Maven assembly plugin

 HOWTO

• Assembly plugin https://maven.apache.org/plugins/maven-assembly-plugin/
• Assembly descriptor https://maven.apache.org/plugins/maven-assembly-plugin/assembly.html
  
• Usage https://maven.apache.org/plugins/maven-assembly-plugin/usage.html
  
• EAR plugin https://maven.apache.org/plugins/maven-ear-plugin/
• WAR plugin   https://maven.apache.org/plugins/maven-war-plugin/
• Sample code  https://github.com/dveselka/java-tutorial/blob/master/assembly/dist-assembly.xml
• Assembly examples https://github.com/khmarbaise/assembly-examples
• Multimodule project sample https://www.baeldung.com/maven-multi-module 
• Java EE https://javaee.github.io/tutorial/toc.html
   

Project input 

• Java sources
• resources files
• 3rd party libraries for compilation only
  

Project output 

• packaged JARs
• packaged EARs
• packaged WARs
  
• config files
  
• 3rd party libraries required for runtime
  
• complete TAR file delivering the application
  

Artifact types

JAR

• Java classes
• descriptors
  

EAR

• JARs - dependencies
  
• descriptors
  

WAR 

• JARs - dependencies 
• Web code
•  descriptors

 

 Test project

See https://github.com/dveselka/java-tutorial/blob/master/assembly/dist-assembly.xml

Sample assembly descriptor

<assembly xmlns="http://maven.apache.org/ASSEMBLY/2.0.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/ASSEMBLY/2.0.0 http://maven.apache.org/xsd/assembly-2.0.0.xsd">

    <id>package-artifacts</id>
    <!-- Final distributive format. -->
    <formats>
        <format>tar</format>
    </formats>

    <!-- Exclude current module from distributive. -->
    <includeBaseDirectory>false</includeBaseDirectory>

    <!-- Project files to include to distributive.
    ${maven.multiModuleProjectDirectory} - path to root project folder. -->
    <fileSets>
        <fileSet>
            <!-- From directory. -->
        <directory>${maven.multiModuleProjectDirectory}/add-to-distribution/docs</directory>
            <!-- Directory in distributive. -->
            <outputDirectory>docs</outputDirectory>
            <includes>
                <!-- ** - include all files of any nesting. -->
                <include>**</include>
            </includes>
        </fileSet>
    </fileSets>

    <!-- Set of modules, included in distributive. -->
    <dependencySets>
        <dependencySet>
            <includes>
                <!-- Include all modules from POM-dependencies current module. -->
                <include>*</include>
            </includes>
            <!-- Target folder for modules in distributive. -->
            <outputDirectory>modules</outputDirectory>
            <useProjectArtifact>true</useProjectArtifact>
            <useTransitiveDependencies>false</useTransitiveDependencies>
        </dependencySet>
    </dependencySets>

</assembly>

Run mvn install

INFO] -------------------------< dave:dist-assembly >-------------------------
[INFO] Building dist-assembly 1.0.0-SNAPSHOT                              [3/3]
[INFO] --------------------------------[ pom ]---------------------------------
[INFO] 
[INFO] --- maven-assembly-plugin:2.2-beta-5:single (create-dist) @ dist-assembly ---
[INFO] Reading assembly descriptor: dist-assembly.xml
[WARNING] Cannot include project artifact: dave:dist-assembly:pom:1.0.0-SNAPSHOT; it doesn't have an associated file or directory.
[WARNING] The following patterns were never triggered in this artifact inclusion filter:
o  '*'

