Security Guide
Introduction
Determining Your Application Security Needs
Development Roles
Important Security Features
Reliance on J2EE Standards and Platform Security
Declarative Security with Deployment Descriptors
Next Steps
Deployment Descriptors and Security Roles
What Is a Deployment Descriptor?
What Is a Security Role?
J2EE Users and Groups
Roles and Principals
Deployment Descriptor Files in Enterprise Applications
Location of Deployment Descriptor Files in the Product Directory Structure
About the web.xml and weblogic.xml Application Deployment Descriptors
The web.xml Deployment Descriptors
Port Numbers and Security Constraints for Generated URLs
Session Timeout
Declarations of Secure JSPs
The weblogic.xml Deployment Descriptors
The wlcs Application's Deployment Descriptors
Port Numbers for HTTP and HTTPS
Links Using HTTPS
Session Timeout
Secure JavaServer Pages (JSPs)
Role to Principal Mapping
The exampleportal Application's Deployment Descriptors
Secure JavaServer Pages (JSPs)
Role to Principal Mapping
The tools Application's Deployment Descriptors
Secure JavaServer Pages (JSPs)
Role to Principal Mapping
About EJB Deployment Descriptors
The ejb-jar.xml Deployment Descriptors
The weblogic-ejb-jar.xml Deployment Descriptors
Application Services and Security
action.jar
Enterprise Bean Definitions
Assembly Descriptor
Security-Role Assignments
axiom.jar
Enterprise Bean Definitions
Security-Role References
Assembly Descriptor
Security-Role Assignments
bridge.jar
Enterprise Bean Definitions
Assembly Descriptor
Security-Role Assignments
campaign.jar
Enterprise Bean Definitions
Assembly Descriptor
Security-Role Assignments
discount.jar
Enterprise Bean Definitions
Assembly Descriptor
Security-Role Assignments
document.jar
Enterprise Bean Definitions
Assembly Descriptor
Security-Role Assignments
ebusiness.jar
Enterprise Bean Definitions
Security-Role References
Assembly Descriptor
Security-Role Assignments
ejbadvisor.jar
Enterprise Bean Definitions
Assembly Descriptor
Security-Role Assignments
events.jar
Enterprise Bean Definitions
Assembly Descriptor
Security-Role Assignments
foundation.jar
Enterprise Bean Definitions
Assembly Descriptor
Security-Role Assignments
mail.jar
Enterprise Bean Definitions
Assembly Descriptor
Security-Role Assignments
placeholder.jar
Enterprise Bean Definitions
Assembly Descriptor
Security-Role Assignments
portal.jar
Enterprise Bean Definitions
Security-Role References
Assembly Descriptor
Security-Role Assignments
priceService.jar
Enterprise Bean Definitions
Assembly Descriptor
Security-Role Assignments
rules.jar
Enterprise Bean Definitions
Assembly Descriptor
Security-Role Assignments
servicemgr.jar
Enterprise Bean Definitions
Assembly Descriptor
Security-Role Assignments
uupexample.jar
Enterprise Bean Definitions
Assembly Descriptor
Security-Role Assignments
Sample Applications, Administration Tools, and Security
Security in the Sample Storefront Application
Protected JavaServer Page (JSP) Templates
main.jsp Template Versions
Form-based Authentication and Access to Protected Pages
Session Inactivity
SSL and Declarative Transport
Credit Card Security Service
Encryption/Decryption Implementation
Customizable Security Settings
Methods for Supplying the Private Key Encryption Password
Security in the Example Portal Application
The portal.jsp Template
Logging Into the Portal
A Prerequisite for Logging In
Security in the Administration Tools
The Administration JSPs
The E-Business Control Center