|
|
|
|
|
|
Using Security
This topic provides an introduction to concepts associated with the BEA WebLogic EnterpriseTM security features, a description of how to secure your WebLogic Enterprise applications using the WebLogic Enterprise security features, and a guide to the use of the application programming interfaces (APIs) in the WebLogic Enterprise Security Service.
Overview of the WebLogic Enterprise
Security Service
The WebLogic Enterprise Security Service
The WebLogic Enterprise Security Environment
Single Sign-On in the WebLogic Enterprise Security Environment
WebLogic Enterprise Security SPIs
Introduction to the SSL Technology
Supported Public Key Algorithms
Supported Symmetric Key Algorithms
Supported Message Digest Algorithms
Standards for Digital Certificates
The WebLogic Enterprise Security Features
Using Username/Password Authentication
How Username/Password Authentication Works
Development Process for Username/Password Authentication
Certificate-based Authentication
How Certificate-based Authentication Works
Requirements for Using Certificate-based Authentication
Development Process for Certificate-based Authentication
Using an Authentication Plug-in
Encryption Key Size Negotiation
WSL/WSH Connection Timeout During Initialization
Requirements for Using the SSL Protocol
Development Process for the SSL Protocol
Commonly Asked Questions About the WebLogic Enterprise Security Features
Do I Have to Change the Security in an Existing WebLogic Enterprise Application?
Can I Use the SSL Protocol in an Existing WebLogic Enterprise Application?
When Should I Use Certificate-based Authentication?
Requirements for Using Public Key Security
Who Needs Digital Certificates and Private/Private Key Pairs
Requesting a Digital Certificate
Publishing Certificates in the LDAP Directory Service
Editing the LDAP Search Filter File
Storing the Private Keys in a Common Location
Defining the Trusted Certificate Authorities
Configuring Link-Level Encryption
Understanding min and max Values
Verifying the Installed Version of LLE
Configuring LLE on WebLogic Enterprise Application Links
Configuring LLE on BEA Tuxedo Workstation Client Links
Configuring LLE on Bridge Links
Configuring LLE on tlisten Links
Configuring LLE on Domain Gateway Links
Setting Parameters for the SSL Protocol
Defining a Port for SSL Network Connections
Setting the Encryption Strength
Setting the Interval for Session Renegotiation
Defining Security Parameters for the IIOP Listener/Handler
Example of Setting Parameters on the ISL System Process
Example of Setting Command-Line Options on the CORBA C++ ORB
Example of Setting System Properties on the CORBA Java ORB
Configuring the Authentication Server
Configuring Application Password Security
Configuring Username/Password Authentication
Sample UBBCONFIG File for Username/Password Authentication
Configuring Certificate-based Authentication
Sample UBBCONFIG File for Certificate-based Authentication
Configuring Optional ACL Security
Configuring Mandatory ACL Security
Setting ACL Policy between WebLogic Enterprise Applications
Configuring Security to Interoperate with Older WebLogic Enterprise Client Applications
Single Sign-on with Username/Password Authentication
Single Sign-on with Username/Password Authentication and the SSL Protocol
Single Sign-on with the SSL Protocol and Certificate-Based Authentication
Registering the Security Plug-Ins (SPIs)
Writing a WebLogic Enterprise CORBA Application that Implements Security
Understanding the Address Formats of the Bootstrap Object
Using the Host and Port Address Format
Using the corbaloc URL Address Format
Using the corbalocs URL Address Format
Using Username/Password Authentication
The Security Sample Application
Writing the Client Application
Using Certificate-based Authentication
The Secure Simpapp Sample Application
Writing the Client Application
Using the Invocations_Options_Required() Method
Building and Running the CORBA Sample Applications
Building and Running the Security Sample Application
Building and Running the Secure Simpapp Sample Application
Step 1: Copy the Files for the Secure Simpapp Sample Application into a Work Directory
Step 2: Change the Protection Attribute on the Files for the Secure Simpapp Sample Application
Step 3: Verify the Settings of the Environment Variables
Step 4: Execute the runme Command
Using the Secure Simpapp Sample Application
Writing a WebLogic Enterprise Enterprise JavaBean That Implements Security
How Authentication Works with WebLogic Enterprise EJBs
Step 1: Define Security Roles for the Methods of the WebLogic Enterprise EJB
Step 2: Specify Security Roles in the Deployment Descriptor of the EJB
Step 3: Define the JNDI Environment Properties
Step 4: Establish the InitialContext
Step 5: Use Home to Get a WebLogic Enterprise EJB
Step 6: Use the getCallerPrincipal Method to Authenticate a WebLogic Enterprise EJB
Example of Using Security in a WebLogic Enterprise EJB
Username/Password Authentication Problems
Certificate-based Authentication Problems
Tobj::Bootstrap::
resolve_initial_references Problems
IIOP Listener/Handler Startup Problems
Problems with Using Callbacks Objects with the SSL Protocol
Troubleshooting Tips for Digital Certificates
WebLogic Enterprise Security Service APIs
The WebLogic Enterprise Security Model
Functional Components of the WebLogic Enterprise Security Service
The Principal Authenticator Object
Using the Principal Authenticator Object with Certificate-based Authentication
WebLogic Enterprise Extensions to the Principal Authenticator Object
SecurityLevel1::Current::get_attributes
SecurityLevel2::Current::authenticate
SecurityLevel2::Current::set_credentials
SecurityLevel2::Current::get_credentials
SecurityLevel2::Current::principal_authenticator
SecurityLevel2::Credentials::get_attributes
SecurityLevel2::Credentials::invocation_options_supported
SecurityLevel2::Credentials::invocation_options_required
SecurityLevel2::Credentials::is_valid
SecurityLevel2::PrincipalAuthenticator
SecurityLevel2::PrincipalAuthenticator::continue_authentication
Tobj::PrincipalAuthenticator::get_auth_type
Tobj::PrincipalAuthenticator::logon
Tobj::PrincipalAuthenticator::logoff
Tobj::PrincipalAuthenticator::build_auth_data
DISecurityLevel2_Current.get_attributes
DISecurityLevel2_Current.set_credentials
DISecurityLevel2_Current.get_credentials
DISecurityLevel2_Current.principal_authenticator
DITobj_PrincipalAuthenticator.authenticate
DITobj_PrincipalAuthenticator.build_auth_data
DITobj_PrincipalAuthenticator.continue_authentication
DITobj_PrincipalAuthenticator.get_auth_type
DITobj_PrincipalAuthenticator.logon
DITobj_PrincipalAuthenticator.logoff
DISecurityLevel2_Credentials.get_attributes
DISecurityLevel2_Credentials.is_valid
|
|
|
|
|
Copyright © 2000 BEA Systems, Inc. All rights reserved.
|