[INFO] Building tar : /git/java-tutorial/assembly/target/dist-assembly-1.0.0-SNAPSHOT-package-artifacts.tar
[INFO] 
[INFO] --- maven-install-plugin:2.4:install (default-install) @ dist-assembly ---
[INFO] Installing /git/java-tutorial/assembly/pom.xml to /home/dave/.m2/repository/dave/dist-assembly/1.0.0-SNAPSHOT/dist-assembly-1.0.0-SNAPSHOT.pom
[INFO] Installing /git/java-tutorial/assembly/target/dist-assembly-1.0.0-SNAPSHOT-package-artifacts.tar to /home/dave/.m2/repository/dave/dist-assembly/1.0.0-SNAPSHOT/dist-assembly-1.0.0-SNAPSHOT-package-artifacts.tar
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for parent 1.0.0-SNAPSHOT:
[INFO] 
[INFO] parent ............................................. SUCCESS [  0.208 s]
[INFO] common ............................................. SUCCESS [  1.436 s]
[INFO] dist-assembly ...................................... SUCCESS [  0.301 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  2.049 s
[INFO] Finished at: 2022-12-08T20:50:54+01:00
[INFO] ------------------------------------------------------------------------
[dave@dave java-tutorial]$ tar tvf /git/java-tutorial/assembly/target/dist-1.0.0-SNAPSHOT-package-artifacts.tar
-rw-r--r-- dave/dave      5181 2022-12-08 20:47 modules/common-1.0.0-SNAPSHOT.jar
drwxr-xr-x dave/dave         0 2022-12-08 20:35 docs/
-rw-r--r-- dave/dave        12 2022-12-08 20:35 docs/file-to-add.txt

Project structure

./common
./common/src
./common/src/main
./common/src/main/java
./common/src/main/java/gc
./common/src/main/java/gc/LogGC.java
./common/src/main/java/generics
./common/src/main/java/generics/AbstractValue.java
./common/src/main/java/generics/BoxInteger.java
./common/src/main/java/generics/BoxString.java
./common/src/main/java/generics/GenericsTutorial.java
./common/src/main/java/ldap
./common/src/main/java/ldap/TestLDAP.java
./common/pom.xml
./assembly
./assembly/dist-assembly.xml
./assembly/pom.xml
./add-to-distribution
./add-to-distribution/docs
./add-to-distribution/docs/file-to-add.txt
./pom.xml

Sample code

 ear

      <plugin>
        <artifactId>maven-ear-plugin</artifactId>
        <version>3.3.0</version>
        <configuration>
          <!-- configuration elements goes here -->
        </configuration>
      </plugin>

Packaged file name

${project.build.directory}/${project.build.finalName}.${project.packaging}

Copy all project dependencies to target/lib

<plugin>
   <artifactId>maven-dependency-plugin</artifactId>
   <executions>
      <execution>
         <phase>package</phase>
         <goals>
             <goal>copy-dependencies</goal>
         </goals>
             <configuration>
               <outputDirectory>${project.build.directory}/lib</outputDirectory>
             </configuration>
       </execution>
    </executions>
</plugin>

Exclude transitive dependencies 

  <dependency>
            <groupId>com.dave</groupId>
            <artifactId>dave-module</artifactId>
            <version>1.0.0</version>
            <exclusions>
                <exclusion>
                    <groupId>*</groupId>
                    <artifactId>*</artifactId>
                </exclusion>
            </exclusions>
</dependency>

 war

  <build>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-war-plugin</artifactId>
        <version>3.3.2</version>
        <configuration>
          <webappDirectory>/sample/servlet/container/deploy/directory</webappDirectory>
        </configuration>
      </plugin>
    </plugins>
  </build>

assembly 

Exclude artifacts from dependency set

      <dependencySets>
        <dependencySet>
          ....
          <excludes>
            <exclude>commons-lang:commons-lang</exclude>
            <exclude>log4j:log4j</exclude>
          </excludes>
        </dependencySet>
        ....
      </dependencySets>

