Saturday, March 20, 2010

WebLogic Security, a complex world

Just trying to summarize all the options / tabs existing in WebLogic and covering the security topic.

At Domain level, there is a "Security" tab:

"general": features cross-domain security settings, node manager credentials, default realm

"filter" : you can specify a weblogic.security.net.ConnectionFilter class to prevent connections based on their IP etc (the default implementation is weblogic.security.net.ConnectionFilterImpl). On how to set the Connection Filter, see http://download-llnw.oracle.com/docs/cd/E15051_01/wls/docs103/security/con_filtr.html#wp1029318


"unlock user": just to unlock a user

"embedded LDAP" : various parameters (cache and startup sync) for the Embedded LDAP

"roles" : defines domain security roles (you can map the role with the XACMLRoleMapper)

"policies" : they concern "User Lockout" (based e.g. on roles defined in previous tab - they will be saved in XACMLAuthorizer)  ; "configuration", "file upload", "file download", "view log", "identity assertion"

Still at Domain level, we have "Web Service security":

credential providers
token handler
timestamp




At Server level, there is only:
roles and policies to be able to restart the server

In the "security realms" page, you can create new security realms.

Configuration:
General tab: choose Security Model (DD only), protects JMX access
RDBMS Security Store tab: allows to use a DB as security store

User Lockout: to block hackers
Performance: defines cache
Users and Groups: you can define new Users and Groups

Roles and Policies:
Realm Roles: lets you view and edit all roles and policies for Deployments, EJB Modules and EJB, JMS Destinations and Modules, JDBC Datasources, Domain and Server level roles.

Credential mappings: let you map WebLogic Server users to remote users

Providers:
Authentication
Authorization
Adjudication
Role Mapping
Auditing
Credential Mapping
Certification Path
Keystores

Migration: import and export

No comments: