Securing the ArcGIS Spatial Data Server service administration URL in Oracle WebLogic

Add security constraints to the web.xml and security elements to the weblogic.xml file to secure access to ArcGIS Spatial Data Server administration and services that run within Oracle WebLogic.

TipTip:

Additionally, you should always use Secure Sockets Layer (SSL) connections to your sites in production environments. See the Oracle WebLogic documentation for information on configuring this.

Adding users and roles through the WebLogic Administration Console

Log in to your WebLogic Server Domain from the WebLogic Server Administration Console as the WebLogic administrator and define users and roles.

Extract the arcgis.war file

The web.xml and weblogic.xml files were placed in the WEB-INF folder of the arcgis.war file when you deployed your application server. To alter these files after deployment, you must extract (uncompress) the arcgis.war file. Before extracting, make a backup copy of the file.

Altering weblogic.xml

Add security elements to the weblogic.xml file.

In this example, role1 is a specific role name that was defined using the WebLogic Administrative Console, and user1 is a user name that was also created using the Weblogic Administrative Console then added to the role, role1.

<security-role-assignment>
    <role-name>role1</role-name>
    <principal-name>user1</principal-name>
 </security-role-assignment>

Altering web.xml

Add a security-constraint element and its subelements to the web.xml file.

In the following example, users who browse to the /admin/* url of the spatial data server will be prompted for a user name and password. The user must provide the credentials for a user who is a member of the role1 role, defined in the weblogic.xml file.

<security-constraint>
   <display-name>Restricted GET and POST To WebLogic users of ADMIN</display-name>
   <web-resource-collection>
      <web-resource-name>Restricted Access - Get Only</web-resource-name>
      <url-pattern>/admin/*</url-pattern>
      <http-method>GET</http-method>
	<http-method>POST</http-method>
   </web-resource-collection>
   <auth-constraint>
      <role-name>role1</role-name>
   </auth-constraint>
   <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
   </user-data-constraint>
</security-constraint>
 <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>default</realm-name>
</login-config>

The DIGEST authentication method was specified with the <auth-method> nested components in the preceding example. Other possible authentication methods that can be specified with this subelement are BASIC or FORM, but these methods send passwords in plain text.

Repackage the arcgis.war file

After you change the web.xml and weblogic.xml files, repackage (compress) the arcgis.war file, keeping the same name.

Redeploy the arcgis.war file

Follow the steps in the section "Deploying the web application" in Web application deployment for WebLogic to redeploy the altered arcgis.war file.

7/19/2012