BEA WebLogic Integration solution security is based on WebLogic
Server security functionality and shares many characteristics
with other types of WebLogic Platform applications. For requirements
and recommendations that are general to these applications,
see Understanding WebLogic Security in Overview of WebLogic Security Service.
For more information about WebLogic Integration domains,
see the following topics:
Setting Up a Secure Deployment
To configure security for your WebLogic Integration solution:
- Before deployment...
- You
will need to obtain digital certificates and keys, and architect
an environment that includes the appropriate proxy servers
and firewalls. To learn more about these security requirements,
see "Considerations for Configuring Security" in Using
WebLogic Integration Security in Deploying WebLogic
Integration Solutions.
- After creating a WebLogic
Integration domain using the Configuration Wizard...
- The
domain contains the following security resources:
- Default WebLogic Integration
roles, groups, and security policies
- For
information about configuring these resources to meet
your security requirements, see "WebLogic Integration Users, Groups, and Roles" in User
Management in Using Worklist Console.
- Default Trading Partner web application (
B2BDefaultWebApp )
- For
information on configuring its policies for access control
in trading partner authorization, see "URL (Web) and EJB
(Enterprise JavaBean) Resources" and "Application Resources"
in Types
of WebLogic Resources in Securing WebLogic Resources.
- PasswordStore
- To
configure the WebLogic Integration PasswordStore, see
"WebLogic Integration PasswordStore for Encrypted Passwords"
in Trading Partner
Integration Security in Introducing Trading Partner
Integration.
- Identity and trust keystores
- To
configure these resources for your Trading Partner Integration
security requirements, see "Keystore for Private Keys
and Certificates" in Trading
Partner Integration Security in Introducing Trading
Partner Integration.
Important Recommendations
The following are some important
recommendations regarding configuring your WebLogic Integration
security:
- When redeploying in iterative development mode...
- You
can configure your role settings by using one of the following
procedures:
- Deploy
and redeploy your applications in enterprise application
archive (EAR) format as described in Building
and Deploying WebLogic Integration Applications
in the Guide To Building Business Process.
- If
you choose to deploy and redeploy your application from
WebLogic Workshop, do one of the following:
- Reenter
your security settings after redeploying.
- Refrain
from setting these policies until you are testing in
production mode.
- When using DER encoded private keys...
- Use
one of the following procedures:
- Import
the DER file into the keystore, and then configure the
alias in the WebLogic
Integration Administration Console to point to the correct
certificate as described in "Adding or Changing
Dynamic Client Callback Selectors"
in Process
Configuration in Using The WebLogic Integration Administration Console.
- Convert the file to PEM format before importing it in the
WebLogic Integration Administration console by using the WebLogic Server
der2pem utility. For der2pem
syntax information, see "der2pem" in Using
the WebLogic Server Java Utilities in the WebLogic Server Command Reference.
- To configure users, groups, and roles using the WebLogic Integration Administration Console...
- They must be components of the default (active) security realm.
To learn about setting a new default security realm, see Customizing
the Default Security Configuration in Managing WebLogic Security.
Related Topics
|