All Examples All Security Examples
This package demonstrates how to restrict access to a WebLogic object -- in this case, an RMI object -- with an access control list (Acl). The user-defined Acl is added to the default WebLogic realm, and the RMI object checks the list for authorization before allowing a user to execute it.
Two clients are provided. Client.java connects to WebLogic Server, either on the standard or SSL port, specifying the username and password defined for the user in the weblogic.properties file. AltClient.java shows how to connect to WebLogic Server using two-way authentication, specifying private key and certificate file names on the command line.
weblogic.password.joeuser=joespass
weblogic.allow.frob.aclexample=joeuser
weblogic.system.startupClass.frob=examples.security.acl.FrobImpl
$ javac -d %SERVER_CLASSES% Frobable.java
$ javac -d %SERVER_CLASSES% FrobImpl.java
$ javac -d %CLIENT_CLASSES% Client.java AltClient.java
$ java weblogic.rmic -d %SERVER_CLASSES% examples.security.acl.FrobImpl
Note to Microsoft SDK for Java users
If you are running Microsoft SDK for Java, you must specify JVC as the Java compiler on the weblogic.rmic command line. Use this command to execute the WebLogic RMI compiler under JView:
$ jview weblogic.rmic -d %SERVER_CLASSES% -compiler jvc examples.security.acl.FrobImpl
$ java examples.security.acl.Client url user password
For example,
$ java examples.security.acl.Client t3://localhost:7001 joeuser joespass
To try the two-way authentication client, AltClient, you can use the demonstration certificates included with WebLogic Server. Follow these steps:
$ copy %WL_HOME%\myserver\demo*.pem
weblogic.security.clientRootCA=ca.pem weblogic.security.certificate.server=democert.pem weblogic.security.key.server=demokey.pem weblogic.security.certificate.authority=ca.pem
$ java examples.security.acl.AltClient url [-user user] [-pass password]
This is the same as using Client. url specifies the T3 protocol and WebLogic Server's standard port, 7701 by default. If the -user and -pass options are not provided, JNDI defaults to user "guest", password "guest" (which should fail for this example, since the "aclexample" Acl does not assign permissions to the "guest" user. For example:
$ java examples.security.acl.AtlClient t3://localhost:7001 -user joeuser -pass joespass
$ java examples.security.acl.AltClient url [-user user -pass password] -sslCert private_key:public_key[:cert_chain]
This format uses two-way authentication. url specifies the T3S or HTTPS protocol and the WebLogic Server SSL port, 7702 by default. If the -user and -pass options are not supplied, JNDI defaults to user "guest", password "guest" (which should fail for this example). The -sslCert option supplies file names for the private key, public key, and an optional certificate chain, separated by the default path separator on your platform. For example, on Windows NT:
$ java examples.security.acl.AltClient t3s://localhost:7002 -user joeuser -pass joespass -sslCert demokey.pem;democert.pem