weblogic.xml Deployment Descriptor Elements

This following sections describe the deployment descriptor elements defined in the weblogic.xml file. The root element for weblogic.xml is <weblogic-web-app> . The following elements are defined within the <weblogic-web-app> element:

You can also access the Document Type Descriptor (DTD) for weblogic.xml at http://www.bea.com/servers/wls600/dtd/weblogic-web-jar.dtd .

description Element

The description element is a text description of the Web Application.

weblogic-version Element

The weblogic-version element indicates the version of WebLogic Server on which this Web Application is intended to be deployed. This element is informational only and is not used by WebLogic Server.

security-role-assignment Element

The security-role-assignment element declares a mapping between a security role and one or more principals in the realm, as shown in the following example.

<security-role-assignment>       <role-name> PayrollAdmin </role-name>       <principal-name> Tanya </principal-name>       <principal-name> Fred </principal-name>       <principal-name> system </principal-name> </security-role-assignment>

refer ence-descriptor Element

The reference-descriptor element maps the JNDI name of a server resource to a name used in the Web Application. The reference-description element contains two elements: The resource-description element maps a resource, for example, a DataSource, to its JNDI name. The ejb-reference element maps an EJB to its JNDI name.

resource-description Element

ejb-reference-description Element

session-descriptor Element

The session-descriptor element defines parameters for HTTP sessions, as shown in the following example:

<session-descriptor>   <session-param>      <param-name>        CookieDomain      </param-name>      <param-value>        myCookieDomain      </param-value>   </session-param> </session-descriptor>

Session Parameter Names and Values

jsp-descriptor Element

The jsp-descriptor element defines parameter names and values for servlet JSPs, as shown in the following example.

<jsp-descriptor>       <jsp-param>            <param-name>             FOO            </param-name>            <param-value>             BAR            </param-value>       </jsp-param> </ jsp-descriptor>

JSP Parameter Names and Values

security-role-assignment element in weblogic.xml

Report post to moderator

No results were found for your search query.

To return expected results, you can:

  • Reduce the number of search terms. Each term you use focuses the search further.
  • Check your spelling. A single misspelled or incorrectly typed term can change your result.
  • Try substituting synonyms for your original terms. For example, instead of searching for "java classes", try "java training"
  • Did you search for an IBM acquired or sold product ? If so, follow the appropriate link below to find the content you need.

Search results are not available at this time. Please try again later or use one of the other support options on this page.

The security-role-assignment references an invalid security-role: maximouser

Troubleshooting.

When enabling application server security and deploying Maximo to a WebLogic environment, you may encounter the following error when attempting to initialize the application: BEA-149205>

There is likely a mismatch between the role name specified in your web xml file and the role name specified in your weblogic xml files.

Resolving The Problem

Check the following files and ensure that the role name you are using in your environment matches in all files. Note that the role name is typically specified in the singular rather than in plural. The default value is "maximouser". \maximo\applications\maximo\maximouiweb\webmodule\WEB-INF\weblogic.xml \maximo\applications\maximo\META-INF\weblogic-application.xml \maximo\applications\maximo\mboejb\ejbmodule\META-INF\weblogic-ejb-jar.xml \maximo\applications\maximo\maximouiweb\webmodule\WEB-INF\web.xml An example of the entry found in the weblogic* xml files, is as follows: <security-role-assignment> <role-name>maximouser</role-name> <principal-name>maximousers</principal-name> </security-role-assignment> An example of the entry found in the web.xml is as follows: <security-role> <description>MAXIMO Application Users</description> <role-name>maximouser</role-name> </security-role> Once each entry of the role name has been corrected in all files, rebuild and redeploy the maximo.ear.

Was this topic helpful?

Not useful Useful

Document Information

Modified date: 17 June 2018

swg22004484

Page Feedback

Share your feedback

Need support.

  • Submit feedback to IBM Support

1-800-IBM-7378 ( USA )

  • Directory of worldwide contacts
  • Install App

Application Development Software

For appeals, questions and feedback, please email [email protected]

Security in weblogic.xml

weblogic security role assignment

OBIEE Server Throws the Error - "[HTTP:101168]The security-role-assignment references an invalid security-role" (Doc ID 2305240.1)

Last updated on MAY 08, 2023

The error " [HTTP:101168]The security-role-assignment references an invalid security-role: allowedGroups  "occurs when attempting to start OBIEE weblogic server

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

weblogic security role assignment

Customer Reviews

You are free to order a full plagiarism PDF report while placing the order or afterwards by contacting our Customer Support Team.