Full assembly descriptor

    <assembly xmlns="http://maven.apache.org/ASSEMBLY/2.1.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://maven.apache.org/ASSEMBLY/2.1.1 https://maven.apache.org/xsd/assembly-2.1.1.xsd">
      <id/>
      <formats/>
      <includeBaseDirectory/>
      <baseDirectory/>
      <includeSiteDirectory/>
      <containerDescriptorHandlers>
        <containerDescriptorHandler>
          <handlerName/>
          <configuration/>
        </containerDescriptorHandler>
      </containerDescriptorHandlers>
      <moduleSets>
        <moduleSet>
          <useAllReactorProjects/>
          <includeSubModules/>
          <includes/>
          <excludes/>
          <sources>
            <useDefaultExcludes/>
            <outputDirectory/>
            <includes/>
            <excludes/>
            <fileMode/>
            <directoryMode/>
            <fileSets>
              <fileSet>
                <useDefaultExcludes/>
                <outputDirectory/>
                <includes/>
                <excludes/>
                <fileMode/>
                <directoryMode/>
                <directory/>
                <lineEnding/>
                <filtered/>
                <nonFilteredFileExtensions/>
              </fileSet>
            </fileSets>
            <includeModuleDirectory/>
            <excludeSubModuleDirectories/>
            <outputDirectoryMapping/>
          </sources>
          <binaries>
            <outputDirectory/>
            <includes/>
            <excludes/>
            <fileMode/>
            <directoryMode/>
            <attachmentClassifier/>
            <includeDependencies/>
            <dependencySets>
              <dependencySet>
                <outputDirectory/>
                <includes/>
                <excludes/>
                <fileMode/>
                <directoryMode/>
                <useStrictFiltering/>
                <outputFileNameMapping/>
                <unpack/>
                <unpackOptions>
                  <includes/>
                  <excludes/>
                  <filtered/>
                  <nonFilteredFileExtensions/>
                  <lineEnding/>
                  <useDefaultExcludes/>
                  <encoding/>
                </unpackOptions>
                <scope/>
                <useProjectArtifact/>
                <useProjectAttachments/>
                <useTransitiveDependencies/>
                <useTransitiveFiltering/>
              </dependencySet>
            </dependencySets>
            <unpack/>
            <unpackOptions>
              <includes/>
              <excludes/>
              <filtered/>
              <nonFilteredFileExtensions/>
              <lineEnding/>
              <useDefaultExcludes/>
              <encoding/>
            </unpackOptions>
            <outputFileNameMapping/>
          </binaries>
        </moduleSet>
      </moduleSets>
      <fileSets>
        <fileSet>
          <useDefaultExcludes/>
          <outputDirectory/>
          <includes/>
          <excludes/>
          <fileMode/>
          <directoryMode/>
          <directory/>
          <lineEnding/>
          <filtered/>
          <nonFilteredFileExtensions/>
        </fileSet>
      </fileSets>
      <files>
        <file>
          <source/>
          <sources/>
          <outputDirectory/>
          <destName/>
          <fileMode/>
          <lineEnding/>
          <filtered/>
        </file>
      </files>
      <dependencySets>
        <dependencySet>
          <outputDirectory/>
          <includes/>
          <excludes/>
          <fileMode/>
          <directoryMode/>
          <useStrictFiltering/>
          <outputFileNameMapping/>
          <unpack/>
          <unpackOptions>
            <includes/>
            <excludes/>
            <filtered/>
            <nonFilteredFileExtensions/>
            <lineEnding/>
            <useDefaultExcludes/>
            <encoding/>
          </unpackOptions>
          <scope/>
          <useProjectArtifact/>
          <useProjectAttachments/>
          <useTransitiveDependencies/>
          <useTransitiveFiltering/>
        </dependencySet>
      </dependencySets>
      <repositories>
        <repository>
          <outputDirectory/>
          <includes/>
          <excludes/>
          <fileMode/>
          <directoryMode/>
          <includeMetadata/>
          <groupVersionAlignments>
            <groupVersionAlignment>
              <id/>
              <version/>
              <excludes/>
            </groupVersionAlignment>
          </groupVersionAlignments>
          <scope/>
        </repository>
      </repositories>
      <componentDescriptors/>
    </assembly>

Java EE: XML Schemas for Java EE Deployment Descriptors

 Java EE: XML Schemas for Java EE Deployment Descriptors

• https://www.oracle.com/webfolder/technetwork/jsc/xml/ns/javaee/index.html 
• https://danielveselka.blogspot.com/2013/02/weblogic-12c-java-ee-6-decriptors.html 
• Java EE 8 tutorial https://javaee.github.io/tutorial/toc.html 
• Java EE 8 samples code https://github.com/javaee-samples/javaee8-samples
• Java EE 7 samples https://github.com/javaee-samples/javaee7-samples  
  

-	Java EE 8 Schema Resources
-	Java EE 7 Schema Resources
-	Java EE 6 Schema Resources
-	Java EE 5 Schema Resources
-	J2EE 1.4 XML Schemas
-	J2EE 1.3 DTDs
-	J2EE 1.2 DTDs

 

Weblogic 12c - Java EE 6 decriptors

Java EE 6 descriptors

 

