Technical data

ManualsBrandsBEA ManualsComputer equipmentWebLogic Server 7

271

272

273

274

275

276

277

278

279

280

14 Managing Security

14-40 Administration Guide

Users are entities that can be authenticated in a WebLogic Server security realm. A

User can be a person or a software entity, such as a Java client. Each User is given a

unique identity within a WebLogic Server security realm. As a system administrator

you must guarantee that no two Users in the same security realm are identical.

Defining Users in a security realm involves specifying a unique name and password

for each User that will access resources in the WebLogic Server security realm in the

Users window of the Administration Console.

WebLogic Server has two special users,

system and guest:

n The system User is the administrative user who controls system-level

WebLogic Server operations, such as starting and stopping servers, and locking

and unlocking resources. The

system User and its password are defined during

the WebLogic Server installation procedure. As a security precaution, BEA

recommends changing the password for the

system User. For more information,

see “Changing the System Password.”

n The guest User is automatically provided by WebLogic Server. When

authorization is not required, WebLogic Server assigns the

guest identity to a

client, thus giving the client access to any resources that are available to the

guest user. A client can log in as the guest User by entering guest as the

username and

guest as the password when prompted by a Web browser or by

supplying the

guest username and password in a Java client. By default, the

guest account is enabled.

For a more secure deployment, BEA recommends running WebLogic Server

with the

guest account disabled. To disable the guest account, select the Guest

Disabled attribute on the General tab of the Security Configuration window.

Disabling the

guest account just disables the ability to log in into the account

guest; it does not disable the ability for unauthenticated users to access a

WebLogic Server deployment.

Warning: Be advised it is still possible to access a deployment through an

anonymous user if the ACLs on the anonymous user are not set properly.

Set ACLs so that unauthorized access is not possible.

The

system and guest Users are like other Users in a WebLogic Server security

realm:

n To access WebLogic Server resources, they must have appropriate ACLs.