Megan Sharp

weblogic security role assignment

Why choose us

Who is an essay writer 3 types of essay writers.

Finished Papers

essays service custom writing company

Susan Devlin

Customer Reviews

What's the minimum time you need to complete my order?

weblogic security role assignment

Finished Papers

Courtney Lees

weblogic security role assignment

Testimonials

eDocs Home > BEA WebLogic Server 8.1 Documentation > Developing Web Applications for WebLogic Server > weblogic.xml Deployment Descriptor Elements

Developing Web Applications for WebLogic Server

weblogic.xml Deployment Descriptor Elements

The following sections describe the deployment descriptor elements that you define in the weblogic.xml file under the root element <weblogic-web-app> :

auth-filter

Charset-params, container-descriptor, context-root, description, jsp-descriptor, preprocessor, preprocessor-mapping.

  • reference-descriptor

run-as-role-assignment

Security-permission, security-role-assignment, servlet-descriptor, session-descriptor, url-match-map, virtual-directory-mapping, weblogic-version, wl-dispatch-policy.

The DOCTYPE header for the weblogic.xml file is as follows:

<!DOCTYPE weblogic-web-app PUBLIC "-//BEA Systems, Inc.//DTD Web Application 8.1//EN" "http://www.bea.com/servers/wls810/dtd/weblogic810-web-jar.dtd">

You can also access the Document Type Descriptor (DTD) for weblogic.xml at http://www.bea.com/servers/wls810/dtd/weblogic810-web-jar.dtd .

The description element is a text description of the Web application.

The weblogic-version element indicates the version of WebLogic Server on which this Web application is intended to be deployed. This element is informational only and is not used by WebLogic Server.

The security-role-assignment element declares a mapping between a security role and one or more principals in the realm, as shown in the following example.

<security-role-assignment>       <role-name> PayrollAdmin </role-name>       <principal-name> Tanya </principal-name>       <principal-name> Fred </principal-name>       <principal-name> system </principal-name> </security-role-assignment>

Note: If you do not define a security-role-assignment element and its subelements, the Web application container implicitly maps the role name as a principal name and logs a warning. The EJB container does not deploy the module if mappings are not defined.

Consider the following usage scenarios for the role name is "role_xyz"

  • If you map"role_xyz to user "joe" in weblogic.xml, role_xyz becomes a local role.
  • If you specify role_xyz as an externally defined role, it becomes global (it refers to the role defined at the realm level).
  • If you do not define a security-role-assignment element, role_xyz becomes a local role, and the Web application container creates an implicit mapping to it and logs a warning.

The run-as-role-assignment element maps a run-as role name (a subelement of the servlet element) in web.xml to a valid user name in the system. The value can be overridden for a given servlet by the run-as-principal-name element in the servlet-descriptor. If the run-as-role-assignment is absent for a given role name, the Web application container chooses the first principal-name defined in the security-role-assignment.

refer ence-descriptor

The reference-descriptor element maps a name used in the Web application to the JNDI name of a server resource. The reference-description element contains two elements: The resource-description element maps a resource, for example, a DataSource, to its JNDI name. The ejb-reference element maps an EJB to its JNDI name.

resource-env-description

The resource-env-description element maps a resource-env-ref , declared in the ejb-jar.xml deployment descriptor, to the JNDI name of the server resource it represents.

resource-description

The resource-description element is used to map the JNDI name of a server resource to an EJB resource reference in WebLogic Server.

ejb-reference-description

The session-descriptor element contains the session-param element, which defines attributes for HTTP sessions, as shown in the following example:

<session-descriptor>   <session-param>      <param-name>        CookieDomain      </param-name>      <param-value>        myCookieDomain      </param-value>   </session-param> </session-descriptor>

session-param

The jsp-descriptor element defines attribute names and values for JSPs. You define the attributes as name/value pairs. The following example shows how to configure the compileCommand attribute. Enter all of the JSP configurations using the pattern demonstrated in this example:

<jsp-descriptor>       <jsp-param>            <param-name>             compileCommand            </param-name>            <param-value>             sj            </param-value>       </jsp-param> </ jsp-descriptor>

JSP Attribute Names and Values

The auth-filter element specifies an authentication filter HttpServlet class.

