1 Introduction and Roadmap

This chapter describes the contents and organization of this guide—Securing Resources Using Roles and Policies for Oracle WebLogic Server. The WebLogic Security Service combines several layers of security features to prevent unauthorized access to your WebLogic Server domains. This document describes using roles and policies to determine who can access resources in a domain. The roles and policies feature fulfills the same function as the familiar Access Control List (ACL), but offers an improvement over ACLs: an ACL is static while roles and policies specify conditions under which users can access resources, and these conditions are evaluated at run time.

This chapter includes the following sections:

Document Scope and Audience

This document contains information that is useful for security architects and security administrators who are designing a security strategy for resources within a WebLogic Server domain. It includes information about resource types, options for securing Web applications and EJBs, different types of security roles and policies, and the components of a role and policy.

It is assumed that the reader is familiar with Java EE security and the other features of the WebLogic Security Service.

The information in this document is relevant during the design and development phases of a software project. This document does not address production phase administration topics. For links to WebLogic Server documentation and resources related to these topics, see Related Information.

Guide to This Document

The document is organized as follows:

Related Information

Other WebLogic Server documents that may be of interest to security administrators wanting to secure WebLogic resources are:

These documents provide additional information about specific resource types:

Tutorials and Samples

Additional security documents are listed in "Code Examples and Sample Applications" in Understanding Oracle WebLogic Server.

New and Changed Features for This Release

For a comprehensive listing of the new WebLogic Server features introduced in this release, see What's New in Oracle WebLogic Server 12.2.1.