Skip Headers
Oracle® Fusion Middleware Security Guide for Oracle WebLogic Portal
10
g
Release 3 (10.3.4)
Part Number E14251-05
Home
Contact Us
Next
View PDF
Contents
List of Examples
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
1
Introduction
1.1
Foundations of WebLogic Portal Security
1.1.1
J2EE Security Services
1.1.2
WebLogic Security Service Provider Interfaces
1.1.3
Java Authentication and Authorization Service
1.2
Authentication
1.2.1
Authentication Providers
1.2.2
Identity Assertion Providers and Single Sign-On
1.2.3
Implementing Authentication Programmatically
1.3
Authorization
1.3.1
Authorization Providers
1.3.2
Role Mapping Providers
1.3.3
Roles and Role Policies
1.3.4
Security Policies
1.3.5
Deployment Descriptors
1.4
WebLogic Portal-Specific Security Extensions
1.4.1
Visitor Entitlements
1.4.2
Delegated Administration
1.5
Security Features in the WebLogic Portal Life Cycle
1.5.1
Architecture
1.5.2
Development
1.5.3
Staging
1.5.4
Production
1.6
Credential Vault
1.7
Getting Started
Part I Architecture
2
Planning a Security Strategy
2.1
Developing Your Security Strategy
2.2
Choosing WebLogic and Custom Authentication Providers
2.2.1
Setting Up a WebLogic Authentication Provider
2.2.2
Setting Up a Custom Authentication Provider
2.2.3
Deciding When to Use Multiple Authentication Providers
2.2.4
Setting Up Multiple Authentication Providers
2.2.5
Selecting Read-Only or Write Access to User Information
2.3
Setting Up Role-Based Authorization
2.3.1
Understanding Global and Scoped Roles
2.3.1.1
Global Roles
2.3.1.2
Scoped Roles
2.3.2
Restricting Portal Visitor Access Using Entitlements
2.3.2.1
Protecting Portal Resources Using Visitor Entitlements
2.3.2.2
Protecting Content Management Resources Using Visitor Entitlements
2.3.2.3
Protecting Groups Using Visitor Entitlements
2.3.3
Setting Up a Delegated Administration Role Hierarchy
2.3.3.1
Example Role Hierarchy
2.3.3.2
Setting Up Administrative Roles
2.4
Designing Security for Optimal Performance
Part II Development
3
Securing Your Portal Deployment
3.1
Encrypting Sensitive Information
3.2
Using Firewalls
3.3
Securing the WebLogic Portal Administration Console
3.4
Securing Database Communications
3.5
Reviewing Policies and Visitor Entitlements
3.6
Securing WSRP Applications
3.7
Blocking Non-HTTP Protocols
3.8
Securing the Content Management System
3.9
Securing UUP Data
3.10
Application-Scoping Resources
3.11
Securing WebDAV Web Application
3.12
Implementing Authentication Programmatically
3.12.1
Always Redirect After Login or Logout
3.12.2
Avoid Using JSP Tags for Login and Logout
3.12.3
Sample JSP Login/Logout Code
3.13
Using Security Tokens
4
Preventing Direct Access to Portal Application Resources
4.1
Securing Resources Using Deployment Descriptors
5
Securing Third-Party Applications
5.1
Understanding the Credential Vault
5.1.1
User Credential Vault
5.1.2
User + Resource Credential Vault
5.1.3
System Credential Vault
5.1.4
Visibility
5.2
Using the Credential Vault APIs
5.2.1
Initialize the Credential Vault
5.2.2
Construct the Resource Key
5.2.3
Creating a Credential Entry
5.2.4
Accessing a Credential Entry
5.2.5
Updating a Credential Entry
5.2.6
Deleting a Credential Entry
5.3
Credential Vault Examples
5.4
Creating or Viewing System Credentials in the Administration Console
Part III Staging
6
Managing Security Providers
6.1
Viewing Configured Security Providers
6.2
Viewing Configured Authentication Providers
6.3
Viewing Authentication Provider Details
6.4
Removing Authentication Providers
6.5
Viewing Configured Role Mappers
6.6
Viewing Role Mapper Details
6.7
Viewing Authentication Provider Services
6.8
Viewing Authentication Provider Service Details
6.9
Adding Authentication Security Provider Services
6.10
Configuring Authentication Provider Services
6.10.1
Enabling Text Entry for Authentication Providers
6.10.2
Adding Group Management Roles
6.10.3
Editing Group Management Roles
6.10.4
Adding User Management Roles
6.10.5
Editing User Management Roles
6.10.6
Adding Protected and Reserved Group Names
6.10.7
Editing Protected and Reserved Group Names
6.10.8
Adding Protected and Reserved User Names
6.10.9
