Overview of the WebLogic Security Service

 

Audience for This Guide

Introduction to the WebLogic Security Service

Features of the WebLogic Security Service

Balancing Ease of Use and Customizability

What Changed in WebLogic Security

 

Security Fundamentals

 

Auditing

Authentication


Subjects and Principals
Java Authentication and Authorization Service (JAAS)
JAAS LoginModules
JAAS Control Flags
CallbackHandlers
Mutual Authentication
Identity Assertion Providers and LoginModules
Identity Assertion and Tokens
Types of Authentication
Username/Password Authentication
Certificate Authentication
Perimeter Authentication

 

Authorization


WebLogic Resources
Security Policies
ContextHandlers
Access Decisions
Adjudication

 

Secure Sockets Layer (SSL)


SSL Features
SSL Tunneling
One-way/Two-way SSL Authentication
Domestic SSL and Exportable SSL
Digital Certificates
Certificate Authorities
Host Name Verification
Trust Managers
Asymmetric Key Algorithms
Symmetric Key Algorithms
Message Digest Algorithms
Cipher Suites

 

Firewalls


Connection Filters
Perimeter Authentication

 

J2EE and WebLogic Security


SDK 1.4.1 Security Packages
The Java Secure Socket Extension (JSSE)
Java Authentication and Authorization Services (JAAS)
The Java Security Manager
Java Cryptography Architecture and Java Cryptography Extensions (JCE)
Common Secure Interoperability Version 2 (CSIv2)

 

Security Realms

 

Introduction to Security Realms

Users

Groups

Security Roles

Security Policies

Security Providers


Security Provider Databases
What Is a Security Provider Database?
Security Realms and Security Provider Databases
Embedded LDAP Server
Types of Security Providers
Authentication Providers
Identity Assertion Providers
Principal Validation Providers
Authorization Providers
Adjudication Providers
Role Mapping Providers
Auditing Providers
Credential Mapping Providers
Keystore Providers
Realm Adapter Providers
Security Provider Summary
Security Providers and Security Realms

 

WebLogic Security Service Architecture

 

Architectural Overview


WebLogic Security Framework
The Authentication Process
The Identity Assertion Process
The Principal Validation Process
The Authorization Process
The Adjudication Process
The Role Mapping Process
The Auditing Process
The Credential Mapping Process
The Security Service Provider Interfaces (SSPIs)
The WebLogic Security Providers
WebLogic Authentication Provider
WebLogic Identity Assertion Provider
WebLogic Principal Validation Provider
WebLogic Authorization Provider
WebLogic Adjudication Provider
WebLogic Role Mapping Provider
WebLogic Auditing Provider
WebLogic Credential Mapping Provider
WebLogic Keystore Provider
WebLogic Realm Adapter Providers

 

How the Architecture Benefits Users


Application Developers
Server/Application Administrators
Third-Party Security Service Providers

 

Terminology

Skip footer navigation  Back to Top Previous Next