OTN Home > Oracle WebLogic Server 12.2.1.3.0 Documentation > Administration Console Online Help > Configure Role Mapping providers

Administration Console Online Help

Previous Next Open TOC in new window
Content starts here

Configure Role Mapping providers

Before you begin

If automatic realm restart is enabled, you do not need to restart WebLogic Server after activating non-dynamic changes to security providers. See Enable automatic realm restart and Using Automatic Realm Restart.


Role mapping is the process whereby principals (users or groups) are dynamically mapped to security roles at runtime. In WebLogic Server, a Role Mapping provider determines what security roles apply to the principals stored in a subject when the subject is attempting to perform an operation on a WebLogic resource. Because this operation usually involves gaining access to the WebLogic resource, Role Mapping providers are typically used with Authorization providers.

WebLogic Server includes two types of Role Mapping providers:

  • the XACML Role Mapping provider, which is the standard Role Mapping provider for the WebLogic Security Framework. It implements XACML 2.0, the standard access control policy markup language.
  • the WebLogic Role Mapping provider, which is a Role Mapping provider for the WebLogic Security Framework that implements a proprietary policy language. Note that the Administration Console refers to the WebLogic Role Mapping provider as the Default Role Mapper, even though the XACML Role Mapping provider is configured by default instead.

To configure a Role Mapping provider:

  1. If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit (see Use the Change Center).
  2. In the left pane, select Security Realms and click the name of the realm you are configuring (for example, myrealm).
  3. Select Providers > Role Mapping.

    The Role Mapping Providers table lists the Role Mapping providers configured in this security realm
  4. Click New.

    The Create a New Role Mapping Provider page appears.
  5. In the Name field, enter a name for the Role Mapping provider.
  6. From the Type drop-down list, select the type of the Role Mapping provider and click OK.
  7. Select Providers > Role Mapping and click the name of the new Role Mapping provider to complete its configuration.
  8. Optionally, under Configuration > Provider Specific, set Role Deployment Enabled if you want to store security roles that are created when you deploy a Web application or an Enterprise JavaBean (EJB).
  9. Click Save to save your changes.
  10. In the Change Center, click Activate Changes.

Back to Top