Security Guide

     Previous  Next    Contents    View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Introduction

Foundations of WebLogic Portal Security

J2EE Security Services

WebLogic Security Service Provider Interfaces

Java Authentication and Authorization Service

Authentication

Authentication Providers

Identity Assertion Providers and Single Sign-On

Implementing Authentication Programmatically

Authorization

Authorization Providers

Role Mapping Providers

Roles and Role Policies

Security Policies

Deployment Descriptors

WebLogic Portal-Specific Security Extensions

Visitor Entitlements

Delegated Administration

Security Features in the WebLogic Portal Life Cycle

Architecture

Development

Staging

Production

Credential Vault

Getting Started

Part I Architecture

Planning a Security Strategy

Developing Your Security Strategy

Choosing WebLogic and Custom Authentication Providers

Setting Up a WebLogic Authentication Provider

Setting Up a Custom Authentication Provider

Deciding When to Use Multiple Authentication Providers

Setting Up Multiple Authentication Providers

Selecting Read-Only or Write Access to User Information

Setting Up Role-Based Authorization

Understanding Global and Scoped Roles

Global Roles

Scoped Roles

Restricting Portal Visitor Access Using Entitlements

Protecting Portal Resources Using Visitor Entitlements

Protecting Content Management Resources Using Visitor Entitlements

Protecting Groups Using Visitor Entitlements

Setting Up a Delegated Administration Role Hierarchy

Example Role Hierarchy

Setting Up Administrative Roles

Designing Security for Optimal Performance

Part II Development

Securing Your Portal Deployment

Encrypting Sensitive Information

Using Firewalls

Securing the WebLogic Portal Administration Console

Securing Database Communications

Reviewing Policies and Visitor Entitlements

Securing WSRP Applications

Blocking Non-HTTP Protocols

Securing the Content Management System

Securing UUP Data

Application-Scoping Resources

Securing GroupSpace Applications

Securing WebDAV Web Application

Implementing Authentication Programmatically

Always Redirect After Login or Logout

Avoid Using JSP Tags for Login and Logout

Sample JSP Login/Logout Code

Preventing Direct Access to Portal Application Resources

Securing Resources Using Deployment Descriptors

Securing Third-Party Applications

Understanding the Credential Vault

User Credential Vault

User + Resource Credential Vault

System Credential Vault

Visibility

Using the Credential Vault APIs

Initialize the Credential Vault

Construct the Resource Key

Creating a Credential Entry

Accessing a Credential Entry

Updating a Credential Entry

Deleting a Credential Entry

Credential Vault Examples

Creating or Viewing System Credentials in the Administration Console

Part III Staging

Managing Security Providers

Viewing Configured Security Providers

Viewing Configured Authentication Providers

Viewing Authentication Provider Details

Removing Authentication Providers

Viewing Configured Role Mappers

Viewing Role Mapper Details

Viewing Authentication Provider Services

Viewing Authentication Provider Service Details

Adding Authentication Security Provider Services

Configuring Authentication Provider Services

Enabling Text Entry for Authentication Providers

Adding Group Management Roles

Editing Group Management Roles

Adding User Management Roles

Editing User Management Roles

Adding Protected and Reserved Group Names

Editing Protected and Reserved Group Names

Adding Protected and Reserved User Names

Editing Protected and Reserved User Names

Viewing Role Provider Services

Viewing Role Provider Service Details

Adding Role Mapping Provider Services

Configuring Role Mapping Provider Services

Enabling Text Entry for a Role Mapping Providers

Configuring Delegated Administration

Creating Delegated Administration Roles

Adding Users, Groups, and Conditions in Delegated Administration Roles

Adding Users to Delegated Administration Roles

Adding Groups to Delegated Administration Roles

Adding Conditions to Delegated Administration Roles with Expressions

Removing Users, Groups, and Conditions from Delegated Administration Roles

Removing Users from Delegated Administration Roles

Removing Groups from Delegated Administration Roles

Removing Conditions in Delegated Administration Roles

Modifying Conditions in Delegated Administration Roles

Granting Additional Delegation Properties to Roles

Viewing Delegated Administration Role Details

Viewing the Delegated Resources

Renaming Delegated Administration Roles

Deleting Delegated Administration Roles

Setting Delegated Administration on Authentication Providers

Removing Delegated Administration on Authentication Providers

Setting Delegated Administration on Groups

Removing and Editing Delegated Administration on Groups

Setting Delegated Administration on Portal Resources in the Library

Setting Delegated Administration on Portal Resources in the Desktop

Removing and Editing Delegated Administration on Portal Resources

Setting Delegated Administration on Interaction Management Resources

Removing Delegated Administration on Interaction Management Resources

Setting Delegated Administration on Content Management Resources

Removing and Editing Delegated Administration on Content Management Resources

Setting Delegated Administration on Visitor Entitlement Roles

Removing Delegated Administration from Visitor Entitlement Roles

Configuring Visitor Entitlements

Creating Visitor Entitlement Roles

Adding Users, Groups, and Conditions in Visitor Entitlement Roles

Adding Users to Visitor Entitlement Roles

Adding Groups to Visitor Roles

Adding Conditions to Visitor Roles with Expressions

Removing Users, Groups, and Conditions from Visitor Entitlement Roles

Removing Users from Visitor Entitlement Roles

Removing Groups from Visitor Entitlement Roles

Removing Conditions in Visitor Entitlement Roles

Modifying Conditions in Visitor Entitlement Roles

Viewing Visitor Entitlement Role Details

Viewing the Entitled Resources

Renaming Visitor Entitlement Roles

Deleting Visitor Entitlement Roles

Choosing Whether to Set Visitor Entitlements on Portal Resources in the Library or the Desktop

Using Web-Application or Enterprise-Application Scoped Roles for Entitlements on Portal Resources

Setting Visitor Entitlements on Portal Resources in the Library

Setting Visitor Entitlements on Portal Resources in the Desktop

Removing and Editing Visitor Entitlements on Portal Resources

Setting Visitor Entitlements on Groups

Removing Visitor Entitlements on Groups

Setting Visitor Entitlements on Content Management Resources

Removing and Editing Visitor Entitlements on Content Management Resources

Designing Visitor Entitlements for Performance

Deploying Security Components

Deploying the Enterprise Archive File

Modifying Enterprise Application Deployment Descriptors

Modifying Web Application Deployment Descriptors

Using the Propagation Utility

Part IV Production

Implementing Authorization Programmatically

Verifying Whether a User Is Assigned a Specific Role

Verifying Whether a User Has Access to a Resource

Attributes

Example

Other Tools


  Back to Top       Previous  Next