1. Securing Resources Using Roles and Policies for Oracle WebLogic Server
  2. Preface

Preface

This documentation describes how to use security roles and policies in Oracle WebLogic Server 14c to determine who can access resources in a domain.

Audience

This document contains information that is useful for security architects and security administrators who are designing a security strategy for resources within a WebLogic Server domain. It includes information about resource types, options for securing Web applications and EJBs, different types of security roles and policies, and the components of a role and policy.

It is assumed that the reader is familiar with Java EE security and the other features of the WebLogic Security Service.

The information in this document is relevant during the design and development phases of a software project. This document does not address production phase administration topics. For links to WebLogic Server documentation and resources related to these topics, see Related Documentation.

Documentation Accessibility

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.

Accessible Access to Oracle Support

Oracle customers who have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.

Oracle is fully committed to diversity and inclusion. Oracle respects and values having a diverse workforce that increases thought leadership and innovation. As part of our initiative to build a more inclusive culture that positively impacts our employees, customers, and partners, we are working to remove insensitive terms from our products and documentation. We are also mindful of the necessity to maintain compatibility with our customers' existing technologies and the need to ensure continuity of service as Oracle's offerings and industry standards evolve. Because of these technical constraints, our effort to remove insensitive terms is ongoing and will take time and external cooperation.

Related Documentation

Use the reference books as and when it is required for better understanding.

Other WebLogic Server documents that may be of interest to security administrators wanting to secure WebLogic resources are:

  • Understanding Security for Oracle WebLogic Server—Summarizes the features of the WebLogic Security Service, including an overview of its architecture and capabilities. It is the starting point for understanding WebLogic security.

  • Administering Security for Oracle WebLogic Server—Describes how to ensure that security is comprehensively configured for a WebLogic Server installation, including information about security providers, identity and trust and SSL.

  • Use roles and policies to secure resources in Oracle WebLogic Server Administration Console Online Help—Provides step-by-step instructions for using the WebLogic Server Administration Console to complete the tasks that this document describes.

These documents provide additional information about specific resource types:

Tutorials and Samples

Additional security documents are listed in Code Examples and Sample Applications in Understanding Oracle WebLogic Server.

New and Changed WebLogic Server Features

For a comprehensive listing of the new WebLogic Server features introduced in this release, see What's New in Oracle WebLogic Server.

Conventions

The following text conventions are used in this document:

Convention Meaning

boldface

Boldface type indicates graphical user interface elements associated with an action, or terms defined in text or the glossary.

italic

Italic type indicates book titles, emphasis, or placeholder variables for which you supply particular values.

monospace

Monospace type indicates commands within a paragraph, URLs, code in examples, text that appears on the screen, or text that you enter.