Go to main content
1/11
Contents
Title and Copyright Information
Preface
Documentation Accessibility
Conventions
1
Introduction and Roadmap
1.1
Document Scope and Audience
1.2
Guide to This Document
1.3
Related Information
1.3.1
Tutorials and Samples
1.4
New and Changed Features for This Release
2
Understanding WebLogic Resource Security
2.1
Overview of Securing WebLogic Resources
2.1.1
Using Policies to Protect Multiple Resources
2.1.1.1
Protecting Policies by Type
2.1.1.2
Protecting a Hierarchy of Resources
2.2
Designing Roles and Policies for WebLogic Resources: Main Steps
2.2.1
Best Practices: Conditionalize Policies or Conditionalize Roles
2.2.2
Best Practices: Configure Entitlements Caching When Using WebLogic Providers
3
Resource Types You Can Secure with Policies
3.1
Administrative Resources
3.2
Application Resources
3.3
COM Resources
3.4
EJB Resources
3.5
Enterprise Information Systems (EIS) Resources
3.6
Java DataBase Connectivity (JDBC) Resources
3.6.1
JDBC Operations
3.7
Java Messaging Service (JMS) Resources
3.7.1
JMS Operations
3.8
Java Naming and Directory Interface (JNDI) Resources
3.8.1
JNDI Operations
3.9
JMX Resources
3.9.1
Maintaining a Consistent Security Scheme
3.10
Server Resources
3.10.1
Permissions for the weblogic.Server Command and the Node Manager
3.10.1.1
Permissions for Using the weblogic.Server Command
3.10.1.2
Permissions for Using the Node Manager
3.11
URL Resources
3.12
Web Service Resources
3.13
Work Context Resources
3.14
Coherence Resources
4
Options for Securing Web Application and EJB Resources
4.1
Deployment Descriptors Not Required
4.2
Comparison of Security Models for Web Applications and EJBs
4.2.1
Discussion of Each Model
4.2.1.1
Metadata Annotations
4.2.1.2
Deployment Descriptor Only Model
4.2.1.3
Custom Roles Model
4.2.1.4
Custom Roles and Policies Model
4.2.1.5
Advanced Model
4.3
Understanding the Advanced Security Model
4.3.1
Understanding the Check Roles and Policies Setting
4.3.2
Understanding the When Deploying Web Applications or EJBs Setting
4.3.3
How the Check Roles and Policies and When Deploying Web Applications or EJBs Settings Interact
4.3.4
Understanding the Combined Role Mapping Enabled Setting
4.3.4.1
Usage Examples
4.3.4.1.1
Example for EAR, WAR and EJB
4.3.4.1.2
Example for EAR and WAR
4.4
Securing Web Applications and EJBs
5
Security Policies
5.1
Security Policy Storage and Prerequisites for Use
5.2
Default Root Level Security Policies
5.3
Security Policy Conditions
5.3.1
Basic Policy Conditions
5.3.2
Date and Time Policy Conditions
5.3.3
Context Element Policy Conditions
5.4
Protected Public Interfaces
5.5
Using the Administration Console to Manage Security Policies
6
Users, Groups, And Security Roles
6.1
Overview of Users and Groups
6.2
Default Groups
6.2.1
Run Time Groups
6.2.2
Best Practices: Add a User To the Administrators Group
6.3
Overview of Security Roles
6.4
Types of Security Roles: Global Roles and Scoped Roles
6.5
Default Global Roles
6.6
Security Role Conditions
6.6.1
Basic Role Conditions
6.6.2
Date and Time Role Conditions
6.6.3
Context Element Role Conditions
6.7
Using the Administration Console to Manage Users, Groups, and Roles
7
Using XACML Documents to Secure WebLogic Resources
7.1
Prerequisites
7.2
Adding a XACML Role or Policy to a Realm: Main Steps
7.2.1
Caution: Indeterminate Results Can Lock Out All Users
7.2.2
Determine Which Resource to Secure
7.2.3
Get the ID of the Resource to Secure
7.2.4
Create XACML Documents
7.2.4.1
Example: Defining Role Assignments
7.2.4.2
Example: Defining Authorization Policies
7.2.5
Use WebLogic Scripting Tool to Add the Role or Policy to the Realm
7.2.6
Verify That Your Roles and Policies Are in the Realm
7.3
Creating Roles and Polices for Custom MBeans
7.3.1
Determine the Resource IDs for a Custom MBean
7.4
Exporting Roles and Policies to XACML Documents
A
Reference for XACML on WebLogic Server
A.1
Comparison of WebLogic Server and XACML Security Models
A.1.1
Comparison of Terminology
A.1.2
Description of Data Types
A.2
Action Identifiers
A.2.1
Examples
A.3
Environment Identifiers
A.3.1
Examples
A.4
Policy and PolicySet Identifiers
A.4.1
Examples
A.5
Resource Identifiers
A.5.1
Examples
A.6
Subject Identifiers
A.6.1
Examples
A.7
WebLogic Server Functions for XACML
A.7.1
Custom Data Type Variants
A.7.2
Examples
A.7.3
Miscellaneous Functions
A.7.4
Example
A.7.5
Time/Date Conversions
A.7.6
Arithmetic Conversions and Functions
A.7.7
Object Type Conversions
A.7.8
Object Comparisons
A.7.9
String Comparisons and Manipulations
A.8
Rule and Policy-Combining Algorithm
Scripting on this page enhances content navigation, but does not change the content in any way.