|
WebLogic Server 6.0 Code Examples, BEA Systems, Inc. |
See:
Description
Interface Summary | |
Frobable | Remote interface used to illustrate access control on an RMI object. |
Class Summary | |
AltClient | This simple client connects as a specific user and attempts an RMI invocation. |
Client | This simple client connects as a specific user and attempts an RMI invocation. |
FrobImpl | Class FrobImpl illustrates how to use an ACL to protect an RMI object's method. |
This package demonstrates how to restrict access to a WebLogic Server resource (in this case, an RMI object) with an access control list (ACL). The ACL is added to the fileRealm security realm in WebLogic Server. The fileRealm security realm checks the permissions for the RMI object before allowing a client to execute it.
Two clients are provided:
Perform the following steps in order to build, compile, and run the examples:
javac -d %SERVER_CLASSES% Frobable.java FrobImpl.java
java weblogic.rmic -d %SERVER_CLASSES% examples.security.acl.FrobImpl
javac -d %CLIENT_CLASSES% Client.java AltClient.java
When using mutual authentication with the AltClient client, you can use the the demonstration digital certificate and private key for both the client and the server.
You can also use digital certificate and private key you obtaine with the acl code example. Copy the digital certificates and the private key file into the directory in which you are running the acl code example.
If you are using a PKCS-8 password protected private key, add the following command line option when starting WebLogic Server:
-Dweblogic.management.pkpassword=password
where password specifies the password used to protect the private key.
java examples.security.acl.Client url user password
where url specifies the T3S or HTTPS protocol and the default port (7002) on which WebLogic Server listens for SSL communications.
user and password are the username and password for joeuser.
For example:
java examples.security.acl.Client t3://localhost:7002 joeuser joepass
java examples.security.acl.AltClient url -user user -pass password -sslCert private_key:public_key[:cert_chain] [-password] [-servername]
where url specifies the T3S or HTTPS protocol and the default port (7002) on which WebLogic Server listens for SSL communications.
user and password are the username and password for joeuser. If the -user and -pass command line options are not specified, the JNDI Initial_Context defaults to the User guest with the password guest. In this case, the Altclient client will fail because the aclexample ACL does not assign permissions to the guest User.
-sslCert specifies the name of the private key file and digital certificate separated by the default path separator on your platform.
If you are using a PKCS-8 password encrypted private key, password is the password used to encrypt the private key. If you are using the demonstration digital certificate and private key, you do not have to specify this command line option.
-servername is the name of the WebLogic Server to which you expect to connect.
For example:
$ java examples.security.acl.AltClient t3s://localhost:7002 -user joeuser -pass joepass -sslCert demokey.pem;democert.pem
Read more about ACLs and security in the Programming WebLogic Security and Managing Security.
|
Documentation is available at http://e-docs.bea.com/wls/docs60 |