BEA s WebLogic Basics

A brief WLS overview

The WebLogic Server supports Web browsers, other clients that use HTTP, and clients that use Remote Method Invocation (RMI) or Internet Inter-ORB Protocol (IIOP). WLS supports J2EE Connector Architecture (J2CA), which is a set of contracts for transactions, security, and connection management for EIS connectivity. Connectors are provided by BEA and other third-party companies to allow application integration. Also, WebLogic uses Simple Object Access Protocol (SOAP) as the message format and HTTP as the connection protocol.

WLS supports eXtensible Markup Language (XML) technology via an XML subsystem that supports standard parsers (and a built-in Apache Xerces), BEA XML editor, XSLT transformers , DTDs, and XML schemas. In addition, WLS implements Java API for XML Processing (JAXP) and provides a Web-based administration console for configuring and monitoring WLS services. Configuration is also possible with scripts.

WebLogic provides high availability via EJB components and clustering for dynamic Web pages, backend resource pooling, and connection sharing. It provides tight integration with and support for leading databases, development tools, and other environments. WebLogic provides support for transactions across EJB, JMS, J2CA, and JDBS and an infrastructure for transaction support. It also supports distributed transactions and two-phase commit, and implements Java Transaction API (JTA) for the transaction infrastructure. WLS also supports connectivity through CORBA as well as RMI-IIOP.

Understanding the basics of WLS security

WLS enables applications to incorporate security solutions into a pluggable security framework. WLS provides configuration and management via a security policy definition. The policy definition provides a framework and GUI tool for rule-based security criteria; this rule-based security is used to define roles and/or group of users that have access to secured resources. Rules are dynamically calculated and validated at runtime. In addition, WLS provides an administration console for configuring attributes of all applications and services, and captures statistics and audit logs (such as for authentication attempts and for invalid certificates) and manages features of the application server.

External security stores, such as Lightweight Directory Access Protocol (LDAP) servers, can be adapted to WebLogic realms, enabling single sign-on for the enterprise. A security realm is a logical grouping of users, groups, and Access Control Lists (ACLs); a security realm and a single ACL in that security realm protect a WLS resource. Users in a security realm can access resources in that security realm.

WLS authenticates and authorizes users by checking the ACL and permissions in that realm and also provides a way to build customized security realms.

WebLogic Server ACLs are instantiated in the WLS at initialization, and realms have dynamic ACLs that can be added or modified without bringing down the server. Also, resources are defined to be protected in the deployment descriptor of the application. These resources include Enterprise JavaBeans, WebLogic Events, HTTP Servlets, and Java Server Pages.

WebLogic Server supports Java Authentication and Authorization Service (JAAS) as discussed in Chapter 19.

WLS has a Security Service Provider Interface that makes it possible to extend WebLogic Security services and to implement WebLogic Security features in applications. In addition, third-party security solutions can be integrated, such as external Public Key Infrastructure (PKI).

Data confidentiality is achieved with encryption used for data transfer over a network and communications privacy. WebLogic Server provides Secure Sockets Layer (SSL) support for encrypting data transmitted across WebLogic Server, clients, and other servers. WebLogic security realms feature user authentication and authorization for all WebLogic Server services. 128-bit encryption is supported, but restricted by U.S. trade laws.

WLS provides authentication - either with a username and password combination (via HTTP basic authentication, form based) or with a digital certificate (mutual authentication or digest) to permit access to users and deny access to unwanted intruders. WLS supports basic HTTP authentication with Base64 encoding for services protected by firewalls and HTTPS for SSL implementations . It also supports Web Services' end-to-end security model for protection of sensitive data passed from service to service via SOAP. Using WebLogic Server, you can configure one-way and two-way authentication using SSL in servlets and server-to-server SSL.

WLS also provides access control with user and group definitions. It allows the combination of authorized users into groups to set permissions for accessing application functions and services. You can control access to EJB methods as well.

In addition, WLS provides a built-in security data store for role, profile, and entitlement data using LDAP. WLS also supports JAAS for seamless security architecture across J2EE applications.