Programming WebLogic Security

 

Contents

 

1. Introduction to WebLogic Security

WebLogic Security Features

WebLogic Security Architecture

Connections with Web Browsers

Connections with Servlets, JSPs, EJBs, RMI Objects and Java Applications

Connections with Administration Servers

Using WebLogic Server as a Client to WebLogic Enterprise

2. Security Fundamentals

Resources

Security Realms

Users

Groups

ACLs and Permissions

SSL Protocol

Authentication Mechanisms

Digital Certificates

Certificate Authority

Supported Public Key Algorithms

Supported Symmetric Key Algorithms

Supported Message Digest Algorithms

Supported Cipher Suites

3. Securing a WebLogic Server Deployment

Why is Security Important for WebLogic Server?

Determine the Security Needs of Your WebLogic Server Deployment

Secure the Machine on Which WebLogic Server Runs

Design Network Connections Carefully

Manage the WebLogic Server Development and Deployment Environments

Use Encryption

Use the SSL Protocol

Prevent Denial of Service Attacks

Use Protected EJBs to Limit Access to Business Logic

Use ACLs

Use the Appropriate Security Realm

Secure Your Database

Use Auditing

4. Programming with the WebLogic Security SPI

Before You Begin

WebLogic Security SPI

Using JAAS Authentication

Using JNDI Authentication

Using Mutual Authentication

Mapping a Digital Certificate to a WebLogic Server User

Using Mutual Authentication with Other WebLogic Servers

Using Mutual Authentication with Applets

Using Mutual Authentication with Servlets

Using Custom ACLs

Writing a Custom Security Realm

Define a Class for Users

Define a Class for Groups

Define Enumeration Classes for Users and Groups

Define a Class for the Custom Security Realm

Using Authorization in a Custom Security Realm

Auditing Security Events

Filtering Network Connections