A simple way to verify the default-realm from within this list is to login in to the OIDDAS application:
http://<infra_host>:<port>/oiddas as "orcladmin" then create a new user.
After creating the user, locate the user by clicking the "Users" tab and then entering a query for the name of that user. In the list returned, select the radio button to the left of the user entry then click on the Edit button.Scroll down to the botton of the page returned, where you will find the section "EditHistory" and information similar to the following:
Created By cn=orcladmin,cn=users,dc=realmname,dc=com
Created At March 24, 2004 6:23:50 PM EST
Last Modified By cn=orcladmin,cn=users,dc=realmname,dc=com
Last Modified At March 24, 2004 6:23:50 PM EST
Look at the distinguished name for the "Created By" entry. The value for the default realm should also be the value of the first "dc=" entry immediately to the right of the cn=users
Step 3:
$ORACLE_HOME/j2ee/<OC4J_NAME>/applicationdeployments/<APPLICATION_NAME>/<APPLICATION_NAM E>/orion-web.xml
Add the following lines inside
<security-role-mapping impliesAll="false" name="trustedUsers">
<group name="myTrustedUsers"/>
</security-role-mapping>
The <security-role-mapping> maps the *logical* role "trustedUsers" (used by the application) to the physical role "myTrustedUsers" which is available in LDAP repository.
Step 4:
Now provide the role created in Step 3 in the following file,
$ORACLE_HOME/j2ee/<OC4J_NAME>/applications/<APPLICATION_NAME>/<APPLICATION_NAME>/WEB-INF/web.xml
A) Add <security-constraint> under <web-app> as shown below
<security-constraint>
<web-resource-collection>
<web-resource-name>protected
</web-resource-name>
<url-pattern>/ *</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>trustedUsers
</role-name>
</auth-constraint>
</security-constraint>
No comments:
Post a Comment