Chapter 10: Using WebLogic Security - Mastering BEA WebLogic Server Best Practices for Building and Deploying J2EE Applications [Electronic resources] نسخه متنی

Chapter 10: Using WebLogic Security

In this chapter, we discuss the new WebLogic Server Security Service. If you are unfamiliar with general security concepts or J2EE security features, you should consult the WebLogic Server documentation at http://edocs.bea.com/wls/docs81/securityl for more information.

We begin with an overview of WebLogic Server security, so that you understand the big picture of how clients interact with WebLogic Server and it, in turn, interacts with the security service. Next, we dive into the details of the WebLogic Security Framework and the security providers that are available to the security service. We will follow that with a brief discussion of how to use external security stores with WebLogic Server. Next, we will show you how to set up WebLogic Server to use Secure Socket Layer/Transport Layer Security (SSL/TLS). From there, we will move into a discussion of client-side programming to the WebLogic Server Security Service. This includes a detailed discussion of how to set up and use two-way SSL between different types of Java clients and WebLogic Server. Then, we briefly discuss how to manage application security using J2EE security features. We end the chapter with a discussion of managing application security using WebLogic Security features.

In this chapter, the term server will refer to one instance of a WebLogic Server or multiple instances of WebLogic Server acting as a cluster. We will treat the cluster of servers as one logical entity. Throughout the chapter, we refer to several examples when discussing certain features. As with the other chapters, these examples are available on our companion Web site at http://www.wiley.com/compbooks/masteringweblogic.