Preface
This document describes how to secure and lock down an Oracle WebLogic Server production environment.
Audience
This document is intended for application architects, security architects, application developers and server administrators who design, implement, and test the security of their WebLogic Server configuration.
Documentation Accessibility
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Accessible Access to Oracle Support
Oracle customers who have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.
Diversity and Inclusion
Oracle is fully committed to diversity and inclusion. Oracle respects and values having a diverse workforce that increases thought leadership and innovation. As part of our initiative to build a more inclusive culture that positively impacts our employees, customers, and partners, we are working to remove insensitive terms from our products and documentation. We are also mindful of the necessity to maintain compatibility with our customers' existing technologies and the need to ensure continuity of service as Oracle's offerings and industry standards evolve. Because of these technical constraints, our effort to remove insensitive terms is ongoing and will take time and external cooperation.
Related Information
The following Oracle WebLogic Server documents contain information that is relevant to the WebLogic Security Service:
-
Administering Security for Oracle WebLogic Server — explains how to configure WebLogic Server security, including settings for security realms, providers, identity and trust, SSL, and others.
-
Developing Security Providers for Oracle WebLogic Server — explains how vendors and application developers can develop custom security providers that can be used with WebLogic Server.
-
Understanding Security for Oracle WebLogic Server — provides an overview of the features, architecture, and functionality of the WebLogic Security Service. It is the starting point for understanding the WebLogic Security Service.
-
Securing Resources Using Roles and Policies for Oracle WebLogic Server — describes how to secure WebLogic resources. It primarily focuses on securing URL (Web) and Enterprise JavaBean (EJB) resources.
-
Java API Reference for Oracle WebLogic Server — is reference documentation for the WebLogic security packages that are provided with and supported by this release of WebLogic Server.
New and Changed WebLogic Server Features
For a comprehensive listing of the new WebLogic Server features introduced in this release, see What's New in Oracle WebLogic Server.
Conventions
The following text conventions are used in this document:
| Convention | Meaning |
|---|---|
|
boldface |
Boldface type indicates graphical user interface elements associated with an action, or terms defined in text or the glossary. |
|
italic |
Italic type indicates book titles, emphasis, or placeholder variables for which you supply particular values. |
|
|
Monospace type indicates commands within a paragraph, URLs, code in examples, text that appears on the screen, or text that you enter. |