for this purpose), the system will detect the associated Portal-Alliance profile based on the relationships stored in the system— this is true for NPOAdmin as well. This facility allows the SiteAdmin to be a super-user by being able to access and modify information for any other type of administrators.