HOWTO

•  https://www.oracle.com/webfolder/technetwork/jsc/xml/ns/javaee/index.html

Web Project 3.0 

web.xml 

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
  <display-name>testJSF2</display-name>
  <welcome-file-list>
    <welcome-file>index.html</welcome-file>
    <welcome-file>index.htm</welcome-file>
    <welcome-file>index.jsp</welcome-file>
    <welcome-file>default.html</welcome-file>
    <welcome-file>default.htm</welcome-file>
    <welcome-file>default.jsp</welcome-file>
  </welcome-file-list>
  <servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>/faces/*</url-pattern>
  </servlet-mapping>
</web-app>

weblogic.xml http://docs.oracle.com/cd/E24329_01/web.1211/e21049/weblogic_xml.htm

<?xml version="1.0" encoding="UTF-8"?>
<wls:weblogic-web-app xmlns:wls="http://xmlns.oracle.com/weblogic/weblogic-web-app" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd http://xmlns.oracle.com/weblogic/weblogic-web-app http://xmlns.oracle.com/weblogic/weblogic-web-app/1.4/weblogic-web-app.xsd">
    <wls:weblogic-version>12.1.1</wls:weblogic-version>
    <wls:context-root>testJSF2</wls:context-root>
    <wls:container-descriptor>
        <wls:prefer-application-packages>
            <wls:package-name>com.dave.*</wls:package-name>
        </wls:prefer-application-packages>
        <wls:prefer-application-resources>
            <wls:resource-name>com.dave.*</wls:resource-name>
        </wls:prefer-application-resources>
    </wls:container-descriptor>
    <wls:security-role-assignment>
        <wls:role-name>daverole</wls:role-name>
        <wls:principal-name>dave</wls:principal-name>
    </wls:security-role-assignment>
    <wls:run-as-role-assignment>
        <wls:role-name>daverole</wls:role-name>
        <wls:run-as-principal-name>dave</wls:run-as-principal-name>
    </wls:run-as-role-assignment>
</wls:weblogic-web-app>

EJB 3.1 project

ejb-jar.xml

<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar version="3.1" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_1.xsd">
  <display-name>testDaveEJB31 </display-name> 
 </ejb-jar>

weblogic-ejb-jar   http://docs.oracle.com/cd/E24329_01/web.1211/e24973/ejb_jar_ref.htm#autoId0

<?xml version="1.0" encoding="UTF-8"?>
<wls:weblogic-ejb-jar xmlns:wls="http://xmlns.oracle.com/weblogic/weblogic-ejb-jar" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_1.xsd http://xmlns.oracle.com/weblogic/weblogic-ejb-jar http://xmlns.oracle.com/weblogic/weblogic-ejb-jar/1.3/weblogic-ejb-jar.xsd">
    <!--weblogic-version:12.1.1-->
    <wls:security-role-assignment>
        <wls:role-name>daverole</wls:role-name>
        <wls:principal-name>dave</wls:principal-name>
    </wls:security-role-assignment>
    <wls:run-as-role-assignment>
        <wls:role-name>daverole</wls:role-name>
        <wls:run-as-principal-name>dave</wls:run-as-principal-name>
    </wls:run-as-role-assignment>
</wls:weblogic-ejb-jar>

Enterprise Application Project 6 (EAR)

application.xml

<?xml version="1.0" encoding="UTF-8"?>
<application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns="http://java.sun.com/xml/ns/javaee" 
xmlns:application="http://java.sun.com/xml/ns/javaee/application_5.xsd" 
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_6.xsd"
 id="Application_ID" version="6">
  <display-name>testDaveEAR6</display-name>
  <module>
    <ejb>testDaveEJB31.jar</ejb>
  </module>
  <module>
    <web>
      <web-uri>testJSF2.war</web-uri>
      <context-root>testJSF2</context-root>
    </web>
  </module>
</application>

weblogic-application.xml

<?xml version="1.0" encoding="UTF-8"?>
<wls:weblogic-application xmlns:wls="http://xmlns.oracle.com/weblogic/weblogic-application" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/javaee_5.xsd http://xmlns.oracle.com/weblogic/weblogic-application http://xmlns.oracle.com/weblogic/weblogic-application/1.4/weblogic-application.xsd">
    <!--weblogic-version:12.1.1-->
    <wls:security>
        <wls:security-role-assignment>
            <wls:role-name>daverole</wls:role-name>
            <wls:principal-name>dave</wls:principal-name>
        </wls:security-role-assignment>
    </wls:security>
    <wls:application-param>
        <wls:param-name>webapp.encoding.default</wls:param-name>
        <wls:param-value>UTF-8</wls:param-value>
    </wls:application-param>
    <wls:prefer-application-packages>
        <wls:package-name>com.dave.*</wls:package-name>
    </wls:prefer-application-packages>
    <wls:prefer-application-resources>
        <wls:resource-name>com.dave.*</wls:resource-name>
    </wls:prefer-application-resources>
</wls:weblogic-application>