The <container-descriptor> element defines general attributes for Web applications.

check-auth-on-forward

Add the <check-auth-on-forward/> element when you want to require authentication of forwarded requests from a servlet or JSP. Omit the tag if you do not want to require re-authentication. For example:

<container-descriptor>     <check-auth-on-forward/> </container-descriptor>

Note that the default behavior has changed with the release of the Servlet 2.3 specification, which states that authentication is not required for forwarded requests.

redirect-with-absolute-url

The <redirect-with-absolute-url> element controls whether the javax.servlet.http.HttpServletResponse.SendRedirect() method redirects using a relative or absolute URL. Set this element to false if you are using a proxy HTTP server and do not want the URL converted to a non-relative link.

The default behavior is to convert the URL to a non-relative link.

user readable data used in a redirect.

index-directory-enabled

The <index-directory-enabled> element controls whether or not to automatically generate an HTML directory listing if no suitable index file is found.

The default value is false (does not generate a directory). Values are true or false .

index-directory-sort-by

The <index-directory-sort-by> element defines the order in which the directory listing generated by weblogic.servlet.FileServlet is sorted. Valid sort-by values are NAME, LAST_MODIFIED, and SIZE. The default sort-by value is NAME.

servlet-reload-check-secs

The <servlet-reload-check-secs> element defines whether a WebLogic Server will check to see if a servlet has been modified, and if it has been modified, reloads it. The -1 value tells the server never to check the servlets, 0 tells the server to always check the servlets, and the default is to check each 1 second.

A value specified in the console will always take precedence over a manually specified value.

single-threaded-servlet-pool-size

The <single-threaded-servlet-pool-size> element defines the size of the pool used for SingleThreadMode instance pools. The default value is 5.

session-monitoring-enabled

The <session-monitoring-enabled> element, if set to true, allows runtime MBeans to be created for sessions. When set to false, the default value, runtime MBeans are not created. A value specified in the console takes precedence over a value set manually.

save-sessions-enabled

The <save-sessions-enabled> element controls whether session data is cleaned up during redeploy or undeploy. It affects memory and replicated sessions. Setting the value to true means session data is saved. Setting to false means session data will be destroyed when the Web application is redeployed or undeployed. The default is false.

prefer-web-inf-classes

The <prefer-web-inf-classes> element, if set to true, will cause classes located in the WEB-INF directory of a Web application to be loaded in preference to classes loaded in the application or system classloader. The default value is false. A value specified in the console will take precedence over a value set manually.

default-mime-type

The <default-mime-type> element default value is null. This element allows the user to specify the default mime type for a content-type for which the extension is not mapped.

retain-original-url

Set the <retain-original-url> element to true to retain the HTTP in the original URL you are requesting prior to being forwarded to the authentication URL.

Once you login successfully using the authentication URL, you are then taken back to the exact URL that you had originally requested.

The <charset-params> element is used to define code set behavior for non-unicode operations. For example:

<charset-params>
<input-charset>
<resource-path>/*</resource-path>
<java-charset-name>UTF-8</java-charset-name>
</input-charset>
</charset-params>

input-charset

Use the <input-charset> element to define which character set is used to read GET and POST data. For example:

<input-charset>     <resource-path>/foo</resource-path>     <java-charset-name>SJIS</java-charset-name> </input-charset>

For more information, see Loading Servlets, Context Listeners, and Filters .

charset-mapping

Use the <charset-mapping> element to map an IANA character set name to a Java character set name. For example:

<charset-mapping>     <iana-charset-name>Shift-JIS</iana-charset-name>     <java-charset-name>SJIS</java-charset-name> </charset-mapping>

For more information, see Mapping IANA Character Sets to Java Character Sets .

Use the virtual-directory-mapping element to specify document roots other than the default document root of the Web application for certain kinds of requests, such as image requests. All images for a set of Web applications can be stored in a single location, and need not be copied to the document root of each Web application that uses them. For an incoming request, if a virtual directory has been specified servlet container will search for the requested resource first in the virtual directory and then in the Web application's original document root. This defines the precedence if the same document exists in both places.

<virtual-directory-mapping>
     <local-path>c:/usr/gifs</local-path>
     <url-pattern>/images/*</url-pattern>
     <url-pattern>*.jpg</url-pattern>
</virtual-directory-mapping>
     <local-path>c:/usr/common_jsps.jar</local-path>
     <url-pattern>*.jsp</url-pattern>

The WebLogic Server implementation of virtual directory mapping requires that you have a directory that matches the url-pattern of the mapping. The image example requires that you create a directory named images at c:/usr/gifs/images. This allows the servlet container to find images for multiple Web applications in the images directory.

Use this element to specify a class for URL pattern matching. The WebLogic Server default URL match mapping class is weblogic.servlet.utils.URLMatchMap, which is based on J2EE standards. Another implementation included in WebLogic Server is SimpleApacheURLMatchMap, which you can plug in using the url-match-map element.

