Skip navigation.

eDocs Home > BEA WebLogic Server 9.1 Documentation > Programming WebLogic Security

Programming WebLogic Security

   Previous Next vertical dots separating previous/next from contents/index/pdf Contents Index View as PDF   Get Adobe Reader

Introduction and Roadmap

Document Scope

Guide to this Document

Related Information

Security Samples and Tutorials

Security Examples in the WebLogic Server Distribution

Additional Examples Available for Download

New and Changed Security Features in This Release

WebLogic Security Programming Overview

What Is Security?

Administration Console and Security

Types of Security Supported by WebLogic Server

Authentication

Authorization

J2EE Security

Security APIs

JAAS Client Application APIs

Java JAAS Client Application APIs

WebLogic JAAS Client Application APIs

SSL Client Application APIs

Java SSL Client Application APIs

WebLogic SSL Client Application APIs

Other APIs

Securing Web Applications

Authentication With Web Browsers

User Name and Password Authentication

Digital Certificate Authentication

Multiple Web Applications, Cookies, and Authentication

Using Secure Cookies to Prevent Session Stealing

Developing Secure Web Applications

Developing BASIC Authentication Web Applications

Using HttpSessionListener to Account for Browser Caching of Credentials

Developing FORM Authentication Web Applications

Using Identity Assertion for Web Application Authentication

Using Two-Way SSL for Web Application Authentication

Developing Swing-Based Authentication Web Applications

Deploying Web Applications

Using Declarative Security With Web Applications

Web Application Security-Related Deployment Descriptors

web.xml Deployment Descriptors

auth-constraint

security-constraint

security-role

security-role-ref

user-data-constraint

web-resource-collection

weblogic.xml Deployment Descriptors

externally-defined

run-as-principal-name

run-as-role-assignment

security-permission

security-permission-spec

security-role-assignment

Using Programmatic Security With Web Applications

Using the Programmatic Authentication API

Using JAAS Authentication in Java Clients

JAAS and WebLogic Server

JAAS Authentication Development Environment

JAAS Authentication APIs

JAAS Client Application Components

WebLogic LoginModule Implementation

JVM-Wide Default User and the runAs() Method

Writing a Client Application Using JAAS Authentication

Using JNDI Authentication

Java Client JAAS Authentication Code Examples

Using SSL Authentication in Java Clients

JSSE and WebLogic Server

Using JNDI Authentication

SSL Certificate Authentication Development Environment

SSL Authentication APIs

SSL Client Application Components

Writing Applications that Use SSL

Communicating Securely From WebLogic Server to Other WebLogic Servers

Writing SSL Clients

SSLClient Sample

SSLSocketClient Sample

Using Two-Way SSL Authentication

Two-Way SSL Authentication with JNDI

Writing a User Name Mapper

Using Two-Way SSL Authentication Between WebLogic Server Instances

Using Two-Way SSL Authentication with Servlets

Using a Custom Hostname Verifier

Using a Trust Manager

Using the CertPath Trust Manager

Using a Handshake Completed Listener

Using an SSLContext

Using URLs to Make Outbound SSL Connections

SSL Client Code Examples

Securing Enterprise JavaBeans (EJBs)

J2EE Architecture Security Model

Declarative Authorization

Programmatic Authorization

Declarative Versus Programmatic Authorization

Using Declarative Security With EJBs

EJB Security-Related Deployment Descriptors

ejb-jar.xml Deployment Descriptors

method

method-permission

role-name

run-as

security-identity

security-role

security-role-ref

unchecked

use-caller-identity

weblogic-ejb-jar.xml Deployment Descriptors

client-authentication

client-cert-authentication

confidentiality

externally-defined

identity-assertion

iiop-security-descriptor

integrity

principal-name

role-name

run-as-identity-principal

run-as-principal-name

run-as-role-assignment

security-permission

security-permission-spec

security-role-assignment

transport-requirements

Using Programmatic Security With EJBs

Using Network Connection Filters

The Benefits of Using Network Connection Filters

Network Connection Filter API

Connection Filter Interfaces

ConnectionFilter Interface

ConnectionFilterRulesListener Interface

Connection Filter Classes

ConnectionFilterImpl Class

ConnectionEvent Class

Guidelines for Writing Connection Filter Rules

Connection Filter Rules Syntax

Types of Connection Filter Rules

How Connection Filter Rules are Evaluated

Configuring the WebLogic Connection Filter

Developing Custom Connection Filters

Connection Filter Examples

Using Java Security to Protect WebLogic Resources

Using J2EE Security to Protect WebLogic Resources

Using the Java Security Manager to Protect WebLogic Resources

Setting Up the Java Security Manager

Modifying the weblogic.policy file for General Use

Setting Application-Type Security Policies

Setting Application-Specific Security Policies

Using the Recording Security Manager Utility

Using the Java Authorization Contract for Containers

Comparing the WebLogic JACC Provider with the WebLogic Authentication Provider

Enabling the WebLogic JACC Provider

SAML APIs

SAML API Description

Custom POST Form Parameter Names

Using CertPath Building and Validation

CertPath Building

Instantiate a CertPathSelector

Instantiate a CertPathBuilderParameters

Use the JDK CertPathBuilder Interface

Example Code Flow for Looking Up a Certificate Chain

CertPath Validation

Instantiate a CertPathValidatorParameters

Use the JDK CertPathValidator Interface

Example Code Flow for Validating a Certificate Chain

Deprecated Security APIs

 

Skip footer navigation  Back to Top Previous Next