Secure servers and resources

Before you begin

Create a WebLogic Server domain or deploy an application resource in an existing WebLogic Server domain. Refer to the following topics for help:

Understand the WebLogic Security Framework. For an introduction, see Understanding WebLogic Security

Learn about how to customize and administer a WebLogic security realm. See Securing WebLogicServer.

Learn about how to secure applications and other WebLogic resources. See Securing WebLogic Resources.

Because your WebLogic Server production environment is likely to contain a number of Managed Servers and application resources (such as EARs, WARs, and EJBs) deployed to these servers, ensuring that your environment is secure means ensuring that each piece of the environment is secure. Each time you create a new WebLogic Server instance or deploy a new module, you should secure them or at minimum, double check that they are already secured by an existing security policy.

The basic elements of the WebLogic Security Framework include:

Security realms, which are collections of security providers and other security services
Users, groups, roles, and policies, which identify and organize the entities that access your servers and resources
Security providers, which provide authentication, authorization, identity assertion, auditing, and other security services for the security realm

The following topics describe the main steps to follow in working with the basic elements of the WebLogic Security Framework:

Note: This release of WebLogic Server includes Compatibility security, which supports security realms developed in WebLogic Server 6.x. For information about configuring compatibility security, see Set up Compatibility securityand Using Compatibility Security. Compatibility security is deprecated in this release of WebLogic Server and will not be supported in future major releases. BEA encourages users of compatibility security to migrate their usage forward.