Securing WebLogic Resources Using Roles and Policies
Introduction and Roadmap
Document Scope and Audience
Guide to This Document
Related Information
Tutorials and Samples
New and Changed Features for This Release
Understanding WebLogic Resource Security
Overview of Securing WebLogic Resources
Using Policies to Protect Multiple Resources
Protecting a Hierarchy of Resources
Designing Roles and Policies for WebLogic Resources: Main Steps
Best Practices: Conditionalize Policies or Conditionalize Roles
Best Practices: Configure Entitlements Caching When Using WebLogic Providers
Resource Types You Can Secure with Policies
Administrative Resources
Application Resources
COM Resources
EJB Resources
Enterprise Information Systems (EIS) Resources
Java DataBase Connectivity (JDBC) Resources
JDBC Operations
Java Messaging Service (JMS) Resources
JMS Operations
Java Naming and Directory Interface (JNDI) Resources
JNDI Operations
JMX Resources
Maintaining a Consistent Security Scheme
Server Resources
Permissions for the weblogic.Server Command and the Node Manager
Permissions for Using the weblogic.Server Command
Permissions for Using the Node Manager
URL Resources
Web Service Resources
Work Context Resources
Options for Securing Web Application and EJB Resources
Comparison of Security Models for Web Applications and EJBs
Discussion of Each Model
Deployment Descriptor Only Model
Custom Roles and Policies Model
Understanding the Advanced Security Model
Understanding the Check Roles and Policies Setting
Understanding the When Deploying Web Applications or EJBs Setting
How the Check Roles and Policies and When Deploying Web Applications or EJBs Settings Interact
Understanding the Combined Role Mapping Enabled Setting
Securing Web Applications and EJBs
Security Policies
Security Policy Storage and Prerequisites for Use
Default Root Level Security Policies
Security Policy Conditions
Date and Time Policy Conditions
Context Element Policy Conditions
Protected Public Interfaces
Using the Administration Console to Manage Security Policies
Users, Groups, And Security Roles
Overview of Users and Groups
Default Groups
Runtime Groups
Best Practices: Add a User To the Administrators Group
Overview of Security Roles
Types of Security Roles: Global Roles and Scoped Roles
Default Global Roles
Security Role Conditions
Context Element Role Conditions
Using the Administration Console to Manage Users, Groups, and Roles
Using XACML Documents to Secure WebLogic Resources
Prerequisites
Adding a XACML Role or Policy to a Realm: Main Steps
Caution: Indeterminate Results Can Lock Out All Users
Determine Which Resource to Secure
Get the ID of the Resource to Secure
Create XACML Documents
Example: Defining Role Assignments
Example: Defining Authorization Policies
Use WebLogic Scripting Tool to Add the Role or Policy to the Realm
Verify That Your Roles and Policies Are in the Realm
Creating Roles and Polices for Custom MBeans
Determine the Resource IDs for a Custom MBean
Exporting Roles and Policies to XACML Documents
Reference for XACML on WebLogic Server
Comparison of WebLogic Server and XACML Security Models
Comparison of Terminology
Description of Data Types
Action Identifiers
Examples
Environment Identifiers
Examples
Policy and PolicySet Identifiers
Examples
Resource Identifiers
Examples
Subject Identifiers
Examples
WebLogic Server Functions for XACML
Custom Data Type Variants
Examples
Miscellaneous Functions
Example
Time/Date Conversions
Arithmetic Conversions and Functions
Object Type Conversions
Object Comparisons
String Comparisons and Manipulations
Rule and Policy-Combining Algorithm
|