Using Implicit Role Assignment
6.6.2 Assigning Roles at Deployment Time
A basic security-role-assignment element definition in weblogic.xml declares a mapping between a security-role defined in sip.xml and one or more principals or roles available in the OWLCS security realm. If the security-role is used in combination with the run-as element in sip.xml, OWLCS assigns the first principal or role name specified in the security-role-assignment to the run-as role. Example 6–2, Example security-role-assignment in weblogic.xml shows an example security-role-assignment element. This example assigns three users to the roleadmin role defined in Example 6–1, Declarative Security Constraints in sip.xml . To change the role assignment, you must edit the weblogic.xml descriptor and redeploy the SIP Servlet.6.6.3 Dynamically Assigning Roles Using the Administrative Console
The externally-defined element can be used in place of the principal-name element to indicate that you want the security roles defined in the role-name element of sip.xml to use mappings that you assign in the Administration Console. The externally-defined element gives you the flexibility of not having to specify a specific security role mapping for each security role at deployment time. Instead, you can use the Administration Console to specify and modify role assignments at anytime. Additionally, because you may elect to use this element for some SIP Servlets and not others, it is not necessary to select the ignore roles and polices from DD option for the security realm. You select this option in the On Future Redeploys: field on the General tab of the Security-Realms-myrealm control panel on the Administration Console. Therefore, within the same security realm, deployment descriptors can be used to specify and modify security for some applications while the Administration Console can be used to specify and modify security for others. Example 6–4 shows an example of using the externally-defined element with the roleadmin role defined in Example 6–1, Declarative Security Constraints in sip.xml . To assign existing principals and roles to the roleadmin role, the Administrator would use the OWLCS Administration Console. Note: When specifying security role names, observe the following conventions and restrictions: ■ The proper syntax for a security role name is as defined for an Nmtoken in the Extensible Markup Language XML recommendation available on the Web at: http:www.w3.orgTRREC-xmlNT-Nmtoken . ■ Do not use blank spaces, commas, hyphens, or any characters in this comma-separated list: \t, , , |, , ~, ?, , { }. ■ Security role names are case sensitive. ■ The Oracle-suggested convention for security role names is that they be singular.Parts
» Oracle Fusion Middleware Online Documentation Library
» Multiple Responses Differences from HTTP Servlets
» Receiving Responses Differences from HTTP Servlets
» Proxy Functions Differences from HTTP Servlets
» Servlet Request Servlet Response
» Application Management Role of a Servlet Container
» Sends a 200 response to the CANCEL request.
» Sends a 487 response to the INVITE request to be cancelled.
» Invokes a doCancel method on the SIP servlet. This allows the application to
» Utility Functions Role of a Servlet Container
» Overview of Converged Applications
» Assembling and Packaging a Converged Application
» Using the Converged Application Example
» Overview of Header Format APIs and Configuration Summary of Compact Headers
» Assigning Header Formats with WlssSipServletMessage
» Summary of API and Configuration Behavior
» Applications Must Not Create Threads
» Servlets Must Be Non-Blocking
» Store all Application Data in the Session
» All Session Data Must Be Serializable
» Use setAttribute to Modify Session Data in “No-Call” Scope
» Mark SIP Servlets as Distributable
» Session Expiration Best Practices
» Observe Best Practices for Java EE Applications
» Application Composition Model Oracle Fusion Middleware Online Documentation Library
» Using the Default Application Router
» Configuring a Custom Application Router
» Session Key-Based Request Targeting
» Overview of SIP Servlet Security
» Role Mapping Features Oracle Fusion Middleware Online Documentation Library
» Using Implicit Role Assignment
» Important Requirements Assigning Roles Using security-role-assignment
» weblogic.xml Deployment Descriptor Reference
» Specifying a Predefined Logging Level
» Customizing Log Records Enabling Message Logging
» Overview Specifying Content Types for Unencrypted Logging
» Example Message Log Configuration and Output
» Configuring Log File Rotation
» Introduction Installing the Web Services
» Configuring Web Services Presence Web Services Interface Descriptions
» Code Example Interface: PresenceConsumer, Operation: subscribePresence
» Code Example Interface: PresenceNotification, Operation: subscriptionEnded
» Code Example Interface PresenceSupplier, Operation: publish and Oracle Specific Unpublish
» Code Example Interface: PresenceSupplier, Operation: getOpenSubscriptions
» Code Example Interface: PresenceSupplier, Operation: updateSubscriptionAuthorization
» Code Example Interface: PresenceSupplier, Operation: getMyWatchers
» Code Example Interface: PresenceSupplier, Operation: getSubscribedAttributes
» Code Example Interface: PresenceSupplier, Operation: blockSubscription
» OWLCS Parlay X Presence Custom Error Codes
» Removing a Buddy from a Buddy List Manipulating your presence rules document
» Exceptions Buddy List Manager API
» Introduction Oracle Fusion Middleware Online Documentation Library
» Configuring Web Services Oracle Fusion Middleware Online Documentation Library
» Messaging Web Services Interface Descriptions
» Code Example Interface MessageNotificationManager, Operation: startMessageNotification
» Code Example Interface ReceiveMessage, Operation: getReceivedMessages
» Code Example Interface: ReceiveMessage, Operation: getMessage
» Configuration Workflow for Parlay X 2.1 Third Party CallSIP
» Attributes and Operations for Parlay X 2.1 Third Party Call
» Statement of Compliance Oracle Fusion Middleware Online Documentation Library
» Diameter Protocol Packages Oracle Fusion Middleware Online Documentation Library
» Implementing a Diameter Application
» Working with Diameter Sessions
» Sending Request Messages Working with Diameter Messages
» Creating New Attributes Working with AVPs
» Creating Converged Diameter and SIP Applications
» Overview of Profile Service API and Sh Interface Support
» Using a Constructed Document Key to Manage Profile Data
» Prerequisites for Listener Implementations Implementing ProfileListener
» Overview of the Profile Service API
» Implementing Profile Service API Methods
» Mapping Profile Requests to Profile Providers
» Configuring Profile Providers Using the Administration Console
» Overview of Rf Interface Support
» Understanding Offline Charging Events
» Specifying the Session Expiration
» Sending Asynchronous Events Implementing Session-Based Charging
» Accessing the Rf Application Implementing Event-Based Charging
» Using the Accounting Session State
» Configuring the Rf Application Overview of Ro Interface Support
» Handling Re-Auth-Request Messages Implementing Session-Based Charging
» Handling Failures Oracle Fusion Middleware Online Documentation Library
» Components Architecture User Messaging Service Overview
» Creating a J2EE Application Module
» Types of Addresses Addressing a Message
» Creating Address Objects Addressing a Message
» Creating a Recipient with a Failover Address
» API Reference for Class AddressFactory
» API Reference for Interface Address
» Deploying the Application Testing the Application
» Overview of Development Configuring the E-Mail Driver Deploying the Application
» Testing the Application Using the UMS EJB Client API to Build a Client Echo Application
» Creating a New Application Server Connection
» Overview of Parlay X Messaging Operations
» sendMessage Operation Send Message Interface
» getReceivedMessages Operation getMessage Operation getMessageURIs Operation
» Running the Pre-Built Sample Testing the Sample
» Creating a Channel Editing a Channel
Show more