Implementing Security in Deployed Applications
Although JDeveloper 11g migrates application identities to the integrated WebLogic Server for single-user testing and debugging, there is no automated migration of the identities to an external, stand-alone WLS. Typically the file-based identities in an application include only a few test usernames in the necessary roles for development testing purposes. The full set of usernames, roles, and role memberships needs to be defined on the stand-alone WebLogic server as a separate step if these have not already been set up for other applications’ environment.
After deploying to WLS, you must therefore migrate your application’s credential store and any security policies outside of JDeveloper. There are some tools to assist you with this process:
The command-line script <JDev_Home>/jdeveloper/modules/oracle.jps_11.1.1/ scripts/migrateSecurityStore can merge the credentials of your application with the existing data store, and can also merge application-level security policies with domain-level policies. Refer the JDeveloper online Help.
For the most common use cases (migrating an application’s credentials in cwallet.sso or the security policies in jazn-data.xml to the WLS domain’s cwallet.sso or system-jazn-data.xml file), you can use a simplified method that uses an Ant script. (http://www.oracle.com/technology/products/jdev/tips/muench/credmig111100/index.htm)