This document describes how to use standard technologies such as SSL and Web Services Security along with BEA proprietary technologies to ensure that only authorized users can access resources in an AquaLogic Service Bus domain.
Document Audience
This document is intended for the following audiences:
Application Architects—Architects who, in addition to setting security goals and designing the overall security architecture for their organizations, evaluate AquaLogic Service Bus security features and determine how to best implement them. Application Architects have in-depth knowledge of Java programming, Java security, and network security, as well as knowledge of security systems and leading-edge, security technologies and tools.
Security Developers—Developers who focus on defining the system architecture and infrastructure for security products that integrate into AquaLogic Service Bus and on developing custom security providers for use with AquaLogic Service Bus. They work with Application Architects to ensure that the security architecture is implemented according to design and that no security holes are introduced, and work with Server Administrators to ensure that security is properly configured. Security Developers have a solid understanding of security concepts, including authentication, authorization, auditing (AAA), in-depth knowledge of Java (including Java Management eXtensions (JMX), and working knowledge of WebLogic Server, AquaLogic Service Bus, and security provider functionality.
Application Developers—Developers who are Java programmers that focus on developing client applications, adding security to Web applications and Enterprise JavaBeans (EJBs), and working with other engineering, quality assurance (QA), and database teams to implement security features. Application Developers have in-depth/working knowledge of Java (including J2EE components such as servlets/JSPs and JSEE) and Java security.
Server Administrators—Administrators work closely with Application Architects to design a security scheme for the server and the applications running on the server, to identify potential security risks, and to propose configurations that prevent security problems. Related responsibilities may include maintaining critical production systems, configuring and managing security realms, implementing authentication and authorization schemes for server and application resources, upgrading security features, and maintaining security provider databases. Server Administrators have in-depth knowledge of the Java security architecture, including Web services, Web application and EJB security, Public Key security, SSL, and Security Assertion Markup Language (SAML).
Application Administrators—Administrators who work with Server Administrators to implement and maintain security configurations and authentication and authorization schemes, and to set up and maintain access to deployed application resources in defined security realms. Application Administrators have general knowledge of security concepts and the Java Security architecture. They understand Java, XML, deployment descriptors, and can identify security events in server and audit logs.
Related Information
AquaLogic Service Bus uses the WebLogic security framework as building blocks for higher level security services, including authentication, identity assertion, authorization, role mapping, auditing, and credential mapping. In addition to this document, the AquaLogic Service Bus Security Guide, the following documents provide information about the WebLogic Security Service:
Understanding WebLogic Security—This document summarizes the features of the WebLogic Security Service and presents an overview of the architecture and capabilities of the WebLogic Security Service. It is the starting point for understanding the WebLogic Security Service.
Securing a Production Environment—This document highlights essential security measures for you to consider before you deploy WebLogic Server into a production environment.
Securing WebLogic Server—This document explains how to configure security for WebLogic Server and how to use Compatibility security.
Securing WebLogic Resources—This document introduces the various types of WebLogic resources, and provides information that allows you to secure these resources using WebLogic Server.