Declaring security roles 

http://docs.oracle.com/javaee/5/tutorial/doc/bncav.html

http://docs.oracle.com/cd/E19226-01/820-7627/gjgdi/index.html

@DeclareRoles("employee")
public class CalculatorServlet {
    //...
}

Specifying @DeclareRoles("employee") is equivalent to defining the following in the web.xml:

<security-role>
    <role-name>employee</role-name>
</security-role>

http://docs.oracle.com/cd/E24329_01/web.1211/e24421/secejbwar.htm#autoId1

Deployment Descriptor Only (Java EE standard)
The web.xml, weblogic.xml and ejb-jar.xml, weblogic-ejb-jar.xml deployment descriptors.
If roles have been defined for the application that contains the Web application or EJB, all roles are combined using a logical OR operation.

The following security-related annotations are available:

• javax.annotation.security.DeclareRoles — Explicitly lists the security roles that will be used to secure the EJB.
  
• javax.annotation.security.RolesAllowed — Specifies the security roles that are allowed to invoke all the methods of the EJB (when specified at the class-level) or a particular method (when specified at the method-level.)
  
• javax.annotation.security.DenyAll — Specifies that the annotated method can not be invoked by any role.
  
• javax.annotation.security.PermitAll — Specifies that the annotated method can be invoked by all roles.
  
• javax.annotation.security.RunAs — Specifies the role which runs the EJB. By default, the EJB runs as the user who actually invokes it.
  

Eclipse OEPE project facets

 EJB 3.1

 Web 3.0 

 

Weblogic Security API

AccessDecision
http://download.oracle.com/docs/cd/E12839_01/apirefs.1111/e13941/weblogic/security/spi/AccessDecision.html
Resource
http://download.oracle.com/docs/cd/E12839_01/apirefs.1111/e13941/weblogic/security/spi/Resource.html
URLResource
http://download.oracle.com/docs/cd/E12839_01/apirefs.1111/e13941/weblogic/security/service/URLResource.html

Weblogic Custom Role Mapping Provider

Developing Security Providers for Oracle WebLogic Server 11g Release 1 (10.3.3)
Role Mapping Providers
http://download.oracle.com/docs/cd/E14571_01/web.1111/e13718/rm.htm

The sample security providers (available at https://codesamples.samplecode.oracle.com/servlets/tracking?id=S224 on the Oracle Technology Network Web site)

Build process for Identity Asserter
http://weblogic-wonders.com/weblogic/2010/03/15/custom-identity-asserter-for-weblogic-server/


Build process for Role Mapping Provider
- download Weblogic Sample Security Providers
- unzip SampleSecurityProviders91
- set WLS environment

. /app/wlserver_10.3/server/bin/setWLSEnv.sh 

- create ant build script build.xml
- copy commo.dtd to build dir

 find /app/wlserver_10.3/ commo.dtd 
  cp /app/wlserver_10.3/server/lib/commo.dtd .

- run ant
- copy created jar to $WL_HOME/server/lib/mbeantypes

cp SimpleSampleRoleMapper.jar /usr/app/wlserver_10.3/server/lib/mbeantypes/

- restart server
- create new Role Mapper using WLS console


Configure new Role Mapper



Files in build dir

build.xml  
SimpleSampleRoleMapper.jar
SimpleSampleRoleMapper.xml     
commo.dtd
SimpleSampleRoleMapperDatabase.java
SimpleSampleSecurityRoleImpl.java

build.xml

<project name="Expenselink Build" default="all" basedir=".">
<property name="fileDir" value="test" />

<target name="all" depends="build"/>

<target name="build" depends="clean,build.mdf,build.mjf"/>

<target name="clean">
<delete dir="${fileDir}" failonerror="false"/>
<delete file="SimpleSampleRoleMapper.jar" failonerror="false"/>
<echo message="Clean finish" />
</target>

