Securing WebLogic Server 12c电子书

Securing WebLogic Server 12c

Table of Contents

Securing WebLogic Server 12c

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers and more

Why Subscribe?

Free Access for Packt account holders

Instant Updates on New Packt Books

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Errata

Piracy

Questions

1. WebLogic Security Concepts

General concept of security in Java EE

WebLogic security architecture

Identifying – Subjects, Principals, and Credentials

WebLogic resources

Writing custom providers – MBeans

Authentication Providers

Authentication under WebLogic

MBean and JAAS

Multipart Authentication Provider

Perimeter Authentication

Identity Assertion

Credential Mapper

JASPIC and Java EE

JACC

Summary

2. WebLogic Security Realm

Configuration of local LDAP server: user/roles/lockout

Users and groups

Users section

Groups section

Security role condition

Basic

Date and time-based

Context element

User lockout

Unlocking user

Configuring an external LDAP for Authentication/Authorization

Configuring a new provider

Control Flag

Active Directory provider-specific configuration

Connection

Users

Groups

Static groups

General

Performance options

Principal Validator Cache

Troubleshooting problems

User lockout in an Active Directory context

Using Identity Assertion

Summary

3. Java EE Security with WebLogic

Setting up an Enterprise Maven project

Creating the modules with maven-archetype-plugin

Installing the WebLogic Server and the WebLogic Maven plugin

Configuring wls-maven-plugin into the EAR POM

Split deploy and beabuild-maven-plugin

Launching our Hello Maven and WebLogic world application

Securing the web module

Standard DD mapping

Custom Roles Mapping

Programmatic security

Programmatic security with WebLogic XACML provider

A RESTful and secure EJB component

Bean packaged into the WAR module

Changing Security Identity with RunAs

Securing the EJB module

Summary

4. Creating Custom Authentication Providers with Maven

The Maven project

Creating the Maven project

Dependencies

Reconfiguring standard plugins

Adding WebLogic MBeanMaker to the POM

Defining the MBean with an MDF File

Writing the MBean implementation

Initializing the provider

Implementation of the provider

Custom JAAS LoginModule

The login() method

Lifecycle methods – commit(), abort(), and logout()

A simple SSO JSP

Running the provider

Summary

5. Integrating with Kerberos SPNEGO Identity Assertion

Using Identity Assertion SSO Kerberos in a Microsoft domain

Windows client needs to be in the Active Directory domain

Windows client session needs to be logged in the Active Directory domain

Integrated Windows Authentication

DNS URL entry configuration and SPN definition

Technical Active Directory user

Keytab generation and the krb5 config file

JAAS file creation

WLS init startup arguments configuration

SPNEGO Identity asserter configuration

Debugging issues

Summary

Index