Programming WebLogic Security

Introduction to Programing WebLogic Security
Audience for This Guide
What Is Security?
Security APIs
JAAS Client Application APIs
Java JAAS Client Application APIsWebLogic JAAS Client Application APIs
SSL Client Application APIs
Java SSL Client Application APIsWebLogic SSL Client Application APIs
Other APIs
Security Tasks and Code Examples
Securing webapps
J2EE Security Model
Declarative Authorization
Programmatic Authorization
Declarative Versus Programmatic Authorization
Authentication With Web Browsers
User Name and Password Authentication
Digital Certificate Authentication
Multiple webapps, Cookies, and Authentication
Developing Secure webapps
Developing BASIC Authentication webapps
Developing FORM Authentication webapps
Developing CLIENT-CERT Authentication webapps
Deploying webapps
Using Declarative Security With webapps
Using the <externally-defined> Tag With webapps
Using Programmatic Security With webapps
Using the Programmatic Authentication API
Using JAAS Authentication in Java Clients
JAAS and WebLogic Server
JAAS Authentication Development Environment
JAAS Authentication APIs
JAAS Client Application Components
WebLogic LoginModule Implementation
Writing a Client Application Using JAAS Authentication
Using JNDI Authentication
Java Client JAAS Authentication Code Examples
Using SSL Authentication in Java Clients
JSSE and WebLogic Server
Using JNDI Authentication
SSL Certificate Authentication Development Environment
SSL Authentication APIs
SSL Client Application Components
Writing Applications that Use SSL
Communicating Securely From WebLogic Server to Other WebLogic Servers
Writing SSL Clients
SSLClient Sample SSLSocketClient Sample SSLClientServlet Sample
Using Two-Way SSL Authentication
Two-Way SSL Authentication with JNDIWriting a User Name Mapper Using Two-Way SSL Authentication Between WebLogic Server Instances Using Two-Way SSL Authentication with Servlets
Using a Custom Host Name Verifier
Using a Trust Manager
Using a Handshake Completed Listener
Using an SSLContext
Using an SSL Server Socket Factory
Using URLs to Make Outbound SSL Connections
SSL Client Code Examples
Securing Enterprise JavaBeans
J2EE Architecture Security Model
Declarative Authorization
Programmatic Authorization
Declarative Versus Programmatic Authorization
Using Declarative Security With EJBs
Using the <externally-defined> Tag with EJBs
Using Programmatic Security With EJBs
Using Network Connection Filters
The Benefits of Using Network Connection Filters
Network Connection Filter API
Connection Filter Interfaces
ConnectionFilter Interface ConnectionFilterRulesListener Interface
Connection Filter Classes
ConnectionFilterImpl Class ConnectionEvent Class
Guidelines for Writing Connection Filter Rules
Connection Filter Rules Syntax
Types of Connection Filter Rules
How Connection Filter Rules are Evaluated
Configuring the WebLogic Connection Filter
Developing Custom Connection Filters
Connection Filter Examples
SimpleConnectionFilter Example
SimpleConnectionFilter2 Example
Example of the accept Method Used in Filtering Network Connections
Using Java Security to Protect WebLogic Resources
Using J2EE Security to Protect WebLogic Resources
Using the Java Security Manager to Protect WebLogic Resources
Setting Up the Java Security Manager
Modifying the weblogic.policy file for General UseSetting Application-Type Security Policies Setting Application-Specific Security Policies
Using the Recording Security Manager Utility
Deprecated Security APIs