2. weblogictraining.vibranttechnologies.co.in
Security Realm
A security realm comprises mechanisms for protecting WebLogic
resources.
Each security realm consists of a set of:
Users
Groups
Security roles
Security policies
Configured security providers
A user must be defined in a security realm in order to access any
WebLogic resource belonging to that realm.
When a user attempts to access a particular WebLogic resource,
WebLogic Server tries to authenticate and authorize the user by
checking the security role assigned to the user in the relevant security
realm and the security policy of the particular WebLogic resource.
B2/6/2 Vashi ,Navi Mumbai,
Contact:09892900103/9892900173
weblogictraining.vibranttechnologies.co.in
3. weblogictraining.vibranttechnologies.co.in
WebLogic Server Security
Realm
Defined Scoped
Security Roles
and
Security Policies
Default Group,
Security Roles,
Security Policies
Defined users,
Groups,
Security Roles
Security
Provider
Databases
Security
Providers
B2/6/2 Vashi ,Navi Mumbai,
Contact:09892900103/9892900173
weblogictraining.vibranttechnologies.co.in
WebLogic
Resources
4. weblogictraining.vibranttechnologies.co.in
Users
Users are entities that can be authenticated in a security realm.
A user can be:
A person (application end user)
A software entity (a client application)
Other instance of WebLogic Server.
Authentication
(principal)
a user is assigned an identity
each user is given a unique identity within the security realm!
If WebLogic can verify the identity of the user (based on the username
and credential), WebLogic Server associates the principal with a thread
that executes code on behalf of the user.
Users (or groups) are associated with security roles.
Authorization: before the thread begins executing code, WebLogic Server
checks the security policy of the WebLogic resource and the principal to make
sure that the user has required permissions to continue.
B2/6/2 Vashi ,Navi Mumbai,
Contact:09892900103/9892900173
weblogictraining.vibranttechnologies.co.in
5. weblogictraining.vibranttechnologies.co.in
Groups
Groups are logically ordered sets of users.
Groups are used to provide different levels of access to WebLogic
resources to different users, depending on their functions.
Managing groups is more efficient than managing large numbers of
users individually.
All user names and groups must be unique within a security realm.
B2/6/2 Vashi ,Navi Mumbai,
Contact:09892900103/9892900173
weblogictraining.vibranttechnologies.co.in
6. weblogictraining.vibranttechnologies.co.in
Security Roles
A security role is a privilege granted to users (groups) based on specific
conditions.
Like groups, security roles allow to restrict access to WebLogic resource for
several users at once.
Unlike groups, security roles:
Are computed and granted dynamically, based on conditions (user name, group
membership, time of the day).
Can be scoped to specific WebLogic resources within a single application in a
WebLogic Server domain (groups are always scoped to an entire WebLogic
Server domain).
Granting a security role to a user (group) confers the defined access privileges
to that user (group), as long as the user is “in” the security role.
Multiple users or groups can be granted a single security role.
B2/6/2 Vashi ,Navi Mumbai,
Contact:09892900103/9892900173
weblogictraining.vibranttechnologies.co.in
7. weblogictraining.vibranttechnologies.co.in
Security policies
A security policy is an association between a WebLogic resource and one
or more users, groups, or security roles.
Security policies protect the WebLogic resource against unauthorized
access.
A policy condition – a condition under which a security policy will be
created.
WebLogic Server provides a set of default policy conditions. WebLogic
Server includes policy conditions that access
◦ HTTP Servlet Request
◦ Session attributes
◦ EJB method parameters.
Date and Time policy conditions are included in the Policy Editor.
B2/6/2 Vashi ,Navi Mumbai,
Contact:09892900103/9892900173
weblogictraining.vibranttechnologies.co.in
8. weblogictraining.vibranttechnologies.co.in
Security providers
Security providers are modules that provide security
services to application to protect WebLogic resources.
You can:
◦ Use the security providers that are provided as part of the
WebLogic Server product.
◦ Purchase custom security providers from third-party security
vendors.
◦ Develop your own custom security providers.
B2/6/2 Vashi ,Navi Mumbai,
Contact:09892900103/9892900173
weblogictraining.vibranttechnologies.co.in
9. weblogictraining.vibranttechnologies.co.in
Security Provider Databases
Contains
◦
◦
◦
◦
◦
The security provider database can be:
◦
◦
◦
◦
Users
Groups
Security roles
Security policies
Credentials
The embedded LDAP server
An external LDAP server
A properties file
A production-quality, customer-supplied database.
The security provider database should be initialized the first time
security providers are used.
◦ When a WebLogic Server instance boots.
◦ When a call is made to one of the security provider’s MBeans.
B2/6/2 Vashi ,Navi Mumbai,
Contact:09892900103/9892900173
weblogictraining.vibranttechnologies.co.in
12. weblogictraining.vibranttechnologies.co.in
Authentication Providers
Allow WebLogic Server to establish trust by validating a user.
The default (active) security realm for WebLogic Server includes a
WebLogic Authentication Provider.
◦ It supports:
Delegated username/password authentication.
WebLogic server security digest and certificate authentication.
HTTP certificate authentication proxied through an external Web server.
◦ Allows to edit, list and manage users and group membership.
WebLogic Server provides additional Authentication Providers:
◦ A set of LDAP Authentication providers
◦ A set of Database Base Management System (DBMS) Authentication
Providers
SQL Authentication Provider
Read-only SQL Authentication Provider
Custom DBMS Authentication Provider
B2/6/2 Vashi ,Navi Mumbai,
Contact:09892900103/9892900173
weblogictraining.vibranttechnologies.co.in
15. weblogictraining.vibranttechnologies.co.in
Where to Get More Information
Vibrant Group:
www.vibrantgroup.co.in
Vibrant Technologies & Computers
www.vibranttechnologies.co.in/technologies.vibrantgroup
.co.in
Vibrant HR Team
www.hr.vibrangroup.co.in
B2/6/2 Vashi ,Navi Mumbai,
Contact:09892900103/9892900173
weblogictraining.vibranttechnologies.co.in