Oracle WebLogic Integration solution security is based on Oracle WebLogic
Server security functionality and shares many characteristics
with other types of WebLogic applications. For requirements
and recommendations that are general to these applications,
see Understanding Oracle WebLogic Security in Overview of Oracle WebLogic Security Service and to learn about the Oracle WebLogic Server security features that provide the basis for Oracle WebLogic Integration security, see Security in Oracle WebLogic Server Documentation.
Setting Up a Secure Deployment
To configure security for your Oracle WebLogic Integration solution:
- Before deployment...
- You
will need to obtain digital certificates and keys, and architect
an environment that includes the appropriate proxy servers
and firewalls. To learn more about these security requirements,
see "Considerations for Configuring Security" in Using
Oracle WebLogic Integration Security in Deploying Oracle WebLogic
Integration Solutions.
- After creating a Oracle WebLogic
Integration domain using the Configuration Wizard...
- The
domain contains the following security resources:
- Default Oracle WebLogic Integration
roles, groups, and security policies
- For
information about configuring these resources to meet
your security requirements, see "Oracle WebLogic Integration Users, Groups, and Roles" in User
Management in Using Worklist Console.
- Default Trading Partner web application (
B2BDefaultWebApp )
- For
information on configuring its policies for access control
in trading partner authorization, see "URL (Web) and EJB
(Enterprise JavaBean) Resources" and "Application Resources"
in Types
of WebLogic Resources in Securing WebLogic Resources.
- PasswordStore
- To
configure the Oracle WebLogic Integration PasswordStore, see
"Oracle WebLogic Integration PasswordStore for Encrypted Passwords"
in Trading Partner
Integration Security in Introducing Trading Partner
Integration.
- Identity and trust keystores
- To
configure these resources for your Trading Partner Integration
security requirements, see "Keystore for Private Keys
and Certificates" in Trading
Partner Integration Security in Introducing Trading
Partner Integration.
Important Recommendations
The following are some important
recommendations regarding configuring your Oracle WebLogic Integration
security:
- When redeploying in iterative development mode...
- You
can configure your role settings by using one of the following
procedures:
- Deploy
and redeploy your applications in enterprise application
archive (EAR) format as described in Building
and Deploying Oracle WebLogic Integration Applications
in the Guide To Building Business Process.
- If
you choose to deploy and redeploy your application from
Oracle Workshop for WebLogic , do one of the following:
- Reenter
your security settings after redeploying.
- Refrain
from setting these policies until you are testing in
production mode.
- When using DER encoded private keys...
- Use
one of the following procedures:
- Import
the DER file into the keystore, and then configure the
alias in the Oracle WebLogic
Integration Administration Console to point to the correct
certificate as described in "Adding or Changing
Dynamic Client Callback Selectors"
in Process
Configuration in Using The Oracle WebLogic Integration Administration Console.
- Convert the file to PEM format before importing it in the
Oracle WebLogic Integration Administration console by using the Oracle WebLogic Server
der2pem utility. For der2pem
syntax information, see "der2pem" in Using
the Oracle WebLogic Server Java Utilities in the Oracle WebLogic Server Command Reference.
- To configure users, groups, and roles using the Oracle WebLogic Integration Administration Console...
- They must be components of the default (active) security realm.
To learn about setting a new default security realm, see Customizing
the Default Security Configuration in Managing Oracle WebLogic Security.
|