Vendor-Specific EJB Identity and Authentication
Vendor-specific mappings from logical security role to operational environment groups or users might not require any vendor-specific code, but the exact way in which your container manages the access, addition, and removal of the operational groups or users within its auspices might require vendor-specific code. How do we customize our vendor's server environment to know about valid principal names? For example, if your enterprise manages principal information in a database, a vendor-specific means to access that information via custom JDBC calls could be required. However, you also might decide to use whatever means are provided by your particular vendor to automatically manage such information, which might not require specialized coding. Such methods might include a means to specify principal information in a simple text file, an XML file, or an LDAP structure.
The BEA WebLogic Server, in fact, uses a text-based configuration file (that is, its weblogic.properties file) as the default means for storing usernames and passwords. User information is added to this file in the form of name/value entries. Similarly, groups can be added to the file as name/value entries.
Configuring principal information using static configuration files, however, will be infeasible for most medium- to large-scale applications. Thus, BEA WebLogic also provides a means to manage identities stored in alternate principal identification repositories (that is, security domains or realms). An alternate realm is designated in the weblogic.properties file by setting a special weblogic.security.RealmClass property equal to a fully qualified class name that encapsulates the alternate realm. Such classes implement WebLogic-specific interfaces that enable the WebLogic Server environment to invoke operations on such class instances during operational processing of security-related events. The available alternate BEA WebLogic v5.1 realm types include LDAP, Windows NT domain, UNIX domain, and database storage of principal information used during authentication.