04 security
DESCRIPTION
weblogic securityTRANSCRIPT
Tech Mahindra Limited confidential© Tech Mahindra Limited 2007
Introducing Weblogic Security
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Session Objectives At the end of the training you will be able to
Understand security fundamentals and the enhanced security features of Weblogic Server 10
Understand the Weblogic and the Single Sign-On (SSO) framework
Understand the Security Assertion Markup Language (SAML) security framework
Introduction to WLS Security
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Authentication Authentication is the process that establishes the identity of
a user by validating the users credentials against the user repository.
Weblogic Server provides the following types of authentication
Username/password authentication Certificate authentication Digest authentication Perimeter authentication
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Authorization Authorization is the process that controls interactions
between users and Weblogic resources These interactions are based on user identity Authorization is defined with the help of the following
concepts and functionalities: Weblogic resources Security policies ContextHandlers Access decisions Adjudication Java Authorization Contracts for Containers (JACC)
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Auditing Auditing is a process that collects, stores and distributes
information about operating requests An auditing provider provides auditing services.
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Identity and Trust A private key and a digital certificate provide identity for a
server A trusted CA certificate established trust for a certificate
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Secure Sockets Layer (SSL) SSL enables secure communication between applications
connected through the web The following SSL features have been added to Weblogic
Server versions 9.1 and above SSL attributes for network channels Dynamic SSL attributes for the Weblogic Server
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Java EE and Weblogic Security Weblogic Server 10.3 uses the security services of the Java
Software Development Kit (SDK) version, Java Platform Edition (JSE) 6.0
The security services are based on standardized, modular components
Weblogic Server supports the following JSE 6.0 security packages
Java Secure Socket Extension (JSSE) Java Authentication and Authorization Service (JAAS) Java Security Manager Java Cryptography Architecture (JCA) and Java Cryptography
Extensions (JCE) JACC
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Introduction to SSO SSO requires a user to sign on to an application only once
and gain access to many different application components This enables users to log on securely to all their applications,
Web sites, and mainframe sessions with a single identity
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Tech Mahindra Limited confidential© Tech Mahindra Limited 2007
Understanding Security Realms
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Tech Mahindra Limited confidential© Tech Mahindra Limited 2007
Configuring Non-Default Security Providers
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
Tech Mahindra Limited confidential© Tech Mahindra Limited 2007
Securing Weblogic Resources Through SSL
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited
CONFIDENTIAL© Copyright 2007 Tech Mahindra Limited