<!-- helper to build an MDF (mbean definition file) -->
<target name="build.mdf">
<java dir="${basedir}" fork="false" classname="weblogic.management.commo.WebLogicMBeanMaker">
<arg line="-files ${fileDir}" />
<arg value="-createStubs" />
<arg line="-MDF SimpleSampleRoleMapper.xml" />
</java>
<echo message="Created Supporting Classes" />
</target>

<target name="build.mjf">

<copy todir="${fileDir}" flatten="true">
<fileset dir=".">
<include name="*.java" />
</fileset>
</copy>

<java dir="${basedir}" fork="false" classname="weblogic.management.commo.WebLogicMBeanMaker">
<arg line="-MJF SimpleSampleRoleMapper.jar" />
<arg line="-files ${fileDir}" />
</java>
<echo message="Created Mbean Jar" />
</target>

</project>

AdminServer log - IdentityAsserter and RoleMapper

SimpleSampleIdentityAsserterProviderImpl.assertIdentity
    Type        = SamplePerimeterAtnToken
    Token        = [B@9a9036
    userName    = dave
SimpleSampleRoleMapperProviderImpl.getRoles
    subject    = Subject:
    Principal: dave
    Principal: DaveGroup
    Private Credential: dave

    resource    = type=<url>, application=_auto_generated_ear_, contextPath=/daveWeb, uri=/AuthenticationSnoop, httpMethod=GET
    roles    = {Anonymous=Anonymous, DaveRole=DaveRole}
SimpleSampleRoleMapperProviderImpl.getRoles
    subject    = Subject:
    Principal: dave
    Principal: DaveGroup
    Private Credential: dave

    resource    = type=<url>, application=_auto_generated_ear_, contextPath=/daveWeb, uri=/
    roles    = {Anonymous=Anonymous, DaveRole=DaveRole}

DaveRole in Weblogic LDAP - using JXplorer LDAP browser

Upgrading Deployment Descriptors From Previous Releases of J2EE and WebLogic Server

XML Deployment Descriptors
http://download.oracle.com/docs/cd/E14571_01/web.1111/e13706/overview.htm#i1074199

java weblogic.DDConverter -verbose -d /tmp/ddconv/  testWeb/WebContent/
[DDConverter] inputFile /home/dave/workspace/wls1033/testWeb/WebContent
[DDConverter] outputDir /tmp/ddconv
[DDConverter] Using exploded dir /home/dave/workspace/wls1033/testWeb/WebContent
[DDConverter] Trying factory weblogic.application.ddconvert.EJBConverterFactory
[DDConverter] Called Factory weblogic.application.ddconvert.EJBConverterFactory recognized application: false
[DDConverter] Trying factory weblogic.application.ddconvert.WarConverterFactory
[DDConverter] Called Factory weblogic.application.ddconvert.WarConverterFactory recognized application: true
[DDConverter] START Converting WAR WebContent
[DDConverter] Converting WEB-INF/web.xml
[DDConverter] Converting WEB-INF/weblogic.xml
[DDConverter] END Converting WAR WebContent

Securing Resources Using Roles and Policies for Oracle WebLogic Server

Securing Resources Using Roles and Policies for Oracle WebLogic Server
http://download.oracle.com/docs/cd/E14571_01/web.1111/e13747/toc.htm

Securing Enterprise JavaBeans (EJBs)

http://download.oracle.com/docs/cd/E14571_01/web.1111/e13711/ejb_client.htm#SCPRG286

externally-defined

The externally-defined element lets you explicitly indicate that you want the security roles defined by the role-name element in the weblogic-ejb-jar.xml deployment descriptors to use the mappings specified in the Administration Console. The element gives you the flexibility of not having to specify a specific security role mapping for each security role defined in the deployment descriptors for a particular Web application. Therefore, within the same security realm, deployment descriptors can be used to specify and modify security for some applications while the Administration Console can be used to specify and modify security for others.

