Contents for Programming WebLogic Security
Introduction to Programing WebLogic Security
Audience for This Guide
What Is Security?
Types of Security Supported by WebLogic Server
Authentication
Authorization
J2EE Security
Security APIs
JAAS Client Application APIs
Java JAAS Client Application APIs
WebLogic JAAS Client Application APIs
SSL Client Application APIs
Java SSL Client Application APIs
WebLogic SSL Client Application APIs
Other APIs
Administration Console and Security
Security Tasks and Code Examples
Securing Web Applications
J2EE Security Model
Declarative Authorization
Programmatic Authorization
Declarative Versus Programmatic Authorization
Authentication With Web Browsers
User Name and Password Authentication
Digital Certificate Authentication
Multiple Web Applications, Cookies, and Authentication
Using Secure Cookies to Prevent Session Stealing
Developing Secure Web Applications
Developing BASIC Authentication Web Applications
Using HttpSessionListener to Account for Browser Caching of Credentials
Developing FORM Authentication Web Applications
Using Identity Assertion for Web Application Authentication
Using Two-Way SSL for Web Application Authentication
Developing Swing-Based Authentication Web Applications
Deploying Web Applications
Using Declarative Security With Web Applications
Web Application Security-Related Deployment Descriptors
Web.xml Deployment Descriptors
auth-constraint
security-constraint
security-role
security-role-ref
user-data-constraint
web-resource-collection
Weblogic.xml Deployment Descriptors
externally-defined
run-as-principal-name
run-as-role-assignment
security-permission
security-permission-spec
security-role-assignment
Using Programmatic Security With Web Applications
Using the Programmatic Authentication API
Using JAAS Authentication in Java Clients
JAAS and WebLogic Server
JAAS Authentication Development Environment
JAAS Authentication APIs
JAAS Client Application Components
WebLogic LoginModule Implementation
JVM-Wide Default User and the runAs() Method
Writing a Client Application Using JAAS Authentication
Using JNDI Authentication
Java Client JAAS Authentication Code Examples
Using SSL Authentication in Java Clients
JSSE and WebLogic Server
Using JNDI Authentication
SSL Certificate Authentication Development Environment
SSL Authentication APIs
SSL Client Application Components
Writing Applications that Use SSL
Communicating Securely From WebLogic Server to Other WebLogic Servers
Writing SSL Clients
SSLClient Sample
SSLSocketClient Sample
SSLClientServlet Sample
Using Two-Way SSL Authentication
Two-Way SSL Authentication with JNDI
Writing a User Name Mapper
Using Two-Way SSL Authentication Between WebLogic Server Instances
Using Two-Way SSL Authentication with Servlets
Using a Custom Host Name Verifier
Using a Trust Manager
Using a Handshake Completed Listener
Using an SSLContext
Using an SSL Server Socket Factory
Using URLs to Make Outbound SSL Connections
SSL Client Code Examples
Securing Enterprise JavaBeans (EJBs)
J2EE Architecture Security Model
Declarative Authorization
Programmatic Authorization
Declarative Versus Programmatic Authorization
Using Declarative Security With EJBs
EJB Security-Related Deployment Descriptors
ejb-jar.xml Deployment Descriptors
method
method-permission
role-name
run-as
security-identity
security-role
security-role-ref
unchecked
use-caller-identity
weblogic-ejb-jar.xml Deployment Descriptors
client-authentication
client-cert-authentication
confidentiality
externally-defined
identity-assertion
iiop-security-descriptor
integrity
principal-name
role-name
run-as-identity-principal
run-as-principal-name
run-as-role-assignment
security-permission
security-permission-spec
security-role-assignment
transport-requirements
Using Programmatic Security With EJBs
Using Network Connection Filters
The Benefits of Using Network Connection Filters
Network Connection Filter API
Connection Filter Interfaces
ConnectionFilter Interface
ConnectionFilterRulesListener Interface
Connection Filter Classes
ConnectionFilterImpl Class
ConnectionEvent Class
Guidelines for Writing Connection Filter Rules
Connection Filter Rules Syntax
Types of Connection Filter Rules
How Connection Filter Rules are Evaluated
Configuring the WebLogic Connection Filter
Developing Custom Connection Filters
Connection Filter Examples
SimpleConnectionFilter Example
SimpleConnectionFilter2 Example
Example of the accept Method Used in Filtering Network Connections
Using Java Security to Protect WebLogic Resources
Using J2EE Security to Protect WebLogic Resources
Using the Java Security Manager to Protect WebLogic Resources
Setting Up the Java Security Manager
Modifying the weblogic.policy file for General Use
Setting Application-Type Security Policies
Setting Application-Specific Security Policies
Using the Recording Security Manager Utility
Deprecated Security APIs