When using LiveCycle ES deployed on WebLogic, you may want to restrict JNDI access and data source connection reservation to a limited set of users. This TechNote describes how to secure JNDI artifacts on a WebLogic server.
The steps in this TechNote apply to LiveCycle ES server deployments with or without LiveCycle Business Activity Monitoring ES.
To secure the JNDI artifacts on a WebLogic server, specify the JNDI credentials in a properties file in the classpath of the LiveCycle ES application. Next, ensure that the artifacts are properly configured in the WebLogic Administration Console.
Perform these steps:
-
Create a jndi.properties file in a known location. The contents include:
java.naming.security.principal=<adminUser> java.naming.security.credentials=<adminPassword>
where <adminUser> and <adminPassword> are the user name and password of a member of the Administrator group in WebLogic’s security realm. (For example, a user called BAMUser is added to the Administrator’s group).
- Embed the jndi.properties file into the application EAR file (inside the WAR META-INF\classes directory).
- Specify the jndi.properties file in WebLogic’s “Server Start” page Class Path section. Simply append the folder containing the jndi.properties file.
Set the BAM and the LiveCycle server to have the classpath set.
-
Click View JNDI Tree located in LiveCycle ES\Environment\Servers\your_servername (where your_servername is the name of the server where you are running LiveCycle ES). A new window appears with the JNDI Tree Structure. Complete these steps:
a. In the JNDI Tree Structure window, navigate to the various datasource objects according to their JNDI name.
b. Click the Security tab.
c. Click the Policies tab.
d. Click Add Condition.
e. Select User in the Predicate list.
f. Click Next.
g. Enter the administrator username in the User Argument Name field.
h. Click Add.
i. Click Finish.
j. Click Save.
k. Repeat these steps for each resource you want to secure.