|
|
This topic includes the following sections:
The BEA WebLogic Enterprise (referred to as WLE) product enables you to integrate the following essential security features into your WLE applications:
WLE Security Features
Link-level encryption (LLE) is the encryption of messages going across network links between machines in a WLE domain or between WLE domains. The objective of LLE is to ensure confidentiality so that a network-based eavesdropper cannot learn the content of WLE system messages or WLE application-generated messages. LLE is point-to-point, which means that data may be encrypted/decrypted as many times as it flows over network links.
LLE works in the following way:
Link-Level Encryption
How LLE Works
Figure 1-1 illustrates these steps.
The implementation of LLE is an administrative task. The system administrators for each WLE application set parameters in the UBBCONFIG file that control encryption strength. When the two WLE applications establish communication, they negotiate what level of encryption to use to exchange messages. Once an encryption level is negotiated, it remains in effect for the lifetime of the network connection.
The WLE product supports a username/password mechanism to provide authentication to existing WLE applications and to new WLE applications that are not prepared to deploy a full public key infrastructure (PKI). When using Username/Password authentication, the applications that initiate invocations on WLE objects authenticate themselves to the WLE domain using a defined username and password.
The WLE product utilizes a delegated trust authentication model. In this model, initiating applications authenticate to a trusted gateway process. In the WLE product, the trusted gateway process is the IIOP Listener/Handler. As part of successful authentication, a security association, called a security context, is established between the initiating application and the IIOP Listener/Handler that controls access to WLE objects.
Two levels of Username/Password authentication are provided:
Username/Password authentication is available in both the base WLE product and the WLE Security pack. If you install the WLE Security pack and choose to use Username/Password authentication, the SSL protocol can be used to provide confidentiality to communication between different machines. When using Username/Password authentication, you have the option of using the Tobj::PrincipalAuthenticator::logon()
or the SecurityLevel2::PrincipalAuthenticator::authenticate()
methods.
Username/Password authentication works in the following way:
How Username/Password Authentication Works
If the SSL protocol is used to secure the connection for confidentiality and integrity, the data will also be protected from eavesdropping.
Figure 1-2 illustrates these steps.
Defining Username/password authentication for a WLE application includes administration and programming steps. Table 1-1 and Table 1-2 list the administration and programming steps for Username/Password authentication. For a detailed description of the administration steps for Username/Password authentication, see Defining Security for a WLE CORBA Application. For a complete description of the programming steps, see Writing a WLE CORBA Application That Implements Security.
Step |
Description |
---|---|
The WLE product provides the industry-standard Secure Sockets Layer (SSL) protocol to establish secure communications between client and server applications. When using the SSL protocol, principals use digital certificates to prove their identity to a peer.
The default behavior of the SSL protocol in the WLE product is to have the IIOP Listener/Handler prove its identity to the principal who initiated the SSL connection using a digital certificate. The digital certificate is verified to ensure that the certificate has not been tampered with or expired. If there is a problem with the digital certificate in the chain, the SSL connection is terminated. In addition, the issuer of the digital certificate is compared against a list of trusted certificate authorities to verify the digital certificate received from the IIOP Listener/Handler has been signed by a certificate authority that is trusted by the WLE domain.
Figure 1-3 provides a conceptual overview of the SSL protocol.
The SSL protocol works in the following manner:
The SSL Protocol
Figure 1-3 The SSL Protocol
How the SSL Protocol Works
If you use the corbaloc://host:port URL address format, the bootstrapping process is unsecure. You can use the authenticate() method of the SecurityLevel2::Current interface and the invocations_options_required() method to secure the bootstrapping process and specify that certificate-based authentication is to be used.
The request is digitally signed and encrypted before it is sent to the IIOP Listener/Handler. The WLE system performs the signing and sealing of requests.
Figure 1-4 illustrates these steps.
To use the SSL protocol in a WLE application, you need to install the WLE Security Pack. Information about installing the WLE Security Pack can be found in the BEA WebLogic Enterprise Installation Guide.
The WLE implementation of the SSL protocol is flexible enough to fit into most public key infrastructures. The WLE product requires that certificates are stored in an LDAP-enabled directory. You can choose any LDAP-enabled directory service. You can also choose the certificate authority from which to obtain certificates and private keys used in a WLE application. You must have an LDAP-enabled directory service and a certificate authority in place before using the SSL protocol in a WLE application.
Using the SSL protocol in a WLE application is primarily an administration process. Table 1-4 lists the administration steps required to set up the infrastructure required to use the SSL protocol and configure the IIOP Listener/Handler for the SSL protocol. For a detailed description of the administration steps, see Managing Certificates and Keys and Configuring the WLE Environment for the SSL Protocol.
Once the administration steps are complete, you can use either Username/Password authentication or Certificate authentication in your WLE application. For more information, see Writing a WLE CORBA Application That Implements Security. In addition, you can use the SSL protocol with Enterprise JavaBeans, for more information, see Writing a WLE Enterprise JavaBean that Implements Security.
Note: If you are using the BEA CORBA C++ or CORBA Java ORB as a server application, the ORB can also be configured to use the SSL protocol. For more information, see Configuring the WLE Environment for the SSL Protocol.
