How to secure specific URL’s of an application on Weblogic


We can do that by using the DD Model as Custom Roles and Polcies and Defining the URL Pattern Scoped Policies.

The screenshots below will give an idea. If you have any queries feel free to let us know.


1.Deploy the application using DD Model as Custom Roles and Policies


Create a new user testuser

Go to

Deployments > TestApp > Security > URL Patterns > Roles

Click new and provide url pattern as /protected/* and role as testrole

Click on the testrole and add user testuser to the role condition. Remember to save!

Go to

Deployments > TestApp > Security > URL Patterns > Policies

Create a new policy /protected/* and add testrole to that policy.


One comment

  1. Hi there, this is a great post, I finally got it working thanks to this advice. However important questions remain :

    1) It seems bizarre when defining a URL pattern that both a role and a policy are mapped to a URL pattern, and you have to do both. I would have thought a role would be mapped to a policy, not the same URL pattern a policy is mapped to! Any idea why they would have designed it this way? Seems very unintuitive 🙂

    2) In addition to URL patterns, there is also the “Application Scope” tab where you can enter new roles directly. However, what are these ‘roles’ used for, and how can you use them / test them in a simple app? The ‘roles’ entered in URL patterns as per the post above, say “testrole” do not show up in the list here. So there seem to be different lists of roles for different purposes :-/ Any clues on how to use these other ones and their purpose?

    many thanks 🙂

Comments are closed.