Defined in descriptor

ejb-jar.xml entries:
         ...
<assembly-descriptor>
  <security-role>
        <role-name>manger</role-name>
  </security-role>
  <security-role>
        <role-name>east</role-name>  
  </security-role>
  <method-permission>
        <role-name>manager</role-name>
        <role-name>east</role-name>
        <method>
          <ejb-name>accountsPayable</ejb-name>
          <method-name>getReceipts</method-name>
        </method>
  </method-permission>
         ...
</assembly-descriptor>
          ...
weblogic-ejb-jar.xml entries:
  <security-role-assignment>
      <role-name>manager</role-name>
      <principal-name>joe</principal-name>
      <principal-name>Bill</principal-name>
      <principal-name>Mary</principal-name>
      ...
</security-role-assignment>

Externally defined in Admin Console

ejb-jar.xml entries:
         ...
<assembly-descriptor>
  <security-role>
        <role-name>manger</role-name>
  </security-role>
  <security-role>
        <role-name>east</role-name>  
  </security-role>
  <method-permission>
        <role-name>manager</role-name>
        <role-name>east</role-name>
        <method>
          <ejb-name>accountsPayable</ejb-name>
          <method-name>getReceipts</method-name>
        </method>
  </method-permission>
         ...
</assembly-descriptor>
          ...
weblogic-ejb-jar.xml entries:
  <security-role-assignment>
      <role-name>manager</role-name>
      <externally-defined/>
      ...
  </security-role-assignment>

Using run-as-role in case anonymous access is forbidden

In the ejb-jar.xml file:
// Beans "A_EJB_with_runAs_role_X" and "B_EJB_with_runAs_role_X" 
// specify a security-identity run-as role-name "runAs_role_X". 
// Bean "C_EJB_with_runAs_role_Y" specifies a security-identity 
// run-as role-name "runAs_role_Y".
<ejb-jar>
  <enterprise-beans>
    <session>
      <ejb-name>SecurityEJB</ejb-name>
      <home>weblogic.ejb20.SecuritySLHome</home>
      <remote>weblogic.ejb20.SecuritySL</remote>
      <local-home>
          weblogic.ejb20.SecurityLocalSLHome
      </local-home>
      <local>weblogic.ejb20.SecurityLocalSL</local>
       <ejb-class>weblogic.ejb20.SecuritySLBean</ejb-class>
      <session-type>Stateless</session-type>
      <transaction-type>Container</transaction-type>
    </session>
    <message-driven>
      <ejb-name>SecurityEJB</ejb-name>
      <ejb-class>weblogic.ejb20.SecuritySLBean</ejb-class>
      <transaction-type>Container</transaction-type>
      <security-identity>
           <run-as>
                 <role-name>runAs_role_X</role-name>
           </run-as>
      </security-identity>
      <security-identity>
            <run-as>
                 <role-name>runAs_role_Y</role-name>
            </run-as>
      </security-identity>
    </message-driven>
  </enterprise-beans>
</ejb-jar>

weblogic-ejb-jar file:

<weblogic-ejb-jar>
   <weblogic-enterprise-bean>
     <ejb-name>A_EJB_with_runAs_role_X</ejb-name>
   </weblogic-enterprise-bean>
   <weblogic-enterprise-bean>
     <ejb-name>B_EJB_with_runAs_role_X</ejb-name>
     <run-as-principal-name>Joe</run-as-principal-name> 
   </weblogic-enterprise-bean>
   <weblogic-enterprise-bean>
     <ejb-name>C_EJB_with_runAs_role_Y</ejb-name>
   </weblogic-enterprise-bean>
   <security-role-assignment>
     <role-name>runAs_role_Y</role-name>
     <principal-name>Harry</principal-name>
     <principal-name>John</principal-name>
   </security-role-assignment>
   <run-as-role-assignment>
     <role-name>runAs_role_X</role-name>
     <run-as-principal-name>Fred</run-as-principal-name>
   </run-as-role-assignment>
</weblogic-ejb-jar>

If you see this error in logs/DefaultAuditRecorder.log when anonymous access to WLS JNDI tree is disabled

#### Audit Record Begin Nov 30, 2010 1:42:14 PM Severity =FAILURE Event Type = Authorization Audit Event V2 Subject: 0
ONCEjndi type= jndi , application=, path={weblogic}, action=lookup Audit Record End ####

you can disable internal WLS application
Async web service support is not fully configured. The async response web service /AsyncResponseServiceSoap12Https for this server was not fully deployed because the JMS reliability queue was not defined/deployed: weblogic.wsee.DefaultQueue. The server will periodically retry completing the deploy for the service. This message can usually be ignored unless there are async web service applications. To completely disable async web service support, thus avoiding this message, set -Dweblogic.wsee.skip.async.response=true

