BEA Logo BEA WLCS Release 3.5

  Corporate Info  |  News  |  Solutions  |  Products  |  Partners  |  Services  |  Events  |  Download  |  How To Buy

   http://www.oracle.com/technology/documentation/index.html   |   Search   |   PDF Files   |   Contact   |   Glossary

 

   WLCS Doc Home   |   Security Guide   |   Previous Topic   |   Next Topic   |   Contents   |   Index

Security Guide

 

Welcome to the Security Guide!

This Security Guide was designed to help you understand how the Campaign Manager for WebLogic, WebLogic Commerce Server, and WebLogic Personalization Server leverage the security features of the JavaTM 2 Platform Enterprise Edition (J2EE) specification and the J2EE-compliant security features of the BEA WebLogic Server platform, as well as understand any additional security measures that have been established for application components. This Guide also describes ways that you can modify security settings within the Campaign Manager for WebLogic, WebLogic Commerce Server, and WebLogic Personalization Server to inspire customer confidence and solidify your e-business' online relationships.



 

 

Introduction

Determining Your Application Security Needs

Development Roles

Important Security Features

Reliance on J2EE Standards and Platform Security

Declarative Security with Deployment Descriptors

Next Steps

 

Deployment Descriptors and Security Roles

What Is a Deployment Descriptor?

What Is a Security Role?

J2EE Users and Groups

Roles and Principals

Deployment Descriptor Files in Enterprise Applications

Location of Deployment Descriptor Files in the Product Directory Structure

About the web.xml and weblogic.xml Application Deployment Descriptors

The web.xml Deployment Descriptors

Port Numbers and Security Constraints for Generated URLs

Session Timeout

Declarations of Secure JSPs

The weblogic.xml Deployment Descriptors

The wlcs Application's Deployment Descriptors

Port Numbers for HTTP and HTTPS

Links Using HTTPS

Session Timeout

Secure JavaServer Pages (JSPs)

Role to Principal Mapping

The exampleportal Application's Deployment Descriptors

Secure JavaServer Pages (JSPs)

Role to Principal Mapping

The tools Application's Deployment Descriptors

Secure JavaServer Pages (JSPs)

Role to Principal Mapping

About EJB Deployment Descriptors

The ejb-jar.xml Deployment Descriptors

The weblogic-ejb-jar.xml Deployment Descriptors

 

Application Services and Security

action.jar

Enterprise Bean Definitions

Assembly Descriptor

Security-Role Assignments

axiom.jar

Enterprise Bean Definitions

Security-Role References

Assembly Descriptor

Security-Role Assignments

bridge.jar

Enterprise Bean Definitions

Assembly Descriptor

Security-Role Assignments

campaign.jar

Enterprise Bean Definitions

Assembly Descriptor

Security-Role Assignments

discount.jar

Enterprise Bean Definitions

Assembly Descriptor

Security-Role Assignments

document.jar

Enterprise Bean Definitions

Assembly Descriptor

Security-Role Assignments

ebusiness.jar

Enterprise Bean Definitions

Security-Role References

Assembly Descriptor

Security-Role Assignments

ejbadvisor.jar

Enterprise Bean Definitions

Assembly Descriptor

Security-Role Assignments

events.jar

Enterprise Bean Definitions

Assembly Descriptor

Security-Role Assignments

foundation.jar

Enterprise Bean Definitions

Assembly Descriptor

Security-Role Assignments

mail.jar

Enterprise Bean Definitions

Assembly Descriptor

Security-Role Assignments

placeholder.jar

Enterprise Bean Definitions

Assembly Descriptor

Security-Role Assignments

portal.jar

Enterprise Bean Definitions

Security-Role References

Assembly Descriptor

Security-Role Assignments

priceService.jar

Enterprise Bean Definitions

Assembly Descriptor

Security-Role Assignments

rules.jar

Enterprise Bean Definitions

Assembly Descriptor

Security-Role Assignments

servicemgr.jar

Enterprise Bean Definitions

Assembly Descriptor

Security-Role Assignments

uupexample.jar

Enterprise Bean Definitions

Assembly Descriptor

Security-Role Assignments

 

Sample Applications, Administration Tools, and Security

Security in the Sample Storefront Application

Protected JavaServer Page (JSP) Templates

main.jsp Template Versions

Form-based Authentication and Access to Protected Pages

Session Inactivity

SSL and Declarative Transport

Credit Card Security Service

Encryption/Decryption Implementation

Customizable Security Settings

Methods for Supplying the Private Key Encryption Password

Security in the Example Portal Application

The portal.jsp Template

Logging Into the Portal

A Prerequisite for Logging In

Security in the Administration Tools

The Administration JSPs

The E-Business Control Center

 

back to top   next page

 

Copyright © 2001 BEA Systems, Inc. All rights reserved.
Required browser: Netscape 4.0 or higher, or Microsoft Internet Explorer 4.0 or higher.
Contact us (documentation feedback only)