e-docs > WebLogic Server > Securing WebLogic Resources |
Securing WebLogic Resources |
Introduction to Securing WebLogic Resources
Overview of Securing WebLogic Resources
Securing WebLogic Resources: Main Steps
EIS (Enterprise Information System) Resources
JDBC (Java DataBase Connectivity) Resources
JMS (Java Messaging Service) Resources
JNDI (Java Naming and Directory Interface) Resources
URL (Web) and EJB (Enterprise JavaBean) Resources
Techniques for Securing URL and EJB Resources
Using the WebLogic Server Administration Console
Prerequisites for Securing URL and EJB Resources
Understanding the fullyDelegateAuthorization Flag
How to Change the fullyDelegateAuthorization Flag
Understanding the Ignore Security Data in Deployment Descriptors Check Box
How to Change the Ignore Security Data in Deployment Descriptors Check Box
Understanding How These Settings Interact
Using the Combined Technique to Secure Your URL and EJB Resources
Copying Security Configurations
Reinitializing Security Configurations
Types of Security Roles: Global Roles and Scoped Roles
Ways to Create Security Roles in the Administration Console
Protected MBean Attributes and Operations
Components of a Security Role: Role Conditions, Expressions, and Role Statements
Step 1: Select the WebLogic Resource
Step 2: Create the Scoped Role
Step 3: Create the Role Conditions
Security Policy Granularity and Inheritance
Security Policy Storage and Prerequisites for Use
Components of a Security Policy: Policy Conditions, Expressions, and Policy Statements
Working With Security Policies
Step 1: Select the WebLogic Resource
Step 2: Create the Policy Conditions
Example: Securing URL (Web) Resources Using the Administration Console
Step 1: Specify Server and Prerequisite Settings
Step 4: Grant a Global Role to the Group
Step 5: Create a Security Policy for All URL (Web) Resources Using the Global Role
Step 6: Attempt to Access a Web Application
Step 7: Restrict Access to the basicauth Web Application
Step 9: Grant the Scoped Role to a Group
Step 10: Restrict Access to the welcome JSP Using the Scoped Role
Example: Securing Enterprise JavaBean (EJB) Resources
Step 1: Specify Server and Prerequisite Settings
Step 4: Add a User to the Group
Step 6: Grant the Global Role to the Group
Step 7: Create a Security Policy for the statelessSession EJB JAR Using the Global Role
Step 8: Attempt to Access EJBs Through a Client Application
Step 9: Restrict Access to the statelessSession EJB
Step 10: Restrict Access to the create() and buy() EJB Methods
Examples: Copying and Reinitializing Security Configurations for the basicauth Web Application
Step 1: Copy Security Configurations for the basicauth Web Application
Step 1: Obtain the basicauth Web Application
Step 2: Modify the Prerequisite Settings and Deploy the Web Application
Step 3: Verify the Copied Security Policies (Optional)
Step 4: Verify the Copied Security Roles (Optional)
Step 5: Revert the Ignore Security Data in Deployment Descriptors Setting
Step 2: Modify a Security Policy Using the Administration Console
Step 3: Reinitialize Security Configurations for the basicauth Web Application
Step 1: Modify the Ignore Security Data in Deployment Descriptors Setting
Step 2: Redeploy the basicauth Web Application
Step 3: Verify That the Security Configuration Has Been Reinitialized (Optional)
Step 4: Revert the Ignore Security Data in Deployment Descriptors Setting