JAAS in Java2 1.4+ - JAAS Security on the BEA Weblogic server 7.x
Concept/intro
You should already have read the previous JAAS
authentication example and now be familier with the
most fundamental JAAS issues.
At the moment I will not get into a source example here - since it's virtually
impossible to do security properly in the BEA Weblogic server without use
of propritary BEA concepts... making the code non-portable to other servers.
JAAS login in BEA Weblogic server differs significantly from previous examples
as it use the BEA concept known as "security providers". This
is a pluggable security concept, where it is possible to have several
validation processes during a login.
Also BEA Weblogic implements a number of classes in their own propritary
java package structure, which handles the actual security during JAAS.
There are docmentation on the beasys
site. Specificly you may find
JAAS
documentation.
There used to be a full security provider example on the
dev2dev site ready to run-out-of-the-box.
Normally listed under code
section as
source code for sample Security Providers for WLS 7.0 SP1. Notice, everything is (c)copyrighted
by BEA.com etc. etc. I've tried implementing the
source code for sample security provider and found that the online creation of realm didn't
always work (or for a fellow collegue). But the ant script'ing setup works
well. Once installed, you may change the LoginModule to suit your own
authentification needs.
With others, I've tried to adapt the WLS 7.x security provider concept to a
full authorisation and authentication backbone in a largescale EJB application.
Using XDoclet to generate deployment config files for the beans.
You can find a similar a href="http://dev2dev.bea.com/codelibrary/code/security_prov81.jsp">
Sample Security Providers for WLS 8.1 which should run under later
versions. Not much changes to the concepts though. The upgraded
source code for sample Security Provider may be downloaded freely.
In the BEA Weblogic Server version 4.5.1 and 5.1 (which I previously have worked a
several years with), the realm was a completely propriary thing. Fortunately,
this was changed for the better in BEA Weblogic Server 6.x+