英文:
How to change user password of application running under WebLogic
问题
我已在WebLogic 12C服务器上部署了一个Java应用程序。它在web.xml和weblogic.xml中使用安全描述符进行JSecurity身份验证和授权。那部分工作得很好。
web.xml:
<security-constraint>
<display-name>用户的安全约束</display-name>
<web-resource-collection>
<web-resource-name>受保护资源</web-resource-name>
<description>内部页面的保护</description>
<url-pattern>/home/*</url-pattern>
<url-pattern>/Summary/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>MyAppUser</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>管理员的约束</display-name>
<web-resource-collection>
<web-resource-name>为管理员受保护的页面</web-resource-name>
<url-pattern>/Profile/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>MyAppAdmin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/Login/</form-login-page>
<form-error-page>/LoginError/</form-error-page>
</form-login-config>
</login-config>
现在,我正在尝试添加代码,以在JSP中让已登录的用户输入旧密码和新密码来进行更改。我找到了一个参考资料,但无法再找到它。所有搜索都指向重置WebLogic管理员帐户使用配置文件或使用控制台的安全域页面。
我还应该提到,在开发服务器上,用户和角色在安全域中定义,而在生产环境中,它们使用已添加到WL安全域中的OpenLDAP服务器进行身份验证。
英文:
I have deployed a Java application on a WebLogic 12C server. It uses security descriptors in web.xml and weblogic.xml for JSecurity authentication and authorization. That part works fine.
web.xml:
<security-constraint>
<display-name>Security Constraint for User</display-name>
<web-resource-collection>
<web-resource-name>Protected resources</web-resource-name>
<description>Protection for internal pages</description>
<url-pattern>/home/*</url-pattern>
<url-pattern>/Summary/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>MyAppUser</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>Constraint for Administrators</display-name>
<web-resource-collection>
<web-resource-name>Pages protected for administrators</web-resource-name>
<url-pattern>/Profile/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>MyAppAdmin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/Login/</form-login-page>
<form-error-page>/LoginError/</form-error-page>
</form-login-config>
</login-config>
Now I am attempting to add code to have a JSP where a logged in user types old and new passwords to have it changed. I found one reference but can't find it again. All searches point to resetting WebLogic admin account using configuration files or using the security realm pages of the console.
I should also mention that users & roles are defined in the security realm on the dev server while on the production they are being authenticated using an OpenLDAP server which has been added as an authentication provider in WL's security realm.
答案1
得分: 1
如果您需要构建一个用于更改密码的页面(位于embeddedLDAP或OpenLDAP中),这个Java API可能会有所帮助:
https://github.com/talenteddeveloper/LDAPWithJava/blob/master/src/main/java/ldap/learn/App.java
英文:
If you need to build a page to change the password (located in embeddedLDAP or OpenLDAP) this Java API could help:
https://github.com/talenteddeveloper/LDAPWithJava/blob/master/src/main/java/ldap/learn/App.java
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论