Choose one of these security models:
* Deployment Descriptors Only (DDOnly)
For EJBs and URL patterns, this model uses only the roles and policies in the J2EE deployment descriptors (DD); the Administration Console allows only read access for this data. With this model, EJBs and URL patterns are not protected by roles and policies of a broader scope (such as a policy scoped to an entire Web application). If an EJB or URL pattern is not protected by a role or policy in the DD, then it is unprotected: anyone can access it.
For application-scoped roles in an EAR, this model uses only the roles defined in the WebLogic Server DD; the Administration Console allows only read access for this data. If the WebLogic Server DD does not define roles, then there will be no such scoped roles defined for this EAR.
For all other types of resources, you can use the Administration Console to create roles or policies. For example, with this model, you can use the Administration Console to create application-scoped policies for an EAR.
Applies for the life of the deployment. If you want to use a different model, you must delete the deployment and reinstall it.
* Customize Roles Only (CustomRoles)
For EJBs and URL patterns, this model uses only the policies in the J2EE deployment descriptors (DD). EJBs and URL patterns are not protected by policies of a broader scope (such as a policy scoped to an entire Web application). This model ignores any roles defined in the DDs; an administrator completes the role mappings using the Administration Console.
For all other types of resources, you can use the Administration Console to create roles or policies. For example, with this model, you can use the Administration Console to create application-scoped policies or roles for an EAR.
Applies for the life of the deployment. If you want to use a different model, you must delete the deployment and reinstall it.
* Customize Roles and Policies (CustomRolesAndPolicies)
Ignores any roles and policies defined in deployment descriptors. An administrator uses the Administration Console to secure the resources.
Performs security checks for all URLs or EJB methods in the module.
Applies for the life of the deployment. If you want to use a different model, you must delete the deployment and reinstall it.
* Advanced (Advanced)
You configure how this model behaves by setting values for the following options:
o When Deploying Web Applications or EJBs
Note:
When using the WebLogic Scripting Tool or JMX APIs, there is no single MBean attribute for this setting. Instead, you must set the values for the DeployPolicyIgnored and DeployRoleIgnored attributes of RealmMBean.
o Check Roles and Policies (FullyDelegateAuthorization)
o Combined Role Mapping Enabled (CombinedRoleMappingEnabled)
Partager