Security Guide

     Previous  Next    Open TOC in new window    View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Deploying Security Components

This chapter describes how to deploy the components of your portal application that relate to security. It contains the following sections:

For more detailed information on deployment and propagation, see the Production Operations Guide.


Deploying the Enterprise Archive File

To bring your portal online in a production environment, it is first necessary to prepare your portal application. Typical preparation steps include modifying deployment descriptors for the product, building the enterprise archive (EAR) with all its pre-compiled classes, and deciding if you want to compress that EAR into an archive or leave it exploded.

Similar to any J2EE application, a portal application has a number of deployment descriptors that you may want to tune for your production environment.

Modifying Enterprise Application Deployment Descriptors

Deployment descriptors contain the settings for cache configuration, behavior tracking, campaign, and commerce tax information. If these values are different for your production environment than for your existing development settings, use a deployment plan, described in the Production Operations Guide, to modify appropriately before building the portal application.

Modifying Web Application Deployment Descriptors

The portal application has a /WEB-INF directory that contains a number of deployment descriptors you may need to modify for your production environment.

A J2EE standard deployment descriptor is web.xml. Among other settings, it has a set of elements for configuring security for the web application. You must use J2EE security to restrict access to JSPs and page flows in your portal applications; otherwise, a user can access those resources directly by typing the URL to those resources. For information on how to secure the JSPs and page flows, see Preventing Direct Access to Portal Application Resources.


Using the Propagation Utility

WebLogic Portal supports the use of multiple authentication providers in a portal domain, which means that users in external providers can log in to your portal applications. It also means that in your code you potentially have access to multiple user stores.

Because the propagation utility does not propagate some portal resources from the source to the destination system, there might be cases where propagated data depends on other data that is not propagated. For example, delegated administration and visitor entitlement roles and policies are propagated to the destination but the related users and groups are not, so you must manually add those related users, user profiles, and groups on the destination system.

For more information about the propagation utility, including which resources are propagated and which are not, see the Production Operations Guide.

  Back to Top       Previous  Next