WebLogic Server v8.1 Installation

Overview

The document is organized as follows:

Chapter 1 (this chapter) provides an introduction to the WebLogic Enterprise Security architecture component architecture.
Preparing to Install, discusses system requirements (software and hardware) that you need to ensure are met before installing the product.
Installing, describes how to install the product.
Post Installation Tasks, describes the tasks that must be performed after you install the product.
Integrating WebLogic Enterprise Security with WebLogic Portal, describes how to integrate WebLogic Enterprise Security using the sample portal domain shipped with WebLogic 8.1 Platform.
Uninstalling, describes how to uninstall the product.

This section covers the following topics:

About this Document

This document provides security administrators with the information needed to install the BEA® WebLogic® Enterprise Security WebLogic Server Security Service Module.

This section covers the following topics:

Audience for This Guide

It is assumed that reader understands web technologies and has a general understanding of the Microsoft Windows or UNIX operating systems being used, and WebLogic Server. The general audience for this installation guide includes:

Security Administrators—Administrators who are responsible for installing and configuring the WebLogic Server Security Service Module and designing policy who work with other administrators to implement and maintain security configurations, authentication and authorization schemes, and to set up and maintain access to deployed application resources. Application Administrators have a general knowledge of security concepts and the WebLogic Server security architecture. They understand Java, XML, deployment descriptors, and can identify security events in server and audit logs
Application Developers—Developers who focus on designing applications and work with other engineers, quality assurance (QA) technicians, and database teams to implement applications.

Prerequisites for This Guide

Prior to reading this guide, you should read the Introduction to BEA WebLogic Enterprise Security. This document describes how the product works and provides conceptual information that is helpful to understanding the necessary installation components.

Additionally, BEA WebLogic Enterprise Security includes many unique terms and concepts that you need to understand. These terms and concepts—which you will encounter throughout the documentation—are defined in the Glossary.

Product Documentation on the dev2dev Web Site

BEA product documentation, along with other information about BEA software, is available from the BEA dev2dev web site:

http://dev2dev.bea.com

To view the documentation for a particular product, select that product from the Product Centers menu on the left side of the screen on the dev2dev page. Select More Product Centers. From the BEA Products list, choose WebLogic Enterprise Security 4.2. The home page for this product is displayed. From the Resources menu, choose Documentation 4.2. The home page for the complete documentation set for the product and release you have selected is displayed.

Related Information

The BEA corporate web site provides all documentation for BEA WebLogic Enterprise Security. Other BEA WebLogic Enterprise Security documents that may be of interest to the reader include:

Introduction to BEA WebLogic Enterprise Security—This document provides an overview, conceptual, and architectural information for the WebLogic Server Security Service Module products.
BEA WebLogic Enterprise Security Administration Application Guide—This document provides a complete overview of the product and includes step-by-step instructions on how to perform various administrative tasks.
BEA WebLogic Enterprise Security Policy Managers Guide—This document defines the policy model used by BEA WebLogic Enterprise Security, and describes how to import and export policy data.
Developing Security Providers for BEA WebLogic Enterprise Security —This document provides security vendors and security and application developers with the information needed to develop custom security providers.
Javadocs for Security Service Provider Interfaces—This document provides reference documentation for the Security Service Provider Interfaces that are provided with and supported by this release of BEA WebLogic Enterprise Security.

Product Overview

The WebLogic Server 8.1 Security Service Module is a security enhancement product that supports WebLogic Server, Version 8.1 (with SP3). The WebLogic Server Security Service Module provides an application programming interface (API) that allows security developers to insert security into their applications. These interfaces support the most commonly required security functions and are organized into services that are logically grouped by functionality. After you use the WebLogic Server Security Service Module interfaces to implement security functions in your WebLogic Server, you can deploy and run your application on any instance of a WebLogic Server Security Service Module that supports the configuration requirements of your application. All WebLogic Server security-related functions remain available, but those functions are provided through the Security Service Module.

This section covers the following topics:

Security Environment

Figure 1-1 shows the major components that make up the BEA WebLogic Enterprise Security environment.

Figure 1-1 WebLogic Enterprise Security Environment

WebLogic Enterprise Security Environment

Administration Application

The Administration Application allows you to manage and configure multiple Security Service Modules. While Security Service Modules specify and consume configuration data and then services security requests accordingly, the Administration Application allows you to configure and display the security providers that are deployed in the Security Service Modules and modify the configuration data for those providers.

Service Control Manager

The Service Control Manager is an essential component of the BEA WebLogic Enterprise Security configuration provisioning mechanism and a key component of a fully-distributed security enforcement architecture. A Service Control Manager is a machine agent that exposes a provisioning interface to the administration application to facilitate the management of a potentially large number of distributed Security Service Modules. A Service Control Manager can receive and store metadata updates, both full and incremental, initiated by the Administration Application.
The Administration Application uses the provisioning mechanism to distribute configuration and policy data to each service module where it is consumed locally (see Figure 1-2). Security Service Modules (which can be distributed throughout an enterprise) can be embedded in Java applications, application servers, and web servers.
After you use the Administration Application to configure an instance of a Security Service Module with configuration and policy data, the module requires no any additional communication with the Service Control Manager to perform security functions. However, the Service Control Manager maintains communication with the Security Service Module to distribute full and incremental updates. Figure 1-2 Deploying Configuration and Policy Data

Security Architecture Functional Description

Figure 1-3 shows the major components of the BEA WebLogic Enterprise security architecture. The WebLogic Server Security Service Module comprises the Security Services APIs, the security framework, and the security providers.

The following topics describe these components:

Figure 1-3 Architectural Components

Architectural Components

Security Service APIs

The WebLogic Server 8.1 Security Service Module supports the following security service application programming interfaces (APIs):

Authentication Service API
Role Mapping Service API
Authorization Service API
Auditing Service API
Credential Mapping Service API

For descriptions of these APIs, see Java Security Service Module APIs in Programming Security for Java Applications. For Javadoc for these APIs, see Javadocs for Java Applications.

Security Framework

The primary function of the Security Framework is to provide an application programming interface (API) that security and application developers can use to implement security functions in WebLogic Server. Within that context, the Security Framework also acts as an intermediary between security functions that you implement using the configuration tools and the security providers that are configured into the Security Service Module.

Security Providers

When you install the Administration Application or a Security Service Module, a JAR file is deployed that contains all the security providers that ship with the product. However, before any of the security providers can be used, you must configure them through the Administration Application. You have the option of configuring either the security providers that ship with the product or custom security providers, that you develop or purchase from third-party security vendors.

Note: To use custom security providers with a Security Service Module, you must deploy the security providers MBean JAR file (MJF) to both the providers directory on the machine on which you install the Security Service Module product and on the Administration Server.

The Administration Application supports the following types of security providers:

Authentication provider
Identity Assertion provider
Principal Validation provider
Authorization provider
Credential Mapping provider
Role Mapping provider
Auditing provider

For more information on security providers, see Introduction to BEA WebLogic Enterprise Security.

For more information on how to develop custom security providers, see Developing Security Providers for BEA WebLogic Enterprise Security.