All Examples  All Security Examples


Interface Index

  • Frobable
  • Class Index

    about this package

    This package demonstrates how to restrict access to a WebLogic object -- in this case, an RMI object -- with an access control list (Acl). The user-defined Acl is added to the default WebLogic realm, and the RMI object checks the list for authorization before allowing a user to execute it.

    Two clients are provided. connects to WebLogic Server, either on the standard or SSL port, specifying the username and password defined for the user in the file. shows how to connect to WebLogic Server using two-way authentication, specifying private key and certificate file names on the command line.

    how to use this package

    1. Set up your development shell as described in Setting your development environment.

    2. Edit the file and make the following changes:

    3. Compile the Frobable interface in this directory with a command like this:
        $ javac -d  %SERVER_CLASSES%

    4. Compile the FrobImpl class in this directory with a command like this:
        $ javac -d  %SERVER_CLASSES%

    5. Compile the Client and AltClient classes with a command like this:
        $ javac -d %CLIENT_CLASSES%

    6. Run the WebLogic RMI compiler to generate a stub and skeleton for the FrobImpl interface with a command like this:
       $ java weblogic.rmic -d %SERVER_CLASSES%

      Note to Microsoft SDK for Java users
      If you are running Microsoft SDK for Java, you must specify JVC as the Java compiler on the weblogic.rmic command line. Use this command to execute the WebLogic RMI compiler under JView:
        $ jview weblogic.rmic -d %SERVER_CLASSES% -compiler jvc

    7. Start WebLogic Server in your server shell.

    8. Run the standard client with a command like:
       $ java url user password

      For example,

       $ java t3://localhost:7001 joeuser joespass

    To try the two-way authentication client, AltClient, you can use the demonstration certificates included with WebLogic Server. Follow these steps:

    1. Copy the demonstration certificate and key from the myserver directory of your WebLogic installation to this directory. The filenames are demokey.pem and democert.pem. For example, use this command for Windows NT:
        $ copy %WL_HOME%\myserver\demo*.pem

    2. Edit the file and set the server certificate properties as follows:

    3. Restart WebLogic Server.

    4. AltClient has a different command line syntax than Client and can be used in two ways.

      WebLogic user authentication, no SSL

        $  java url [-user user] [-pass password]

      This is the same as using Client. url specifies the T3 protocol and WebLogic Server's standard port, 7701 by default. If the -user and -pass options are not provided, JNDI defaults to user "guest", password "guest" (which should fail for this example, since the "aclexample" Acl does not assign permissions to the "guest" user. For example:

        $  java t3://localhost:7001
                -user joeuser -pass joespass

      Using SSL with two-way authentication

        $  java url [-user user -pass password] 
                -sslCert private_key:public_key[:cert_chain]

      This format uses two-way authentication. url specifies the T3S or HTTPS protocol and the WebLogic Server SSL port, 7702 by default. If the -user and -pass options are not supplied, JNDI defaults to user "guest", password "guest" (which should fail for this example). The -sslCert option supplies file names for the private key, public key, and an optional certificate chain, separated by the default path separator on your platform. For example, on Windows NT:

       $  java t3s://localhost:7002 -user joeuser
               -pass joespass -sslCert demokey.pem;democert.pem

      Using a certificate as a credential (not SSL)

    there's more . . .

    For more information on ACLs and security, read the Developers Guides, Using WebLogic SSL and Using WebLogic ACLs.