This chapter describes the changes introduced in this release. The single most important new feature in this release is the introduction of the Oracle WebLogic Server as the environment where applications run and where security is provisioned.
The features introduced in this release include the following;
Support for application policies and roles, and the authenticated and anonymous users and roles
Credential Store Framework
Auditing framework for Oracle Platform Security Services (OPSS) events for credential and policy management, and authorization checks
Support for application lifecycle security integrated with JDeveloper
Enhanced authorization framework
Consolidation of code-based and subject-based policies in system-jazn-data.xml
Management of security with Oracle Enterprise Manager Fusion Middelware Control and WLST commands
New security-related WLST commands
This release introduces the following changes:
Jazn is replaced with OPSS.
Jazn Realm API is replaced by the User and Role API.
Migration of OSDT toolkit from proprietary objects to JCE is desupported.
The identity store, as previously configured in system-jazn-data.xml, is replaced by the use of WebLogic authenticators.
The functions of Oracle Jazn Administration Tool are replaced as follows:
User and Role CRUD operations are replaced by the use of the Embedded LDAP configured and operated with the Oracle WebLogic Administration Console
The configuration of login modules is replaced with the use of the Oracle WebLogic Administration Console to configure authenticators
JavaSSO is no longer supported. On a Oracle WebLogic Server domain, Single Sign-On (SSO) is automatic within clusters only when session replication is turned on.
To upgrade from a previous release to the current, see any of the following documents;