In a previous article we saw how to secure a Web Service with basic authentication (this could be used for every page in our application). We did it creating users with Weblogic Default Authenticator.
Today we will create an SQLAuthenticator in Weblogic, then the server will take users and groups from the data base.
First of all we will create a Data Source, where will be our users data base, in Weblogic console. Go to base_domain > Services > JDBC Data Soources > New, and configure the following data:
- Name: school
- JNDI name: school
- DB name: xe
- Host: 192.168.0.7
- Port: 1521
- User/pass: school/school
- Select the servers where we will apply this DataSource: AdminServer.
Test the connection as we see in the picture:
Now we have to create in the data base the tables where we store users/groups and the relations. For this we have the following SQL script:
CREATE TABLE USERS ( U_NAME VARCHAR(200) NOT NULL, U_PASSWORD VARCHAR(50) NOT NULL, U_DESCRIPTION VARCHAR(1000)); ALTER TABLE USERS ADD CONSTRAINT PK_USERS PRIMARY KEY (U_NAME); CREATE TABLE GROUPS ( G_NAME VARCHAR(200) NOT NULL, G_DESCRIPTION VARCHAR(1000) NULL); ALTER TABLE GROUPS ADD CONSTRAINT PK_GROUPS PRIMARY KEY (G_NAME); CREATE TABLE GROUPMEMBERS ( G_NAME VARCHAR(200) NOT NULL, G_MEMBER VARCHAR(200) NOT NULL); ALTER TABLE GROUPMEMBERS ADD CONSTRAINT PK_GROUPMEMS PRIMARY KEY ( G_NAME, G_MEMBER ); ALTER TABLE GROUPMEMBERS ADD CONSTRAINT FK1_GROUPMEMBERS FOREIGN KEY ( G_NAME ) REFERENCES GROUPS (G_NAME) ON DELETE CASCADE;
We can execute it in the Data Base Eclipse perspective, executing the contextual menu option “Execute All” in SQL Editor:
After in Weblogio console go to base_domain > Security Realms > myrealm > Providers > New. Where we will configure the SQL Autentication provider:
- Name and type: SQLAuthenticator
Then, in its properties, in Provider Specific tab, we will configure as follows:
- Data Source Name: school
- Group MemberShip Searching: limited to 10 to avoid the recursive situations like A owns B, and B owns A.
- Plain Text Passwords Enabled: we can test this configuration with no encripted passwords, but not recomend it in production.
WARN!!: we have to take care that the authentication sequence in the server requires the DefaultAuthenticator permission. In base_domain > Security Realms > myrealm > Providers > Providers > DefaultAuthenticator, change to:
- Control Flag: SUFFICIENT. Then will not be a must the Default authentication (if we mistake this step, we could loose the consola access).
Here we have to reboot (better stop/start in eclipse control) the server to the changes take effect. Now you can execute the example Web Service basic authentication, with a user created with SQL provider.