Monday, March 16, 2009

Creating a separate Admin account for MapViewer (part 2: WLS)

In an earlier blog post I described how to create a separate admin user for the MapViewer admin account in an Oracle Application Server 10.1.3.* installation. This post follows up with instructions for WebLogic Server (version 9 and later).

To set up an admin user account for MapViewer in WLS, you first create a new user in WebLogic, then map this user to the MapViewer admin role in MapViewer's deployment descriptor file (weblogic.xml).

So first lets create a new WLS user. This is done using the WebLogic Admin Console.

Creating a user:

1. In the left pane select Security Realms.
2. On the Summary of Security Realms page select the name of the realm (for example, myrealm) that your MapViewer-deployed domain uses.
3. On the Settings for Realm Name page select Users and Groups > Users.

The User table displays the names of all users defined in the Authentication provider.
4. Click New.
5. In the Name field of the Create New User page enter the name of the user.
User names are case sensitive and must be unique.
6. (Optional) In the Description field, enter a description. The description might be the user's full name.
7. In the Provider drop-down list, select the Authentication provider for the user.

If multiple WebLogic Authentication providers are configured in the security realm, they will appear in the list. Select which WebLogic Authentication provider’s database should store information for the new user.
8. In the Password field, enter a password for the user.

The minimum password length for a user defined in the WebLogic Authentication provider is 8 characters. Do not use the username/password combination weblogic/weblogic in production.
9. Re-enter the password for the user in the Confirm Password field.
10. Click OK to save your changes.

The user name appears in the User table

Assigning the new user to the MapViewer built-in admin role:

1. go to the exploded Mapviwer directory, find weblogic.xml under $MAPVIEWR_HOME/mapviewer.ear/web.war/WEB-INF/
2. open weblogic.xml in a text editor. You will see something like following:

<?xml version = '1.0' encoding = 'US-ASCII'?>

<weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90">


<security-role-assignment>

<role-name>map_admin_role</role-name>

<principal-name>weblogic</principal-name>

</security-role-assignment>


<security-role-assignment>

<role-name>secure_maps_role</role-name>

<principal-name>weblogic</principal-name>

</security-role-assignment>


</weblogic-web-app>

Replace the strings "weblogic" with the new user name. In my case I used "maplogic" as the new user name:


<?xml version = '1.0' encoding = 'US-ASCII'?>


<weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90">


<security-role-assignment>

<role-name>map_admin_role</role-name>

<principal-name>maplogic</principal-name>

</security-role-assignment>


<security-role-assignment>

<role-name>secure_maps_role</role-name>

<principal-name>maplogic</principal-name>

</security-role-assignment>


</weblogic-web-app>


Save this file. Then restart the domain. Now you will be able to use the new user and password to log into MapViewer's admin page.

No comments: