Securing a Web application with Weblogic

With Weblogic, we can develop a login-based Web application with only little code !
Classical secured Web applications require the following features

1. Securing communication (HTTPS)
2. Exploiting users and roles data to protect Web resources.

• A user is associated with a set of roles (“client” , “staff”, “administrator staff”).
• The access to Web resources is controlled according to roles. For example,
• Only grant access to the URL “/manageProductPrices/*” to the administrator staffs.
• Only grant access to the URL “/manageOrders /*” to the staffs.
• Grant access to the URL “/clientArea/*” to all logged in clients.
• Grant access to the URL “/public/*” to everyone.
• The data about users and roles can be stored on DBMS or an external server such as LDAP.

3. Offering services to create and update user data (register new users, change password etc).

In this tutorial, I will show you how to realize all these features in a simple way.
Realizing feature 1 (HTTPS) only consists in configuring the Weblogic domain.
For feature 2, we will use the Weblogic Admin Console to create users and roles, to associate controls to Web resources in “web.xml”.
For feature 3, we will externalize users and roles to an external database. Then, it is possible to create customized web pages to edit theses data with your favorite framework (such as struts + hibernate).
This tutorial does not cover the creation of custom applications to edit users’ data. Rather, we will use the Weblogic Admin Console.

Click here to go to the tutorial