Skip navigation.

Introduction to WebLogic Security

   Previous Next vertical dots separating previous/next from contents/index/pdf Contents View as PDF   Get Adobe Reader

Overview of the WebLogic Security Service

Audience for This Guide

Introduction to the WebLogic Security Service

Features of the WebLogic Security Service

Balancing Ease of Use and Customizability

What Changed in WebLogic Security

Security Fundamentals



Subjects and Principals

Java Authentication and Authorization Service (JAAS)

JAAS LoginModules

JAAS Control Flags


Mutual Authentication

Identity Assertion Providers and LoginModules

Identity Assertion and Tokens

Types of Authentication

Username/Password Authentication

Certificate Authentication

Perimeter Authentication

Single Sign-On with Microsoft Clients


WebLogic Resources

Security Policies


Access Decisions


Secure Sockets Layer (SSL)

SSL Features

SSL Tunneling

One-way/Two-way SSL Authentication

Domestic SSL and Exportable SSL

Digital Certificates

Certificate Authorities

Host Name Verification

Trust Managers

Asymmetric Key Algorithms

Symmetric Key Algorithms

Message Digest Algorithms

Cipher Suites


Connection Filters

Perimeter Authentication

J2EE and WebLogic Security

SDK 1.4.1 Security Packages

The Java Secure Socket Extension (JSSE)

Java Authentication and Authorization Services (JAAS)

The Java Security Manager

Java Cryptography Architecture and Java Cryptography Extensions (JCE)

Common Secure Interoperability Version 2 (CSIv2)

Security Realms

Introduction to Security Realms



Security Roles

Security Policies

Security Providers

Security Provider Databases

What Is a Security Provider Database?

Security Realms and Security Provider Databases

Embedded LDAP Server

Types of Security Providers

Authentication Providers

Identity Assertion Providers

Principal Validation Providers

Authorization Providers

Adjudication Providers

Role Mapping Providers

Auditing Providers

Credential Mapping Providers

Keystore Providers

Realm Adapter Providers

Security Provider Summary

Security Providers and Security Realms

WebLogic Security Service Architecture

Architectural Overview

WebLogic Security Framework

The Authentication Process

The Identity Assertion Process

The Principal Validation Process

The Authorization Process

The Adjudication Process

The Role Mapping Process

The Auditing Process

The Credential Mapping Process

SSO with Microsoft Clients Process

The Security Service Provider Interfaces (SSPIs)

The WebLogic Security Providers

WebLogic Authentication Provider

Alternative Authentication Providers

WebLogic Identity Assertion Provider

Single Pass Negotiate Identity Assertion Provider

WebLogic Principal Validation Provider

WebLogic Authorization Provider

WebLogic Adjudication Provider

WebLogic Role Mapping Provider

WebLogic Auditing Provider

WebLogic Credential Mapping Provider

WebLogic Keystore Provider

WebLogic Realm Adapter Providers

How the Architecture Benefits Users

Application Developers

Server/Application Administrators

Third-Party Security Service Providers



Skip footer navigation  Back to Top Previous Next