Chapter Review

In this chapter, we covered a large amount of information related to the WebLogic Server security features. We started with an overview of the WebLogic Security Service. From there, we went on to discuss the WebLogic Security Framework and its built-in providers. We touched on how to use external authentication providers with WebLogic Server and followed that with a detailed discussion of how to configure SSL/TLS support. After that, we talked about how to write different types of Java application clients that use SSL. We finished the chapter off with a discussion of managing application security, starting with the use of J2EE deployment descriptors to define access policies, discussing the use of WebLogic Security access control policies, and finishing with a brief discussion about server boot identity security. In the next chapter, we will concentrate on WebLogic Server administration and management.