Security in WebLogic Platform 8.1
BEA provides a standalone security product, called BEA WebLogic Enterprise Security, that you can use with WebLogic Platform to administer application security for your whole environment. Whether this product is appropriate for your WebLogic Platform configuration depends on the the type of application platforms used in your enterprise environment, and your specific security requirements.
BEA WebLogic Enterprise Security is an infrastructure designed to provide security for multiple applications across an enterprise. These applications may be hosted on heterogeneous platforms, such as Netscape Web servers, Sun ONE Web servers, and Java applications, in addition to WebLogic Platform.
WebLogic Enterprise Security consists of the following:
WebLogic Enterprise Security includes the following key features:
Security administrators can define and deploy security policies without writing new code or redeploying applications. Rules and policies are all managed through a central administration console. In addition, policy verification and policy inquiry functions allow the administrator to validate security policy implementations prior to deployment.
Security policies can be designed to model your business policies, and then implemented, tested, and distributed through a central administration application.
Additional support for standard security technologies is provided. These technologies include J2EE security technologies, such as the Java Authentication and Authorization Service (JAAS), Java Secure Sockets Extensions (JSSE), and Java Cryptography Extensions (JCE).
When you use WebLogic Enterprise Security with WebLogic Platform, the WebLogic Server 8.1 Security Service Module (SSM) replaces the WebLogic Platform security framework. This SSM ties all WebLogic Platform applications into a single WebLogic Enterprise Security administration application so that all WebLogic Platform administrative activities are performed through one administration application.
WebLogic Enterprise Security offers the following features that can supplement WebLogic Platform security:
This feature allows user identity to be propagated from an application to WebLogic Server so that users are not required to authenticate themselves multiple times as they access WebLogic Server resources, including across domains.
WebLogic Enterprise includes Authentication providers that can work with user information stored in Windows NT realms and RDBMSs.
This feature allows you to create user profiles based on information that is distributed across multiple sources, and to create role and authorization policies based on the additional information contained in those profiles.
The Java Security Service Module provides a public application programming interface (API) that allows security developers to insert security services into their applications.
WebLogic Enterprise Security allows you to apply security policies within components of an application as well as across domains.
For more information, see the BEA WebLogic Enterprise Security 4.1 Technical Resource Center at the following Web site:
http://dev2dev.bea.com/products/wlesecurity/index.jsp