e-docs > WebLogic Server > Introduction to WebLogic Security

Introduction to WebLogic Security

 Previous Next Contents View as PDF  

Overview of the WebLogic Security Service

Audience for This Guide

Introduction to the WebLogic Security Service

Features of the WebLogic Security Service

Balancing Ease of Use and Customizability

What Changed in WebLogic Security

Security Fundamentals

Auditing

Authentication

Subjects and Principals

Java Authentication and Authorization Service (JAAS)

JAAS LoginModules

JAAS Control Flags

CallbackHandlers

Mutual Authentication

Identity Assertion Providers and LoginModules

Identity Assertion and Tokens

Types of Authentication

Username/Password Authentication

Certificate Authentication

Perimeter Authentication

Authorization

WebLogic Resources

Security Policies

ContextHandlers

Access Decisions

Adjudication

Secure Sockets Layer (SSL)

SSL Features

SSL Tunneling

One-way/Two-way SSL Authentication

Domestic SSL and Exportable SSL

Digital Certificates

Certificate Authorities

Host Name Verification

Trust Managers

Asymmetric Key Algorithms

Symmetric Key Algorithms

Message Digest Algorithms

Cipher Suites

Firewalls

Connection Filters

Perimeter Authentication

J2EE and WebLogic Security

SDK 1.3 Security Packages

The Java Secure Socket Extension (JSSE)

Java Authentication and Authorization Services (JAAS)

The Java Security Manager

Java Cryptography Architecture and Java Cryptography Extensions (JCE)

Common Secure Interoperability Version 2 (CSIv2)

Security Realms

Introduction to Security Realms

Users

Groups

Security Roles

Security Policies

Security Providers

Security Provider Databases

What Is a Security Provider Database?

Security Realms and Security Provider Databases

Embedded LDAP Server

Types of Security Providers

Authentication Providers

Identity Assertion Providers

Principal Validation Providers

Authorization Providers

Adjudication Providers

Role Mapping Providers

Auditing Providers

Credential Mapping Providers

Keystore Providers

Realm Adapter Providers

Security Provider Summary

Security Providers and Security Realms

WebLogic Security Service Architecture

Architectural Overview

WebLogic Security Framework

The Authentication Process

The Identity Assertion Process

The Principal Validation Process

The Authorization Process

The Adjudication Process

The Role Mapping Process

The Auditing Process

The Credential Mapping Process

The Security Service Provider Interfaces (SSPIs)

The WebLogic Security Providers

WebLogic Authentication Provider

WebLogic Identity Assertion Provider

WebLogic Principal Validation Provider

WebLogic Authorization Provider

WebLogic Adjudication Provider

WebLogic Role Mapping Provider

WebLogic Auditing Provider

WebLogic Credential Mapping Provider

WebLogic Keystore Provider

WebLogic Realm Adapter Providers

How the Architecture Benefits Users

Application Developers

Server/Application Administrators

Third-Party Security Service Providers

Terminology

 

Back to Top Previous Next