bea.com | products | dev2dev | support | askBEA
 Download Docs   Site Map   Glossary 
Search
e-docs > WebLogic Server > Programming WebLogic Security

Programming WebLogic Security

 Previous Next Contents Index View as PDF  

Introduction

Audience for this Guide

Application Developers

Security Vendors Or Sophisticated Application Developers

Administrators

Why Implement Security?

Security APIs

Major Tasks Covered in this document

Securing Web Applications (Thin Clients)

Authentication with Web Browsers

Username and Password Authentication

Digital Certificate Authentication

Developing Secure Web Applications

Developing BASIC Authentication Web Applications

Developing FORM Authentication Web Applications

Developing CLIENT-CERT Authentication Web Applications

Deploying Web Applications

Using the <global-role/> Tag With Web Applications

Adding Declarative Security to Web Applications

Adding Programmatic Security to Web Applications

Programmatic Authentication

Writing Secure Java Clients (Fat Clients)

Introduction

Use of JSSE with WebLogic Server

JAAS Authentication

Supported JAAS Classes

Overview of Specific JAAS Programming Steps

Step 1: Authenticate the User

Step 2: Retrieve Subject and Associate it with the Client Actions

Step 3: Implement the CallbackHandler Interface

Writing a Client Application Using JAAS Authentication

Sample LoginModule Implementation

Sample Implementation of the CallbackHandler Interface

Sample LoginModule Configuration File

Sample LoginContext Implementation

Sample Login Method Implementation

Sample Implementation of the getSubject and runAS Methods

Sample PrivilegedAction Implementation

Sample Implementation of a Java Client That Uses JAAS

Using JNDI Authentication

Writing Applications that Use SSL

Communicating Securely with SSL-Enabled Web Browsers

Writing SSL Clients

SSL Client Sample

SSLSocketClient Sample

SSLClientServlet Sample

Using Two-Way SSL Authentication

Two-Way SSL Authentication with JNDI

Using Two-Way SSL Authentication Between WebLogic Server Instances

Using Two-Way SSL Authentication with Servlets

Using a Custom Host Name Verifier

Using a Trust Manager

Using an SSLContext

Using an SSLServerSocketFactory

Using URLs to Make Outbound SSL Connections

Securing EJB Applications

Adding Declarative Security to EJBs

Using the <global-role/> Tag With EJBs

Adding Programmatic Security to EJBs

Protecting Application Server Resources

Using Network Connection Filters to Protect Application Server Resources

Connection Filter Interfaces

ConnectionFilter interface

ConnectionFilterRulesListener interface

Connection Filter Classes

ConnectionFilterImpl Class

ConnectionEvent Class

Guidelines for Writing Connection Filter Rules

Connection Filter Rules Syntax

Types of Connection Filter Rules

How Connection Filter Rules are Evaluated

Configuring the Default Connection Filter

Developing Custom Connection Filters

Connection Filter Examples

SimpleConnectionFilter Example

SimpleConnectionFilter2 Example

Example of the Accept Method Used in Filtering Network Connections

Using J2EE Sandbox Security to Protect Application Server Resources

Deprecated Security APIs

 

Back to Top Previous Next