IT-Security (Part 3): WebLogic Server and Java Security Features by Mohammad Esad-Djou
By Juergenkress-Oracle on May 23, 2014
WebLogic Server and Java Security Features  WebLogic Server supports the Java SE and Java EE Security to protect the resources of whole system. The resources could be Web applications, Uniform Resource Locator (URL), Enterprise JavaBeans (EJBs), and Connector components.
Java SE capabilities: Security APIs Java
uses APIs to access security features and functionality and its
architecture contains a large set of application programming interfaces
(APIs), tools, and implementations of commonly-used security algorithms,
and protocols. This delivers the developer a complete security
framework for writing applications and enables them to extend the
platform with new security mechanisms.
Java Authentication and Authorization Services (JAAS) WebLogic Server uses the Java Authentication and Authorization Service (JAAS) classes to consistently and securely authenticate to the client. JAAS is a part of Java SE Security APIs and a set of Java packages that enable services to authenticate and enforce access controls upon users and /or fat-client authentication for applications, applets, Enterprise JavaBeans (EJB), or servlets.
JAAS uses a Pluggable Authentication Module (PAM) framework, and permits the use of new or updated authentication technologies without requiring modifications to the application. Therefore, only developers of custom Authentication providers and developers of remote fat client applications need to be involved with JAAS directly. Users of thin clients or developers of within-container fat client applications do not require the direct use or knowledge of JAAS.
JAAS LoginModules All LoginModules are
responsible for authenticating users within the security realm (we are
going to discuss about that later) and for populating a subject with the
necessary principals (users/groups). LoginModules contains necessary
methods for Login Context, Accounts, Credentials, configuration of them,
and different ways to exception handling. Each Authentication providers
will be configured in a security realm, its LoginModules will store
principals within the same subject too. I try to present that with an
example: Via WebLogic Server Admin Console: Home >myDomain >
Domain Structure click on Security Realms and then create a new realm
“Moh_Realm-0” and then click on “OK” Read the complete article here.
For regular information become a member in the WebLogic Partner Community please visit: http://www.oracle.com/partners/goto/wls-emea ( OPN account required). If you need support with your account please contact the Oracle Partner Business Center.