Technical data

8 Protecting System Administration Operations

8-6 Configuring and Managing WebLogic Server

Resources and Policies

A WebLogic Server instance, the server’s subsystems (such as Deployment Manager

and JDBC Container), and the items that the subsystems control (such as Web

applications and JDBC connection pools) are called resources. Each WebLogic Server

resource exposes a set of its operations through its own instance of the

weblogic.security.spi.Resource interface.

A policy is a set of criteria that determines who can access the

Resource interface for

a resource. For example, the Resource interface for a server resource exposes

operations that start, shut down, lock, or unlock the server instance. You can define a

policy that determines who can access the server’s

Resource interface and its

methods.

In some cases, the operations that the Resource interface exposes change attributes of

WebLogic Server MBeans. In these cases, the permissions specified by the policy must

agree with the role-based protections of MBean attributes. (See Figure 8-2.)

Figure 8-2 Overlapping Permissions for Server Policies and MBeans

Resource Interface

Server Policy

isAccessAllowed()

Server MBeans

Server

stop()

lock()

unlock()

start()

isUserInRole()