Rule for SimpleApacheURLMatchMap:

If you map *.jws to JWSServlet then

http://foo.com/bar.jws/baz will be resolved to JWSServlet with pathInfo = baz.

Configure the URLMatchMap to be used in weblogic.xml as in the following example:

<url-match-map>
weblogic.servlet.utils.SimpleApacheURLMatchMap
</url-match-map>

The preprocessor element contains the declarative data of a preprocessor.

The following table describes the elements you can define within the preprocessor element.

The preprocessor-mapping element defines a mapping between a preprocessor and a URL pattern.

The following table describes the elements you can define within the preprocessor-mapping element.

The security-permission element specifies a single security permission based on the Security policy file syntax. Refer to the following URL for Sun's implementation of the security permission specification:

http://java.sun.com/j2se/1.3/docs/guide/security/PolicyFiles.html#FileSyntax

Disregard the optional codebase and signedBy clauses.

For example:

<security-permission-spec>
     grant { permission java.net.SocketPermission "*", "resolve" };
</security-permission-spec>

permission java.net.SocketPermission is the permission class name.

"*" represents the target name.

resolve indicates the action.

The context-root element defines the context root of this stand-alone Web application. If the Web application is part of an EAR, not stand-alone, specify the context root in the EAR's application.xml file. A context-root setting in application.xml takes precedence over context-root setting in weblogic.xml.

Note that this weblogic.xml element only acts on deployments using the two-phase deployment model. See Two-Phase Deployment in Deploying WebLogic Server Applications .

The order of precedence for context root determination for a Web application is as follows:

  • Check application.xml for context root; if found, use as Web application's context root.
  • If context root is not set in application.xml, and the Web application is being deployed as part of an EAR, check whether context root is defined in weblogic.xml. If found, use as Web application's context root. If the Web application is deployed standalone, application.xml does not come into play and the determination for context-root starts at weblogic.xml and defaults to URI if it is not defined there.
  • If context root is not defined in weblogic.xml or application.xmll, then infer the context path from the URI, giving it the name of the value defined in the URI minus the WAR suffix. For instance, a URI MyWebApp.war would be named MyWebApp.

Use the wl-dispatch-policy element to assign the Web application to a configured execute queue by identifying the execute queue name.

Use the servlet-descriptor element to aggregate the servlet-specific elements.

This is an equivalent of <run-as> for init method for servlets.

<init-as>
<servlet-name>FooServlet</servlet-name>
<principal-name>joe</principal-name>
</init-as>

This is an equivalent of <run-as> for destroy method for servlets.

<destroy-as>

<servlet-name>BarServlet</servlet-name>

<principal-name>bob</principal-name>

</destroy-as>

IMAGES

  1. Weblogic security-role-assignment by Townsend Melinda

    weblogic security role assignment

  2. PPT

    weblogic security role assignment

  3. PPT

    weblogic security role assignment

  4. BEA WebLogic Enterprise Security Architecture

    weblogic security role assignment

  5. Understanding WebLogic Server Security

    weblogic security role assignment

  6. Understanding WebLogic Server Security

    weblogic security role assignment

VIDEO

  1. Secure Network Implementation Assignment (SECURITY ARCHITECTURE) 284495

  2. Web Service Security Introduction

  3. Weblogic SOP

  4. #privacy and security # week 3 assignment nptel 2024

  5. Oracle WebLogic 12c for Administrators 024 WebLogic Security Part 1

  6. SESSION 14 ASSIGNMENT

COMMENTS

  1. Assigning Roles Using security-role-assignment

    A basic security-role-assignment element definition in weblogic.xml declares a mapping between a security-role defined in sip.xml and one or more principals or roles available in the Converged Application Server security realm.

  2. Users, Groups, And Security Roles

    Release 12.2.1.4 Securing Resources Using Roles and Policies for Oracle WebLogic Server 6 Users, Groups, And Security Roles Understand the features and functions of users, groups, and security roles within security realms in WebLogic Server. This chapter includes the following sections: Overview of Users and Groups Default Users Default Groups

  3. java

    How to create security role in weblogic Ask Question Asked 11 years, 6 months ago Modified 10 years, 1 month ago Viewed 20k times 1 I followed this totorial to create security role in weblogic: http://blog.whitehorses.nl/2010/01/29/weblogic-web-application-container-security-part-1/

  4. weblogic.xml Deployment Descriptor Elements

    The security-role-assignment element declares a mapping between a Web application security role and one or more principals in WebLogic Server, as shown in the following example.

