Skip navigation.

Programming WebLogic Security

   Previous Next vertical dots separating previous/next from contents/index/pdf Contents Index View as PDF   Get Adobe Reader

Introduction to Programing WebLogic Security

Audience for This Guide

What Is Security?

Types of Security Supported by WebLogic Server

Authentication

Authorization

J2EE Security

Security APIs

JAAS Client Application APIs

Java JAAS Client Application APIs

WebLogic JAAS Client Application APIs

SSL Client Application APIs

Java SSL Client Application APIs

WebLogic SSL Client Application APIs

Other APIs

Administration Console and Security

Security Tasks and Code Examples

Securing Web Applications

J2EE Security Model

Declarative Authorization

Programmatic Authorization

Declarative Versus Programmatic Authorization

Authentication With Web Browsers

User Name and Password Authentication

Digital Certificate Authentication

Multiple Web Applications, Cookies, and Authentication

Using Secure Cookies to Prevent Session Stealing

Developing Secure Web Applications

Developing BASIC Authentication Web Applications

Using HttpSessionListener to Account for Browser Caching of Credentials

Developing FORM Authentication Web Applications

Using Identity Assertion for Web Application Authentication

Using Two-Way SSL for Web Application Authentication

Developing Swing-Based Authentication Web Applications

Deploying Web Applications

Using Declarative Security With Web Applications

Web Application Security-Related Deployment Descriptors

Web.xml Deployment Descriptors

auth-constraint

security-constraint

security-role

security-role-ref

user-data-constraint

web-resource-collection

Weblogic.xml Deployment Descriptors

externally-defined

run-as-principal-name

run-as-role-assignment

security-permission

security-permission-spec

security-role-assignment

Using Programmatic Security With Web Applications

Using the Programmatic Authentication API

Using JAAS Authentication in Java Clients

JAAS and WebLogic Server

JAAS Authentication Development Environment

JAAS Authentication APIs

JAAS Client Application Components

WebLogic LoginModule Implementation

JVM-Wide Default User and the runAs() Method

Writing a Client Application Using JAAS Authentication

Using JNDI Authentication

Java Client JAAS Authentication Code Examples

Using SSL Authentication in Java Clients

JSSE and WebLogic Server

Using JNDI Authentication

SSL Certificate Authentication Development Environment

SSL Authentication APIs

SSL Client Application Components

Writing Applications that Use SSL

Communicating Securely From WebLogic Server to Other WebLogic Servers

Writing SSL Clients

SSLClient Sample

SSLSocketClient Sample

SSLClientServlet Sample

Using Two-Way SSL Authentication

Two-Way SSL Authentication with JNDI

Writing a User Name Mapper

Using Two-Way SSL Authentication Between WebLogic Server Instances

Using Two-Way SSL Authentication with Servlets

Using a Custom Host Name Verifier

Using a Trust Manager

Using a Handshake Completed Listener

Using an SSLContext

Using an SSL Server Socket Factory

Using URLs to Make Outbound SSL Connections

SSL Client Code Examples

Securing Enterprise JavaBeans (EJBs)

J2EE Architecture Security Model

Declarative Authorization

Programmatic Authorization

Declarative Versus Programmatic Authorization

Using Declarative Security With EJBs

EJB Security-Related Deployment Descriptors

ejb-jar.xml Deployment Descriptors

method

method-permission

role-name

run-as

security-identity

security-role

security-role-ref

unchecked

use-caller-identity

weblogic-ejb-jar.xml Deployment Descriptors

client-authentication

client-cert-authentication

confidentiality

externally-defined

identity-assertion

iiop-security-descriptor

integrity

principal-name

role-name

run-as-identity-principal

run-as-principal-name

run-as-role-assignment

security-permission

security-permission-spec

security-role-assignment

transport-requirements

Using Programmatic Security With EJBs

Using Network Connection Filters

The Benefits of Using Network Connection Filters

Network Connection Filter API

Connection Filter Interfaces

ConnectionFilter Interface

ConnectionFilterRulesListener Interface

Connection Filter Classes

ConnectionFilterImpl Class

ConnectionEvent Class

Guidelines for Writing Connection Filter Rules

Connection Filter Rules Syntax

Types of Connection Filter Rules

How Connection Filter Rules are Evaluated

Configuring the WebLogic Connection Filter

Developing Custom Connection Filters

Connection Filter Examples

SimpleConnectionFilter Example

SimpleConnectionFilter2 Example

Example of the accept Method Used in Filtering Network Connections

Using Java Security to Protect WebLogic Resources

Using J2EE Security to Protect WebLogic Resources

Using the Java Security Manager to Protect WebLogic Resources

Setting Up the Java Security Manager

Modifying the weblogic.policy file for General Use

Setting Application-Type Security Policies

Setting Application-Specific Security Policies

Deprecated Security APIs

 

Skip footer navigation  Back to Top Previous Next