All Examples  Security Examples

package examples.security.delegatingrealm

about this example

This example allows you to delegate authentication and authorization calls to other realm classes. To use the example, you need two or more alternate realms, such as the LDAPRealm, NTRealm, UnixRealm, RDBMSRealm, or your own custom realm. (If you are using the WebLogic properties file and one other realm, you do not need this example.)

DelegatingRealm lets you choose which realms supply which type of information by setting properties in a delegating.properties file. The property name is a method defined by one of the weblogic.security.acl.Realm interfaces, such as getUser or authenticate. The property value is the class and method to call for that method, for example examples.security.RDBMSRealm.getUser or weblogic.security.unixrealm.UnixRealm.authenticate.

To delegate to more than one realm, add a suffix ".n" to each instance of the property name, where n is an integer, starting from 1. If the first method returns null, DelegatingRealm calls the next, until a value is returned. See the notes in the DelegatingRealm source code regarding void realm methods.

You can delegate the following realm methods to any realm class:

• authenticate
• deleteAcl
• deleteGroup
• deleteUser
• getAcl
• getAclOwner
• getAclSep
• getAcls
• getGroup
• getGroups
• getPermission
• getPermissions
• getUser
• getUsers
• newAcl
• newGroup
• newPermission
• newUser
• setPermission

If you do not delegate a particular method, WebLogic Server falls back on the WLPropertyRealm.

how to use this example

1. Set up your development environment as described in Setting your development environment.

2. Compile the examples.security.util.RealmProperties class found in the ../util directory with a command like the following for Windows NT:

     $ javac -d %SERVER_CLASSES% ../util/RealmProperties.java

3. Compile the code in this directory with a command like the following for Windows NT:

     $ javac -d %SERVER_CLASSES% *.java

4. Edit the delegating.properties file and save it in the WebLogic Server home directory:

     $ copy delegating.properties %WL_HOME%

5. Edit the weblogic.properties file and set the following property:

     weblogic.security.realmClass=examples.security.delegatingrealm.DelegatingRealm

6. You can also enable and tune CachingRealm's cache, as described in Using the WebLogic CachingRealm security realm.

7. Start WebLogic Server and test your realms. You can call into the realm by loading the AdminRealm servlet in your browser with a URL such as http://localhost:7001/AdminRealm. Also, try exercising the realm using the Client Java program in the Acl example.