  5. weblogic.xml Deployment Descriptor Elements

    This element is informational only and is not used by WebLogic Server. security-role-assignment Element. The security-role-assignment element declares a mapping between a security role and one or more principals in the realm, as shown in the following example. <security-role-assignment>

  6. Using weblogic security roles in authentication: weblogic 9

    Using weblogic security roles in authentication: weblogic 9 Gireesh Nemath Greenhorn Posts: 4 posted 16 years ago Hi All, I am trying to create a simple application which uses declarative authorization configured in web.xml. I use the simple form based authentication. While trying to deploy my application, I get the error:

  7. security-role-assignment element in weblogic.xml

    I get the principal name as "system" instead of the user logged in to the application. I understand that I started weblogic server using the userid "system". Is there any way to propagate the user role-name defined in <security-role-assignment> to the EJB container? This is related to my earlier posting about UserManager.setPassword() method call.

  8. Understanding WebLogic Resource Security

    In WebLogic Server, if the security-role-assignment element in the weblogic.xml deployment descriptor does not declare a mapping between a security role and one or more principals in the WebLogic Server security realm, then the role name is used as the default principal.

  9. The security-role-assignment references an invalid security-role ...

    The security-role-assignment references an invalid security-role: maximouser Troubleshooting Problem When enabling application server security and deploying Maximo to a WebLogic environment, you may encounter the following error when attempting to initialize the application: BEA-149205> Cause

  10. Security in weblogic.xml

    in weblogic.xml security <wls:security-role-assignment> <wls:role-name>Role</wls:role-name> <wls:principal-name>principal</wls:principal-name> </wls:security-role-assignment> you must enter all the principals? .. if I create a new principal I need to enter by force? I can not insert a tag that treats them all? Thanks to all and good job Peppe

  11. OBIEE Server Throws the Error

    Oracle WebLogic Server - Version 10.3.6 and later: OBIEE Server Throws the Error - "[HTTP:101168]The security-role-assignment references an invalid security-role"

  12. Weblogic Security Role Assignment

    Professional essay writing services. $ 24.99. 100% Success rate. 4.7/5. If you can't write your essay, then the best solution is to hire an essay helper. Since you need a 100% original paper to hand in without a hitch, then a copy-pasted stuff from the internet won't cut it. To get a top score and avoid trouble, it's necessary to submit a ...

  13. weblogic.xml Deployment Descriptor Elements

    security-role-assignment element declares a mapping between a Web application security role and one or more principals in WebLogic Server, as shown in the following example. <security-role-assignment> <role-name></role-name> <principal-name></principal-name> <principal-name></principal-name> <principal-name></principal-name>

  14. weblogic.xmlデプロイメント記述子の要素

    security-role-assignment run-as-role-assignment resource-description resource-env-description ejb-reference-description service-reference-description session-descriptor jsp-descriptor auth-filter container-descriptor charset-params virtual-directory-mapping url-match-map security-permission context-root wl-dispatch-policy servlet-descriptor

  15. Weblogic Security Role Assignment

    Weblogic Security Role Assignment - For Sale ,485,000 . 100% Success rate Once your essay writing help request has reached our writers, they will place bids. To make the best choice for your particular task, analyze the reviews, bio, and order statistics of our writers. Once you select your writer, put the needed funds on your balance and we'll ...

  16. Weblogic Security Role Assignment

    It's not a matter of "yes you can", but a matter of "yes, you should". Chatting with professional paper writers through a one-on-one encrypted chat allows them to express their views on how the assignment should turn out and share their feedback. Be on the same page with your writer! 100% Success rate. Completed orders: 156. Alamat kami. 435.

  17. Migration from Weblogic to Apache Tomcat

    In Tomcat, these things can be defined in a couple of different places. For the security-role re-mapping, use the standard <security-role-ref> in web.xml to re-map role names.. If you are using a servlet-3.0-spec webapp, then many of your session- and cookie-related items are available via web.xml:

  18. weblogic.xml Deployment Descriptor Elements

    security-role-assignment element declares a mapping between a security role and one or more principals in the realm, as shown in the following example. <security-role-assignment><role-name></role-name><principal-name></principal-name><principal-name></principal-name><principal-name></principal-name></security-role-assignment>

  19. security-role-assignment, migrating from weblogic to jboss

    I have a weblogic-application.xml file as follows: <weblogic-application ...> <security> <security-role-assignment> <role-name>Administrator</role-name> ...