Posted on

Oracle Weblogic Security


Configuring Oracle Weblogic Users and Groups

Adding new user and groups to your system is a recommended best practice both to secure your system and to define your project’s responsibilities.

An user is an entity that can be authenticated. Thus, an user can be a person or a software entity such as a Java client. Each user is given a unique identity within a security realm.

A group is a collection of users who usually have something in common, such as working in the same department in a company.

You can view and configure the list of users and groups using the “Users and Groups” tab from the Security Realms option (Users and Groups are displayed in a separated sub-tab):

You can create a new user by clicking on the “New” button of the Users sub-tab, which will take you to the User creation screen:

The required fields are Name and Password. If you have created another Authentication provider, you can choose that one besides the DefaultAuthenticator.

An Authentication provider allows WebLogic Server to establish trust by validating a user. You must have one Authentication provider in a security realm, although you can configure multiple Authentication providers in a security realm.

Once created your users, you can configure the membership to one or more groups by clicking on the Groups tabs. As you can see from the following picture, we are now adding our user into the “Administrators” group:

Click Save to assign the membership of the user to the selected Group.

It is a good practice that you add at least one user to the Administrators group in addition to the user you defined at installation (using the Configuration wizard). Having at least two administrators at all times helps protect against a single admin user being locked out from a potential security breach.

Creating new Groups

By selecting the “Groups” sub-tab (Reachable from the Security Realms |[yourrealm] |Users and Groups ) you can choose to add a new Group to your existing ones.

As you can see from the following picture, WLS ships with a number of explicitly predefined groups like Administrators, AppTesters, Deployers, Operators and Monitors and a few others.

By clicking on the New button, you can create a new Group, as shown by the following screen:

Once you have created a Group, you can specify the parent group to which it belongs, by selecting the Membership tab option of the Group Settings. Here’s for example how to specify the parent group for our SuperAdmin group:

When you are done, click on Save in order to save your new Group.