8-8 Programming Resource Adapters for Oracle WebLogic Server
security weblogic-connector
For more information on setting security identity properties, see Section A.3, security.
8.4.1 default-principal-name: Default Identity
You can define a single security identity that can be used for all resource adapter purposes using the default-principal-name element. If values are not specified
for run-as-principal-name, manage-as-principal-name, and run-work-as-principal-name
, they default to the value set for default-principal-name
. The value of default-principal-name can be set to a defined WebLogic Server
user name such as system or to use an anonymous identity which is the equivalent of having no security identity.
For example, you can create a single security identity that makes all calls from WebLogic Server into the resource adapter and manages all resource adapter
management tasks with a default system identity as shown in Example 8–6
:
Example 8–5 Using a Defined WebLogic Server Name
security default-principal-name
principal-namesystemprincipal-name default-principal-name
security You can set the default-principal-name element to anonymous as follows:
Example 8–6 Setting Up an Anonymous Identity
security default-principal-name
use-anonymous-identitytrueuse-anonymous-identity default-principal-name
security
8.4.2 manage-as-principal-name: Identity for Running Management Tasks
You can define a management identity that is used for running various resource adapter management tasks such as startup, shutdown, testing, shrinking, and
transaction management using the manage-as-principal-name element.
As with default-principal-name, the value of manage-as-principal-name can be set to a defined WebLogic Server user name such as system or to use an
anonymous identity which is the equivalent of having no security identity. If you do
not set up a value for the manage-as-principal-name element, it defaults to the value set up for default-principal-name. If no value is set up for
default-principal-name , it defaults to the anonymous identity.
Example 8–7 illustrates how you can configure a resource adapter to run management
calls using the WebLogic Server-defined user name system.
Example 8–7 Using a Defined WebLogic Server Name
security manage-as-principal-name
principal-namesystemprincipal-name
Security 8-9
manage-as-principal-name security
Example 8–8 illustrates how you can configure a resource adapter to run management
calls using an anonymous identity.
Example 8–8 Setting Up an Anonymous Identity
security manage-as-principal-name
use-anonymous-identitytrueuse-anonymous-identity
manage-as-principal-name security
8.4.3 run-as-principal-name: Identity Used for Connection Calls from the Connector Container into the Resource Adapter
You define the principal name that should be used by all calls from the connector container into the resource adapter code during connection requests in the
run-as-principal-name element. This principal name is used, for example, when
resource adapter objects such as the ManagedConnectionFactory are instantiated - in other words, when the WebLogic Server connector container makes calls to the
resource adapter, the identity defined in the run-as-principal-name element is used. This may include calls as part of either inbound or outbound requests or setup,
or as part of initialization not specific to either inbound or outbound resource adapters for example, ResourceAdapter.start.
The value of the run-as-principal-name element can be set in one of three ways:
■
To a defined WebLogic Server name
■
To use an anonymous identity
■
To use the security identity of the calling code. If the value of the run-as-principal-name element is not defined, it defaults to the
value of the default-principal-name element. If the default-principal-name
element is not defined, it defaults to the identity of the requesting caller.
8.4.4 run-work-as-principal-name: Identity Used for Performing Resource Adapter Management Tasks