J2EE Authentication and Authorization - Oracle Application Server 10.1.3
Hello All,

Thought this may help Developers who are trying to secure their apps

As we all know Authentication and Authorization could be a Filebased or From a Database or From LDAP Directory.

File Based Security:

The File which is used for Authentication purposes in 10.13 server is system-jazn-data.xml

This file will be located in

/ORACLE_HOME/j2ee/oc4j_instance/config.


Create Users from EM Console

a. Login to EM Console of App Server

b. click on oc4j-instance

c.click on Administration--> security Provider --> Click Create (make sure the Realm is Jazn.com)

Embedded Oc4j

Please refer the below link to create users and Roles on a embedded oc4j

http://download.oracle.com/docs/cd/B32110_01/webcenter.1013/b31072/tt_appendix_a.htm

The file which gets updated with this information will be located in

\jdev_home\jdev\system\oracle.j2ee.10.1.3.42.70\embedded-oc4j\config\system-jazn-data.xml


OID --> you could use a 3rd party LDAP or OID (if you have Portal)

Assumption: This Container is configured to use single Sign on.

a. Create Group(Login as Administrator --go to edit mode-->click on Builder-->click on Administer)

b.Assign Users to the group created.

Configure this group in web.xml file.

Note:

You cant use the 'AUTHENTICATED_USERS' group which is the Default Group in OID.

So , you should create a new group and assign users if you want to use in your App.

Reason is explained in Metalink Note:ID 376644.1


Thanks
Prem