Editing Protected and Reserved User Names
6.11
Viewing Role Provider Services
6.12
Viewing Role Provider Service Details
6.13
Adding Role Mapping Provider Services
6.14
Configuring Role Mapping Provider Services
6.14.1
Enabling Text Entry for a Role Mapping Providers
6.15
Configuring OAM Single Sign-On with WebLogic Portal
6.15.1
Before You Begin
6.15.2
Configuring the OAM Identity Asserter
6.15.3
Configuring the WLP Application
6.15.4
Testing the Configuration
6.15.5
Configuring the OAM Server
7
Configuring Delegated Administration
7.1
Creating Delegated Administration Roles
7.2
Adding Users, Groups, and Conditions in Delegated Administration Roles
7.2.1
Adding Users to Delegated Administration Roles
7.2.2
Adding Groups to Delegated Administration Roles
7.2.3
Adding Conditions to Delegated Administration Roles with Expressions
7.3
Removing Users, Groups, and Conditions from Delegated Administration Roles
7.3.1
Removing Users from Delegated Administration Roles
7.3.2
Removing Groups from Delegated Administration Roles
7.3.3
Removing Conditions in Delegated Administration Roles
7.4
Modifying Conditions in Delegated Administration Roles
7.5
Granting Additional Delegation Properties to Roles
7.6
Viewing Delegated Administration Role Details
7.7
Viewing the Delegated Resources
7.8
Renaming Delegated Administration Roles
7.9
Deleting Delegated Administration Roles
7.10
Setting Delegated Administration on Authentication Providers
7.11
Removing Delegated Administration on Authentication Providers
7.12
Setting Delegated Administration on Groups
7.13
Removing and Editing Delegated Administration on Groups
7.14
Setting Delegated Administration on Portal Resources in the Library
7.15
Setting Delegated Administration on Portal Resources in the Desktop
7.16
Removing and Editing Delegated Administration on Portal Resources
7.17
Setting Delegated Administration on Interaction Management Resources
7.18
Removing Delegated Administration on Interaction Management Resources
7.19
Setting Delegated Administration on Content Management Resources
7.20
Removing and Editing Delegated Administration on Content Management Resources
7.21
Setting Delegated Administration on Visitor Entitlement Roles
7.22
Removing Delegated Administration from Visitor Entitlement Roles
8
Configuring Visitor Entitlements
8.1
Creating Visitor Entitlement Roles
8.2
Adding Users, Groups, and Conditions in Visitor Entitlement Roles
8.2.1
Adding Users to Visitor Entitlement Roles
8.2.2
Adding Groups to Visitor Roles
8.2.3
Adding Conditions to Visitor Roles with Expressions
8.3
Removing Users, Groups, and Conditions from Visitor Entitlement Roles
8.3.1
Removing Users from Visitor Entitlement Roles
8.3.2
Removing Groups from Visitor Entitlement Roles
8.3.3
Removing Conditions in Visitor Entitlement Roles
8.4
Modifying Conditions in Visitor Entitlement Roles
8.5
Viewing Visitor Entitlement Role Details
8.6
Viewing the Entitled Resources
8.7
Renaming Visitor Entitlement Roles
8.8
Deleting Visitor Entitlement Roles
8.9
Choosing Whether to Set Visitor Entitlements on Portal Resources in the Library or the Desktop
8.10
Using Web-Application or Enterprise-Application Scoped Roles for Entitlements on Portal Resources
8.11
Setting Visitor Entitlements on Portal Resources in the Library
8.12
Setting Visitor Entitlements on Portal Resources in the Desktop
8.13
Removing and Editing Visitor Entitlements on Portal Resources
8.14
Setting Visitor Entitlements on Groups
8.15
Removing Visitor Entitlements on Groups
8.16
Setting Visitor Entitlements on Content Management Resources
8.17
Removing and Editing Visitor Entitlements on Content Management Resources
8.18
Designing Visitor Entitlements for Performance
9
Deploying Security Components
9.1
Deploying the Enterprise Archive File
9.1.1
Modifying Enterprise Application Deployment Descriptors
9.1.2
Modifying Web Application Deployment Descriptors
9.2
Using the Propagation Utility
Part IV Production
10
Implementing Authorization Programmatically
10.1
Verifying Whether a User Is Assigned a Specific Role
10.2
Verifying Whether a User Has Access to a Resource
10.2.1
Attributes
10.2.2
Example
10.2.3
Other Tools