10.3.4The Security Service Provider Interfaces (SSPIs)Security in WebLogic Server is based on a set of Security Service Provider Interfaces (SSPIs). The SSPIs can be used by developers and third-party vendors to develop security providers for the WebLogic Server environment. SSPIs are available for Adjudication, Auditing, Authentication, Authorization, Credential Mapping, Identity Assertion, Role Mapping, and Certificate Lookup and Validation.The SSPIs allow customers to use custom security providers for securing WebLogic Server resources. Customers can use the SSPIs to develop custom security providers or they can purchase customer security providers from third-party vendors.For more information on developing custom security providers, see Developing Security Providers for Oracle WebLogic Server.
Oracle Platform Security Services (OPSS)Understanding WebLogic Server Security10-510.3.5WebLogic Security ProvidersSecurity providers are modules that "plug into" a WebLogic Server security realm to provide security services to applications. They call into the WebLogic Security Framework on behalf of applications.If the security providers supplied with the WebLogic Server product do not fully meet your security requirements, you can supplement or replace them with custom security providers. You develop a custom security provider by:■Implementing the appropriate security service provider interfaces (SSPIs) from the weblogic.security.spipackage to create runtime classes for the security provider.■Creating an MBean Definition File (MDF) and using the WebLogic MBeanMaker utility to generate an MBean type, which is used to configure and manage the security provider.For more information, see Developing Security Providers for Oracle WebLogic Server.10.4Managing WebLogic Server SecurityThis section covers the following topics:■Section 10.4.1, "Security Realms"■Section 10.4.2, "Security Policies"10.4.1Security RealmsA security realm comprises mechanisms for protecting WebLogic resources. Each security realm consists of a set of configured security providers, users, groups, security roles, and security policies. A user must be defined in a security realm in order to access any WebLogic resources belonging to that realm. When a user attempts to access a particular WebLogic resource, WebLogic Server tries to authenticate and authorize the user by checking the security role assigned to the user in the relevant security realm and the security policy of the particular WebLogic resource.10.4.2Security PoliciesSecurity policies replace access control lists (ACLs) and answer the question "Who has access to a WebLogic resource?" A security policy is created when you define an association between a WebLogic resource and one or more users, groups, or security roles. You can optionally define date and time constraints for a security policy. A WebLogic resource has no protection until you assign it a security policy.
You've reached the end of your free preview.
Want to read all 98 pages?
- Fall '19
- Oracle Corporation, Web server, Enterprise JavaBean, Java Community Process, BEA Systems