Contents for Securing WebLogic Resources
Introduction and Roadmap
Document Scope and Audience
Guide to This Document
Related Information
Tutorials and Samples
New and Changed Features
Understanding WebLogic Resource Security
Overview of Securing WebLogic Resources
Designing Roles and Policies for WebLogic Resources: Main Steps
Best Practices: Conditionalize Policies or Conditionalize Roles
Best Practices: Configure Entitlements Caching When Using WebLogic Providers
Types of WebLogic Resources
Administrative Resources
MBean Security Layer
Administrative Resource Layer
Maintaining a Consistent Security Scheme
Application Resources
COM Resources
Enterprise Information Systems (EIS) Resources
EJB Resources
Java DataBase Connectivity (JDBC) Resources
JDBC Operations
Java Messaging Service (JMS) Resources
JMS Operations
Select ALL Methods
Select Individual Methods
Java Naming and Directory Interface (JNDI) Resources
JNDI Operations
Server Resources
Permissions for the weblogic.Server Command and the Node Manager
Permissions for Using the weblogic.Server Command
Permissions for Using the Node Manager
Web Application Resources
Web Service Resources
Work Context Resources
Options for Securing Web Application and EJB Resources
Comparison of Security Models for Web Applications and EJBs
Discussion of Each Model
Deployment Descriptor Only Model
Custom Roles Model
Custom Roles and Policies Model
Advanced Model
Understanding the Advanced Security Model
Understanding the Check Roles and Policies Setting
Understanding the When Deploying Web Applications or EJBs Setting
How the Check Roles and Policies and When Deploying Web Applications or EJBs Settings Interact
Understanding the Combined Role Mapping Enabled Setting
Usage Examples
Securing Web Applications and EJBs
Security Policies
Security Policy Granularity and Inheritance
Security Policy Storage and Prerequisites for Use
Default Root Level Security Policies
Security Policy Conditions
Basic Policy Conditions
Date and Time Policy Conditions
Context Element Policy Conditions
Protected Public Interfaces
Using the Administration Console to Manage Security Policies
Users, Groups, And Security Roles
Overview of Users and Groups
Default Groups
Runtime Groups
Best Practices: Add a User To the Administrators Group
Overview of Security Roles
Types of Security Roles: Global Roles and Scoped Roles
Default Global Roles
Security Role Conditions
Basic Role Conditions
Date and Time Role Conditions
Context Element Role Conditions
Using the Administration Console to Manage Users, Groups, and Roles