Using WebLogic Integration Security


	BEA Home \| Events \| Solutions \| Partners \| Products \| Services \| Download \| Developer Center \| WebSUPPORT
	http://www.oracle.com/technology/documentation/index.html \| Site Map \| Search \| PDF Files \| Contact \| Glossary

WLI Doc Home \| Deploying Solutions \| Previous Topic \| Next Topic \| Contents \| Index \| View as PDF

The following sections describe how to set up and manage security for WebLogic Integration solution deployments:

Overview of WebLogic Integration Security

The following sections describe the key features of WebLogic Integration security:

Every secure deployment of a WebLogic Integration solution uses the WebLogic Server security features as the foundation. If BPM, B2B integration, and application integration functionality is used in a WebLogic Integration solution, the security features associated with these functional areas are used as well.

Note: For a secure deployment, avoid running WebLogic Integration in the same WebLogic Server instance as any applications for which security is not provided. Internal WebLogic Integration API calls are not protected from collocated applications.

WebLogic Server Security

WebLogic Server provides the foundation for WebLogic Integration security. WebLogic Integration deployments can use a full range of security features that WebLogic Server provides, including security realms, users and groups, Access Control Lists (ACLs) and permissions, the Secure Sockets Layer (SSL) protocol, authentication mechanisms, digital certificates, controlled access to resources, and so on. For a comprehensive discussion of WebLogic Server security features, see "Programming WebLogic Security" at the following URL:

http://download.oracle.com/docs/cd/E13222_01/wls/docs61/security/index.html

Business Process Management Security

WebLogic Integration uses WebLogic Server security realms to protect access to workflows and other resources. User access is determined by the roles to which the user is assigned. The WebLogic Integration Studio is used to define users, organizations, and roles, and also to map roles to groups in WebLogic Server security realms.

For more information about BPM security, see the following topics:

"About Security Realms" in Administering Data in Using the WebLogic Integration Studio
Configuring the Security Realms in Programming BPM Client Applications

B2B Integration Security

WebLogic Integration solutions that involve the exchange of messages between trading partners across firewalls have specialized security requirements, including trading partner authentication and authorization, as well as nonrepudiation. Specific security administration tasks depend on the type of protocol used. For more information about B2B integration security, see Implementing Security with B2B Integration.

In addition:

For information about RosettaNet security, see "Configuring RosettaNet Security" in Introduction in Implementing RosettaNet for B2B Integration.
For information about cXML security, see "Security" in cXML Administration in Implementing cXML for B2B Integration.

Application Integration Security

WebLogic Integration provides the following security mechanisms for those parts of an integration solution that are created and maintained with application integration functionality:

To connect to an Enterprise Information System (EIS), an application might need to provide certain credentials, such as a login name and password. For more information, see "Scenario 1: Connecting Using Specific Credentials" in Using Application Views by Writing Custom Code in Implementing Application Integration.
When deploying an application view, you can configure security settings to grant or revoke read and write access to the application view by a WebLogic user or group. For more information, see "Deploying an Application View" in "Steps for Defining an Application View" in Defining an Application View in Implementing Application Integration.

WebLogic Server Security Principals Used in WebLogic Integration

The following diagram provides an overview of the WebLogic Server security principals used in WebLogic Integration.

Figure 3-1 WebLogic Server Security Principals Used in WebLogic Integration

When started via an event (XML, application integration or B2B integration), a workflow runs as the WLPISystem.
When started via a manual task start, a workflow runs as the security principal associated with the Worklist client.
An application integration service runs as the security principal configured for the application view.
When a message is received from a trading partner, the B2B engine momentarily switches to the WebLogic Server principal associated with the client side certificate for the trading partner. It switches to the WLCSYSTEM principal before sending the message to the BPM event queue. For more information about B2B integration security, see Implementing Security with B2B Integration.
When the J2EE-CA adapter receives a request, it maps the caller's security principal to one that is appropriate for the EIS system. For more information, see "Security Prinicipal Map" in Programming the WebLogic J2EE Connector Architecture in the WebLogic Server documenation set, at the following URL:
```
http://download.oracle.com/docs/cd/E13222_01/wls/docs61/jconnector/security.html
```