BEA WebLogic Integration solution security is based on WebLogic
Server security functionality and shares many characteristics
with other types of WebLogic Platform applications. For requirements
and recommendations that are general to these applications,
see Introducing
WebLogic Platform 8.1 Security in Introducing Security.
For more information about WebLogic Integration domains,
see the following topics:
Setting Up a Secure Deployment
To configure security for your WebLogic Integration solution:
- Before deployment...
- You
will need to obtain digital certificates and keys, and architect
an environment that includes the appropriate proxy servers
and firewalls. To learn more about these security requirements,
see "Considerations for Configuring Security" in Using
WebLogic Integration Security in Deploying WebLogic
Integration Solutions.
- After creating a WebLogic
Integration domain using the Configuration Wizard...
- The
domain contains the following security resources:
- Default WebLogic Integration
roles, groups, and security policies
- For
information about configuring these resources to meet
your security requirements, see "Default Groups, Roles,
and Security Policies" in User
Management in Managing WebLogic Integration Solutions.
- Default Trading Partner web application (
B2BDefaultWebApp )
- For
information on configuring its policies for access control
in trading partner authorization, see "URL (Web) and EJB
(Enterprise JavaBean) Resources" and "Application Resources"
in in Types
of WebLogic Resources in Securing WebLogic Resources.
- PasswordStore
- To
configure the WebLogic Integration PasswordStore, see
"WebLogic Integration PasswordStore for Encrypted Passwords"
in Trading Partner
Integration Security in Introducing Trading Partner
Integration.
- Identity and trust keystores
- To
configure these resources for your Trading Partner Integration
security requirements, see "Keystore for Private Keys
and Certificates" in Trading
Partner Integration Security in Introducing Trading
Partner Integration.
Important Recommendations
The following provide important
information regarding configuring your WebLogic Integration
security:
- When redeploying in iterative development mode...
- You
can configure your role settings by using one of the following
procedures:
- Deploy
and redeploy your applications in enterprise application
archive (EAR) format as described in Building
and Deploying WebLogic Integration Applications
in the WebLogic Workshop Help.
- If
you choose to deploy and redeploy your application from
WebLogic Workshop, do one of the following:
- Reenter
your security settings after redeploying.
- Refrain
from setting these policies until you are testing in
production mode.
- Use
@common:security
annotations in the JPD Source View during the develoment
phase of the project. As you near the production phase,
remove these annotations and then use the WebLogic Integration
Administration Console to configure security. To learn
more, see @common:security
Annotation in the WebLogic Workshop Help.
- When using DER encoded private keys...
- Use
one of the following procedures:
- Import
the DER file into the keystore, and then configure the
alias in the WebLogic
Integration Administration Console to point to the correct
certificate as described in "Adding or Changing
Dynamic Client Callback Selectors"
in Process
Configuration in Managing WebLogic Integration Solutions.
- Convert the file to PEM format before importing it in the
WebLogic Integration Administration console by using the WebLogic Server
der2pem utility. For der2pem
syntax information, see "der2pem" in Using
the WebLogic Server Java Utilities in the WebLogic Server Command Reference.
- To configure users, groups, and roles using the WebLogic Integration Administration Console...
- They must be components of the default (active) security realm.
To learn about setting a new default security realm, see Customizing
the Default Security Configuration in Managing WebLogic Security.
Related Topics
|