Internal WLS applications deployed on each server

./servers/ServerA1/tmp/_WL_internal/bea_wls_deployment_internal/voxsyv/war/WEB-INF/web.xml
./servers/ServerA1/tmp/_WL_internal/bea_wls9_async_response/39a4jn/war/WEB-INF/webservices.xml
./servers/ServerA1/tmp/_WL_internal/bea_wls9_async_response/39a4jn/war/WEB-INF/weblogic-webservices-policy.xml
./servers/ServerA1/tmp/_WL_internal/bea_wls9_async_response/39a4jn/war/WEB-INF/AsyncResponseService.xml
./servers/ServerA1/tmp/_WL_internal/bea_wls9_async_response/39a4jn/war/WEB-INF/web.xml
./servers/ServerA1/tmp/_WL_internal/bea_wls9_async_response/39a4jn/war/WEB-INF/AsyncResponseService-annotation.xml
./servers/ServerA1/tmp/_WL_internal/bea_wls9_async_response/39a4jn/war/WEB-INF/AsyncResponseServiceSoap12.xml
./servers/ServerA1/tmp/_WL_internal/bea_wls9_async_response/39a4jn/war/WEB-INF/weblogic.xml
./servers/ServerA1/tmp/_WL_internal/bea_wls9_async_response/39a4jn/war/WEB-INF/AsyncResponseServiceSoap12-annotation.xml
./servers/ServerA1/tmp/_WL_internal/bea_wls9_async_response/39a4jn/war/WEB-INF/weblogic-webservices.xml
./servers/ServerA1/tmp/_WL_internal/bea_wls_internal/hta2i5/war/WEB-INF/web.xml
./servers/ServerA1/tmp/_WL_internal/bea_wls_internal/hta2i5/war/WEB-INF/weblogic.xml
./servers/ServerA1/tmp/_WL_internal/bea_wls_cluster_internal/px8ma5/war/WEB-INF/web.xml
./servers/ServerA1/tmp/_WL_internal/bea_wls_cluster_internal/px8ma5/war/WEB-INF/weblogic.xml

Using run-as-principal in MDB deployment descriptor

ejb-jar.xml

            <security-identity>
                <run-as>
                 <role-name>Admin</role-name>
                 </run-as>
                </security-identity>
        </message-driven>

...

<assembly-descriptor>
    <security-role>
         <role-name>Admin</role-name>
    </security-role>
        <container-transaction>

weblogic-ejb-jar.xml

<security-role-assignment>
            <role-name>
                    Admin
            </role-name>
                <principal-name>
                weblogic
                </principal-name>
          </security-role-assignment>
          <run-as-role-assignment>
        <role-name> 
            Admin 
        </role-name>
        <run-as-principal-name>
            weblogic
        </run-as-principal-name>
    </run-as-role-assignment>

Weblogic 11g (10.3.1) weblogic.xml, web.xml, weblogic-ejb-jar.xml, ejb-jar.xml documentation

Oracle Developer Guides
http://download.oracle.com/docs/cd/E12839_01/dev.htm

Oracle® Fusion Middleware Developing Web Applications, Servlets, and JSPs for Oracle WebLogic Server
11g Release 1 (10.3.1)
http://download.oracle.com/docs/cd/E12839_01/web.1111/e13712/toc.htm

Java EE : XML Schemas for Java EE Deployment Descriptors
http://java.sun.com/xml/ns/javaee/


web.xml Deployment Descriptor Elements
http://download.oracle.com/docs/cd/E12839_01/web.1111/e13712/web_xml.htm#i1039990

Oracle® Fusion Middleware Programming Enterprise JavaBeans for Oracle WebLogic Server
http://download.oracle.com/docs/cd/E12839_01/web.1111/e13719/toc.htm

weblogic-ejb-jar.xml Deployment Descriptor Reference
http://download.oracle.com/docs/cd/E12839_01/web.1111/e13719/ejb_jar_ref.htm#i1432300

ejb-jar.xml schema
http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd


weblogic.xml Deployment Descriptor Elements
http://download.oracle.com/docs/cd/E12839_01/web.1111/e13712/weblogic_xml.htm#i1057398