Thursday, April 21, 2011

WebLogic security

Excellent JAAS tutorial here
http://middlewaremagic.com/weblogic/?p=6479


An overall presentation of JCA there
http://download.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html

Here you find an overview of all JAAS classes
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/security/fat_client.html#wp1042108

A Subject can have many Principal

a LoginContext lives inside a Configuration

The Configuration contains a stack of LoginModule, and the Credentials are authenticated in cascade across this stack.

A Policy is ensured by a Provider, and its role is to grant a Permission

..; to be continued....

No comments: