Secure WebLogic resources

A WebLogic resource is an entity that the WebLogic Security Service uses to represent components in a WebLogic Server domain. For example, server instances, Enterprise Applications (EARs), EJBs, specific methods within EJBs, and URL patterns within Web applications are represented by WebLogic resources. For a list of all resource types, see Types of WebLogic Resources.

When a client attempts to interact with an entity, the WebLogic Security Service checks for any policies that you have defined for the resource that represents the entity. A policy specifies who can access a resource. You can attach conditions to a policy so that different users can access the resource at different times. Policies grant access to individual users and groups (not recommended) or security roles. A role is an identity that can be granted to users or groups. Like conditions on policies, you can attach conditions to a role so that different users or groups are in the role at different times.

For most types of WebLogic resources, you use the Administration Console to define the security policies and roles that restrict access. However, for Web application and EJB resources, you can also use deployment descriptors. See Manage security for Web applications and EJBs.

To use the Administration Console to secure WebLogic resource:

Create users and groups.
See Manage users and groups.
BEA recommends that you use security roles to secure WebLogic resources (instead of users or groups), because doing so increases efficiency for administrators who work with many users. You can use the default roles that WebLogic Server provides or create your own.
See Manage security roles.
Create security policies.
See Manage security policies.