Figure 1-5 illustrates the configuration of a WLE application that uses the SSL protocol.
Certificate-based authentication requires that each side of an SSL connection proves its identity to the other side of the connection. In the WLE product, the IIOP Listener/Handler presents its digital certificate to the principal who initiated the SSL connection. The initiator then provides a chain of digital certificates that are used by the IIOP Listener/Handler to verify the identity of the initiator.
Once a chain of digital certificates is successfully verified, the IIOP Listener/Handler retrieves the value of the distinguished name from the subject of the digital certificate. The WLE product uses the email address element of the subject's distinguished name as the identity of the principal. The IIOP Listener/Handler uses the identity of the principal to impersonate the principal and establish a security context between the initiating application and the WLE domain.
Once the principal has been authenticated, the principal that initiated the request and the IIOP Listener/Handler agree on a cipher suite that represents the type and strength of encryption that they both support. They also agree on the encryption key and synchronize to start encrypting all subsequent messages.
Figure 1-6 provides a conceptual overview of the certificate-based authentication.
Certificate-based authentication works in the following manner:
Figure 1-5 Configuration for Using the SSL Protocol in a WLE Application
Certificate-Based Authentication
Figure 1-6 Certificate-Based Authentication
How Certificate-based Authentication Works
Note: You can also use the SecurityLevel2::Current::authenticate() method to secure the bootstrapping process and specify that certificate-based authentication is to be used.
The security context is established as result of a Tobj_Bootstrap::resolve_initial_references() or a Tobj::PrincipalAuthenticator::Logon() method. This step is transparent to the user of the application.
Certificate-based authentication uses the SSL protocol so you need to install the WLE Security Pack. Information about installing the WLE Security Pack can be found in the BEA WebLogic Enterprise Installation Guide. You also need an LDAP-enabled directory. You can choose any LDAP-enabled directory service. You can also choose the certificate authority from which to obtain certificates and private keys used in a WLE application. You must have an LDAP-enabled directory service and a certificate authority in place before using certificate-based authentication in a WLE application.
Using certificate-based authentication in a WLE application includes administration and programming steps. Table 1-4 and Table 1-5 list the administration and programming steps for certificate-based authentication. For a detailed description of the administration steps, see Managing Certificates and Keys and Configuring the WLE Environment for the SSL Protocol.
Figure 1-8 illustrates the configuration of a WLE application that uses certificate-based authentication.
Table 1-5 lists the programming steps for using certificate-based authentication in a WLE application. For more information, see Writing a WLE CORBA Application That Implements Security. In addition, you can use certificate-based authentication with Enterprise JavaBeans, for more information see Writing a WLE Enterprise JavaBean that Implements Security.
Figure 1-8 Configuration for Using Certificate-Based Authentication in a WLE Application
Step |
Description |
---|---|
The following sections answer some of the commonly asked questions about the WLE security features.
The answer is no. If you are using security interfaces from previous versions of the WLE product in your WLE application there is no requirement for you to change your WLE application. You can leave your current security scheme in place and your existing WLE application will work with WLE applications built with the WLE 5.0 product.
For example, if your WLE application consists of a set of server applications which provide general information to all client applications which connect to them, there is really no need to implement a stronger security scheme. If your WLE application has a set of server applications which provide information to client applications on an internal network which provides enough security to detect sniffers, you don't need to implement the features in the WLE Security Pack.
The answer is yes. You may want to take advantage of the extra security protection provided by the SSL protocol in your existing WLE application. For example, if you have a WLE server application which provides stock prices to a specific set of client applications, you can use the SSL protocol to make sure the client applications are connected to the correct WLE server application and that they are not being routed to a fake WLE server application with incorrect data. A username and password is sufficient proof material to authenticate the client application. However, by using the SSL protocol, the username and password will be encrypted adding an additional level of security.
The SSL protocol offers WLE applications the following benefits:
Commonly Asked Questions about WLE Security
Do I have to Change the Security in an Existing WLE Application?
Can I Use the SSL Protocol in an Existing WLE Application?
To use the SSL protocol in a WLE application, set up the infrastructure to use digital certificates, change the command line options on the ISL server process to use the SSL protocol, and configure a port for secure communications on the IIOP Listener/Handler. If your existing WLE application uses username/password authentication, you can use that code with the SSL protocol. If your WLE C++ CORBA client application does not already catch the InvalidDomain
exception when resolving initial references to the Bootstrap object and performing authentication, write code to handle this exception. For more information, see The SSL Protocol.
Note:
The Java implementation of the Tobj_Bootstrap::resolve_initial_references()
method does not throw an InvalidDomain
exception. When the corbaloc
or corbalocs
URL address formats are used, the Tobj_Bootstrap::resolve_initial_references()
method internally catches the InvalidDomain
exception and throws the exception as a COMM_FAILURE
. The method functions this way in order to provide backward compatibility.
You might be ready to migrate your existing WLE application to use Internet connections between the WLE application and web browsers and commercial web servers. For example, users of your WLE application might be shopping over the internet. The users must be confident that:
When Should I Use Mutual Certificate-Based Authentication?
For more information, see The SSL Protocol and Certificate-Based Authentication
|
Copyright © 1999 BEA Systems, Inc. All rights reserved.
|