IT-Security (Part 7): WebLogic Server, Roles, Role Mapping and Configuring a Role Mapping Provider by Mohammad Esad-Djou

Let’s continue with Authorization topic. We discussed about the Authorization Process and its main components such as WebLogic Security Framework and Security Provider. Now, we look at Security Provider’s subcomponents: Role Mapping and Security Policies.

The Role Mapping: Is access allowed?

Role Mapping providers help to clear, weather a user has the adequate role to access a resource? The Authorization provider can with this role information answer the “is access allowed?” question for WebLogic resources.[1]

The Role Mapping Process

Role mapping is the process whereby principals are dynamically mapped to security roles at runtime. The WebLogic Security Framework sends Request Parameter to specific Role Mapping provider that is configured for a security realm as a part of an authorization decision. Figure 1 Role Mapping Process presents how the Role Mapping providers interact with the WebLogic Security Framework to create dynamic role associations. The result is a set of roles that apply to the principals stored in a subject at a given moment.

Figure 1 Role Mapping Process

Let’s review each part again[3]:

  • The request parameters are including information such as the subject of the request and the WebLogic resource being requested.
  • Role Mapping provider contains a list of the roles. For instance, if a security policy specifies that the requestor is permitted to a particular role, the role is added to the list of roles that are applicable to the subject.
  • As response, get WebLogic Security Framework the list of roles.
  • These roles can then be used to make authorization decisions for protected WebLogic resources, as well as for resource container and application code. I’m going to discuss about that in part 9.

Read full post here.



SOA12c- Coherence Adapter by Vivek Garg

We have different operation in coherence adapter, Put operation is used to put the data to coherence cache and get operation used to get data from coherence cache.In this post, we see how to use this coherence adapter in real world.

We have created one database table (StudentInfo), we read the data (student information) from that table based on the Id (Student Id) which is primary key in the table. We use coherence adapter to get and put the data to cache. First we check whether the data is there in coherence cache, if data is there then we directly get the data from cache instead of database and if data is not there then we query the data from database and then put the data to coherence cache so that next time when same request come, we get the data from cache instead of making a database call. This has positive impact on performance.

Let’s start with the use case.

Create one SOA project and add one BPEL to it.

First configure the db adapter which read the data from database. Provide DB JNDI name. Click here to see how to create Java derby database data source. Choose DB connection and choose “Select” operation.

Read full post here.

Coherence Adapter

Coherence Adapter