|Oracle® Fusion Middleware Developer's Guide for Oracle Service Bus
11g Release 1 (220.127.116.11)
This document describes how to use standard technologies such as SSL and Web Services Security along with Oracle proprietary technologies to ensure that only authorized users can access resources in an Oracle Service Bus domain.
This document is intended for the following audiences:
Application Architects—Architects who, in addition to setting security goals and designing the overall security architecture for their organizations, evaluate Oracle Service Bus security features and determine how to best implement them. Application Architects have in-depth knowledge of Java programming, Java security, and network security, as well as knowledge of security systems and leading-edge, security technologies and tools.
Security Developers—Developers who focus on defining the system architecture and infrastructure for security products that integrate into Oracle Service Bus and on developing custom security providers for use with Oracle Service Bus. They work with Application Architects to ensure that the security architecture is implemented according to design and that no security holes are introduced, and work with Server Administrators to ensure that security is properly configured. Security Developers have a solid understanding of security concepts, including authentication, authorization, auditing (AAA), in-depth knowledge of Java (including Java Management eXtensions (JMX), and working knowledge of Oracle WebLogic Server, Oracle Service Bus, and security provider functionality.
Application Developers—Developers who are Java programmers that focus on developing client applications, adding security to Web applications and Enterprise JavaBeans (EJBs), and working with other engineering, quality assurance (QA), and database teams to implement security features. Application Developers have in-depth/working knowledge of Java (including J2EE components such as servlets/JSPs and JSEE) and Java security.
Server Administrators—Administrators work closely with Application Architects to design a security scheme for the server and the applications running on the server, to identify potential security risks, and to propose configurations that prevent security problems. Related responsibilities may include maintaining critical production systems, configuring and managing security realms, implementing authentication and authorization schemes for server and application resources, upgrading security features, and maintaining security provider databases. Server Administrators have in-depth knowledge of the Java security architecture, including Web services, Web application and EJB security, Public Key security, SSL, and Security Assertion Markup Language (SAML).
Application Administrators—Administrators who work with Server Administrators to implement and maintain security configurations and authentication and authorization schemes, and to set up and maintain access to deployed application resources in defined security realms. Application Administrators have general knowledge of security concepts and the Java Security architecture. They understand Java, XML, deployment descriptors, and can identify security events in server and audit logs.
Oracle Service Bus uses the WebLogic security framework as building blocks for higher level security services, including authentication, identity assertion, authorization, role mapping, auditing, and credential mapping. In addition to this document, the following documents provide information about the WebLogic Security Service:
Oracle Fusion Middleware Understanding Security for Oracle WebLogic Server—This document summarizes the features of the WebLogic Security Service and presents an overview of the architecture and capabilities of the WebLogic Security Service. It is the starting point for understanding the WebLogic Security Service.
Oracle Fusion Middleware Securing a Production Environment for Oracle WebLogic Server—This document highlights essential security measures for you to consider before you deploy Oracle WebLogic Server into a production environment.
Oracle Fusion Middleware Securing Oracle WebLogic Server—This document explains how to configure security for Oracle WebLogic Server and how to use Compatibility security.
Oracle Fusion Middleware Securing Resources Using Roles and Policies for Oracle WebLogic Server—This document introduces the various types of WebLogic resources, and provides information that allows you to secure these resources using Oracle WebLogic Server.