first we need to add following configuration to web.xml file of our application;
<security-constraint>
<web-resource-collection>
<web-resource-name>protect</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<!-- role name with access -->
<role-name>DEFINED_WEBLOGIC_ROLE</role-name>
</auth-constraint>
</security-constraint>
<!-- BASIC authentication -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>myrealm</realm-name>
</login-config>
<!-- Define security roles -->
<security-role>
<description>Role</description>
<role-name>DEFINED_WEBLOGIC_ROLE</role-name>
</security-role>
after that we need to add following configuration to weblogic.xml file
<security-role-assignment>
<role-name>DEFINED_WEBLOGIC_ROLE</role-name>
<principal-name>DEFINED_WEBLOGIC_USER</principal-name>
</security-role-assignment>
and that's the all of the modifications we have to make in our application. Now we need to define role (DEFINED_WEBLOGIC_ROLE) and user (DEFINED_WEBLOGIC_USER) in the weblogic by using management console and following Security Realms -> myrealm -> Users and Groups -> Users/Groups menu steps. Don't forget to add the new created user to the group you just defined.
After restarting your server and application you can check security configuration by using following code
UserOperations userOperations = (new UserOperationsService()).getUserOperationsPort();
BindingProvider provider = (BindingProvider) userOperations;
provider.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "username");
provider.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "password");
or using soapui, you can set username and password in the Aut tab of the request as shown the picture below;
Hiç yorum yok:
Yorum Gönder