About Security in Oracle Java Cloud Service

You secure applications deployed to your Oracle Java Cloud Service instance through the capabilities of Oracle Cloud, Java EE standards and Oracle WebLogic Server.

An Oracle Java Cloud Service instance includes an Oracle WebLogic Server domain, which is comprised of an Administration Server and one or more Managed Servers. A domain also defines a security realm that controls authentication, authorization, role mapping, credential mapping and security auditing across all of the servers in the domain. Java applications deployed to this WebLogic Server domain can be associated with security roles and policies that protect the applications against unauthorized access. WebLogic Server supports various security providers that assign an identity to the requesting user. By default, users, groups, roles and policies are all maintained in WebLogic Server’s embedded LDAP server.

Alternatively, Oracle Java Cloud Service instances can use Oracle Identity Cloud Service as an identity store in addition to the embedded LDAP server. If either of these security configurations does not meet your requirements, you can modify the security realm or create a new one with any combination of security providers. For large production applications, Oracle recommends that you use a proper identity management system such as Oracle Identity Cloud Service instead of the embedded LDAP server.

To provide the highest level of network security, Oracle Java Cloud Service implements an “access by exception” architecture. You must explicitly grant network access to your service instance for administrators, application users or other cloud services. By default, a service instance is accessible only through secure protocols like HTTPS and SSH, and only using specific ports. You’re also able to customize the default network security configuration to support different access rules and security policies.

To learn more about Oracle Java Cloud Service security see:

• Use Oracle Identity Cloud Service with Oracle Java Cloud Service

• About Users

• About Authentication

• About the Default Access Ports

• Create an Access Rule

To learn more about the Java EE and WebLogic Server security architecture see:

• Understanding Security for Oracle WebLogic Server (12.2.1.3)

• Understanding Security for Oracle WebLogic Server (12.2.1.2)

• Understanding Security for Oracle WebLogic Server (11.1.1.7)

To learn more about the security capabilities of an Oracle Coherence data grid see these topics in Securing Oracle Coherence:

• Securing Oracle Coherence in Oracle WebLogic Server (12.2.1.3)

• Securing Oracle Coherence in Oracle WebLogic Server (12.2.1.2)