bea.com | products | dev2dev | support | askBEA |
![]() |
![]() |
|
![]() |
e-docs > WebLogic Server > Introduction to WebLogic Security |
Introduction to WebLogic Security
|
Overview of the WebLogic Security Service
The Security Challenge of the Web
Balancing Ease of Use and Customizability
Securing BEA Web Services Clients
A Key Advantage: Security via Users, Roles, and Security Policies
Authentication and Authorization: Some Details
Setting Policies: No Programming Required
Counter Measures for Denial-of-Service and other Attacks
Unified Administration for Security Services
Security Management and Storage
What Changed in WebLogic Security
Migrating from BEA WebLogic Server 6.x Security to 8.1 Security
Relationship to WebLogic Security (supported standards)
WebLogic APIs versus J2EE APIs
Java Authentication and Authorization Service (JAAS)
Identity Assertion Providers and LoginModules
Username/Password authentication
How is Perimeter Authentication Accomplished?
How Does WebLogic Server Support Perimeter Authentication?
Permissions-based Authorization
Capabilities-based Authorization
One-way/Two-way SSL Authentication
Domestic SSL and Exportable SSL
host name verification (client-side SSL)
Java Cryptography Extensions (for SP2)
hardware/software accelerators
SSPIs (Security Service Provider Interfaces)
SSPI MBeans (required or optional)
MBean instances (or just plain MBeans)
What Is a Security Provider Database?
Security Realms and Security Provider Databases
Common Secure Interoperability Version 2 (CSIv2)
Principal Validation Providers
Security Providers and Security Realms
digital certificates (generate via certgen utility or certificate request generator servlet)
Single Sign-On with Legacy Systems
Single Sign-On with Other J2EE Application Servers
The WebLogic Security Service Architecture
An Open Architecture: Multi-Vendor and Multi-Protocol Support
The Security Service Provider Interfaces (SSPIs)
The WebLogic Security Providers
WebLogic Authentication Provider
WebLogic Identity Assertion Provider
WebLogic Authorization Provider
WebLogic Role Mapping Provider
WebLogic Adjudication Provider
WebLogic Credential Mapping Provider
WebLogic Realm Adapter Providers
The Java Secure Socket Extension (JSSE)
Java Authentication and Authorization Services (JAAS)
Advantages for Developers, Administrators, and Vendors
Benefits for Third-Party Security Service Providers
Benefits for Application Developers
![]() |
![]() |
![]() |
![]() |
||
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |