Skip to content

Configuring SQL Authenticator with Weblogic Server.

Weblogic Server, by default stores the user and group information in an Embedded LDAP Server.

If we want to store the user and group information in a database, Weblogic Server provides an Out of the Box Provider, SQL Authenticator.

The SQL Authenticator uses a default schema, which can be modified.
To create the tables required by the SQL Authenticator using the default schema, execute the following query.

CREATE TABLE USERS (
U_NAME VARCHAR(200) NOT NULL,
U_PASSWORD VARCHAR(50) NOT NULL,
U_DESCRIPTION VARCHAR(1000))
;
ALTER TABLE USERS
ADD CONSTRAINT PK_USERS
PRIMARY KEY (U_NAME)
;
CREATE TABLE GROUPS (
G_NAME VARCHAR(200) NOT NULL,
G_DESCRIPTION VARCHAR(1000) NULL)
;
ALTER TABLE GROUPS
ADD CONSTRAINT PK_GROUPS
PRIMARY KEY (G_NAME)
;
CREATE TABLE GROUPMEMBERS (
G_NAME VARCHAR(200) NOT NULL,
G_MEMBER VARCHAR(200) NOT NULL)
;
ALTER TABLE GROUPMEMBERS
ADD CONSTRAINT PK_GROUPMEMS
PRIMARY KEY (
G_NAME,
G_MEMBER
)
;
ALTER TABLE GROUPMEMBERS
ADD CONSTRAINT FK1_GROUPMEMBERS
FOREIGN KEY ( G_NAME )
REFERENCES GROUPS (G_NAME)
ON DELETE CASCADE

Insert the User and Group records into the database.

insert into USERS (U_NAME,U_PASSWORD,U_DESCRIPTION) values(’system’,’weblogic’,’admin user’);

insert into GROUPS (G_NAME,G_DESCRIPTION) values(‘Adminsitrators’,’Adnministrators’);

insert into GROUPMEMBERS (G_NAME,G_MEMBER) values(‘Administrators’,’system’);

Create a datasource on Weblogic Server.

Create an SQLAuthenticator

myrealm > Providers > new SQLAuthenticator

Under myrealm > Providers > SQLAuthenticator > Provider Specific

Check Plaintext Passwords Enabled
Data Source Name: DS1

Leave the rest as default since we are using default schema.

In my example I have used plain text password.

If you want to log in to the console from users in the database, change the default authenticator flag as OPTIONAL.

Restart the server and log in as system.

Go to myrealm > Users and Groups to see the user and groups from the database.

Post a comment Trackback URI RSS 2.0 feed for these comments This entry (permalink) was posted on Thursday, March 11, 2010, at 2:48 pm by Faisal. Filed in Uncategorized and tagged , .

10 Comments

  1. Eamonn

    Hi Faisal
    Is there an api that lets you programmatically add users?

    Posted on 23-Mar-10 at 9:48 pm | Permalink
  2. Faisal Khan

    Yes you can do it using UserEditorMbean

    http://download.oracle.com/docs/cd/E15051_01/wls/docs103/javadocs/weblogic/management/security/authentication/UserEditorMBean.html

    Please find a sample below.

    http://secure-zone.blogspot.com/2009/10/creating-users-in-weblogic-server.html

    Posted on 24-Mar-10 at 8:29 am | Permalink
  3. Eamonn

    thanks a lot Faisal you were a big help. Many thanks

    Posted on 26-Mar-10 at 3:25 pm | Permalink
  4. Arunbaalajee R

    Awesome document, thanks a ton :)

    Regards,
    Arunbaalajee R

    Posted on 23-Jun-11 at 12:18 pm | Permalink
  5. Mark Thompson

    Nice document except for the typos. The ‘insert into groups’ command is wrong.

    Posted on 10-Feb-12 at 2:06 pm | Permalink
  6. Administrator

    thanks for pointing out mark…

    Posted on 21-Feb-12 at 9:14 pm | Permalink
  7. Vijay

    I created users and groups in database following the above steps. All are listed in the myrealm in the WebLogic console.

    I could NOT see the users and groups in the Oracle BPM Workspace, while doing a ‘reassign’ for any task, please advice.

    Posted on 11-Sep-12 at 8:49 am | Permalink
  8. Vijay

    I could not logon to Workspace with the database users

    Posted on 12-Sep-12 at 1:29 am | Permalink
  9. Administrator

    You will have to modify the default roles and policies in order to do that..

    http://weblogic-wonders.com/weblogic/2010/06/04/how-to-modify-weblogic-default-roles-and-policies/

    Posted on 29-Sep-12 at 10:56 am | Permalink
  10. Administrator

    Not sure, you can post on Oracle BPM forum..

    Posted on 29-Sep-12 at 10:56 am | Permalink

Post a Comment

Your email is never published nor shared.