BEA Logo BEA WebLogic Portal Release 4.0

  BEA Home  |  Events  |  Solutions  |  Partners  |  Products  |  Services  |  Download  |  Developer Center  |  WebSUPPORT

   http://www.oracle.com/technology/documentation/index.html   |   Search   |   PDF Files   |   Contact   |   Glossary

 

   WebLogic Portal Documentation   |   Security Guide   |   Previous Topic   |   Next Topic   |   Contents   |   Index

Security Guide

 

Welcome to the Security Guide!

This Security Guide was designed to help you understand how the WebLogic Portal product suite leverages the security features of the JavaTM 2 Platform Enterprise Edition (J2EE) specification and the J2EE-compliant security features of the BEA WebLogic Server platform. This Guide also describes ways that you can modify security settings within the WebLogic Portal sample applications to inspire customer confidence and solidify your e-business' online relationships.



 

 

Introduction

Determining Your Application Security Needs

Reliance on J2EE Standards and WebLogic Server Security

Declarative Security in WebLogic Portal

Programmatic Security in WebLogic Portal

Security Behavior in a J2EE Environment

About Security Realms

Implementing a New Custom Realm

Next Steps

 

Security Roles and Deployment Descriptors

Authorization Using Security Roles

What Is a Security Role?

WebLogic Portal Security Roles

Declaration of Security Roles

Users and User Groups as Principals

WebLogic Portal User Groups

WebLogic Portal Role to Principal Mappings

Using Role to Principal Mappings To Modify Access At Runtime

Declarative Security Using Deployment Descriptors

What Is a Deployment Descriptor?

Deployment Descriptor Files and Enterprise Applications

Location of Deployment Descriptor Files in the Directory Structure

The web.xml Deployment Descriptors

The weblogic.xml Deployment Descriptors

The ejb-jar.xml Deployment Descriptors

The weblogic-ejb-jar.xml Deployment Descriptors

 

Security in the WebLogic Portal Sample Applications

Security in the Commerce (wlcs) Web Application

Accessing the Commerce (wlcs) Web Application

Protected JavaServer Page (JSP) Templates

Logging In with Form-Based Authentication

Session Inactivity

SSL and Declarative Transport

Credit Card Security Service

Encryption/Decryption Implementation

Customizable Security Settings

Methods for Supplying the Private Key Encryption Password

Contents of the Commerce (wlcs) Web Application's Deployment Descriptors

web.xml

weblogic.xml

Security in the Stock Portal Web Application

Accessing the Stock Portal Web Application

Anonymous Versus Authenticated Portal Visitors

Logging Into the Portal

Webflow and Portal Security

Security-Related Use Cases

Modifying the Portal Security Webflow: An Example

Contents of the Stock Portal Web Application's Deployment Descriptors

web.xml

weblogic.xml

 

Security in the WebLogic Portal Enterprise JavaBeans

Note About the weblogic-ejb-jar.xml Deployment Descriptors in WebLogic Portal

campaign.jar

campaignws.jar

catalogws.jar

customer.jar

document.jar

ebusiness.jar

ejbadvisor.jar

events.jar

ldapprofile.jar

mail.jar

payment.jar

petflow.jar

petStore_EJB.jar

pipeline.jar

placeholder.jar

portal.jar

property.jar

propertysetws.jar

rules.jar

stockportal.jar

tax.jar

usermgmt.jar

wlcsSample.jar

 

Security in the WebLogic Portal Administration Tools and the E-Business Control Center

Security in the WebLogic Portal Administration Tools

Security in the E-Business Control Center

 

Portal Administration and Security

Three Levels of Administrator Permissions

SA- System Administrators

PA - Portal Administrators

GA - Group Administrators

Application Assembler/Deployer

Scoping Privileges

Managing Administrator Users

User Groups

Delegated Administration

Visitor Entitlements

Rule-Based Entitlements Versus Rule-Based Personalization

 

back to top   next page

 

Copyright © 2001 BEA Systems, Inc. All rights reserved.
Required browser: Netscape 4.77 or higher, or Microsoft Internet Explorer 5.01 or higher.
Contact us (documentation feedback only)