Purpose

When using LiveCycle ES deployed on WebLogic, you may want to restrict JNDI access and data source connection reservation to a limited set of users. This TechNote describes how to secure JNDI artifacts on a WebLogic server.

The steps in this TechNote apply to LiveCycle ES server deployments with or without LiveCycle Business Activity Monitoring ES.

Solution

To secure the JNDI artifacts on a WebLogic server, specify the JNDI credentials in a properties file in the classpath of the LiveCycle ES application. Next, ensure that the artifacts are properly configured in the WebLogic Administration Console.

Perform these steps:

  1.  Create a jndi.properties file in a known location. The contents include:



         java.naming.security.principal=<adminUser>     java.naming.security.credentials=<adminPassword>

     where <adminUser> and <adminPassword> are the user name and password of a member of the Administrator group in WebLogic’s security realm. (For example, a user called BAMUser is added to the Administrator’s group).

     
  2. Do one of the following tasks:
  • Embed the jndi.properties file into the application EAR file (inside the WAR META-INF\classes directory).
  • Specify the jndi.properties file in WebLogic’s “Server Start” page Class Path section. Simply append the folder containing the jndi.properties file.



    Set the BAM and the LiveCycle server to have the classpath set.
  1. Restart the target server for the JNDI properties to take effect. After the restart, all JNDI requests on the server are completed as the specified user.
  2. Configure the data sources needed by BAM and the LiveCycle ES application. Record the JNDI names associated with each data source.
  3. Click View JNDI Tree located in LiveCycle ES\Environment\Servers\your_servername (where your_servername is the name of the server where you are running LiveCycle ES). A new window appears with the JNDI Tree Structure. Complete these steps:

           a.  In the JNDI Tree Structure window, navigate to the various datasource objects according to their JNDI name.

           b.  Click the Security tab.

           c.  Click the Policies tab.

           d.  Click Add Condition.

           e.  Select User in the Predicate list.

            f.  Click Next.

           g.  Enter the administrator username in the User Argument Name field.

           h.  Click Add.

           i.   Click Finish.

           j.   Click Save.

           k.  Repeat these steps for each resource you want to secure.
  4. Deploy the EAR file and start it. Ensure that it starts without errors.

Šis darbas yra licencijuotas pagal licenciją „Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License“  „Twitter™“ ir „Facebook“ skelbimams „Creative Commons“ sąlygos netaikomos.

Teisiniai pranešimai   |   Privatumo internete politika