Programming Stand-alone Clients
You can develop Weblogic clients that use the Java Authentication and Authorization Service (JAAS) and Secure Sockets Layer (SSL). The following sections provide information on security-aware clients:
JAAS enforces access controls based on user identity and is the preferred method of authentication for WebLogic Server clients. A typical use case is providing authentication to read or write to a file. Users requiring client certificate authentication (also referred to as two-way SSL authentication) should use JNDI authentication. For more information on how to implement JAAS authentication, see Using JAAS Authentication in Java Clients.
All SSL clients need to specify trust. Trust is a set of CA certificates that specify which trusted certificate authorities are trusted by the client. In order to establish an SSL connection, RMI clients need to trust the certificate authorities that issued the server's digitial certificates. The location of the server's trusted CA certificate is specified when starting the RMI client. See Configuring Identity and Trust in Securing WebLogic Server.
By default, all trusted certificate authorities available from the JDK (
...\jre\lib\security\cacerts) are trusted by RMI clients. However, if the server's trusted CA certificate is stored in one of the following types of trust keystores, you need to specify certain command line arguments in order to use the keystore:
DemoTrust.jks) are located in the
WL_HOME\server\lib directory. In addition, the trusted CAs in the JDK cacerts keystore are trusted. To use the Demo Trust, specify the following command-line argument:
Note: When using the keytool utility, the default key pair generation algorithm is DSA. WebLogic Server does not support the use of the Digital Signature Algorithm (DSA). Specify another key pair generation and signature algorithm when using WebLogic Server.
WebLogic thin-clients only support two-way SSL by requiring the SSLContext to be provided by the
SECURITY_CREDENTIALS property. For example, see the client code below:
// Get a KeyManagerFactory for KeyManagers
System.out.println("Retrieving KeyManagerFactory & initializing");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509","SunJSSE");
// Get and initialize an SSLContext
System.out.println("Initializing the SSLContext");
SSLContext sslCtx = SSLContext.getInstance("SSL");
// Pass the SSLContext to the initial context factory and get an
System.out.println("Getting initial context");
Hashtable props = new Hashtable(); props.put(Context.INITIAL_CONTEXT_FACTORY,
host + ":" + port +
Context ctx = new InitialContext(props);
Security samples are provided with the WebLogic Server product. The samples are located in the SAMPLES_HOME
\server\examples\src\examples\security directory. A description of each sample and instructions on how to build, configure, and run a sample, are provided in the
package-summary.html file. You can modify these code examples and reuse them.