There were a number of modifications of the security mechanism in WebLogic server 7.0.
Most of the security APIs provided with release 6.x are now deprecated. BEA recommends that you use the corresponding J2EE APIs.
The weblogic.security.Audit interface has been supplanted by an Auditing provider. The Auditor, which enables you to generate custom audit logs, is provided by default.
There is no longer an admin account.
Access Control Lists are now deprecated. Where in version 6.x you would control access by assigning an ACL to a resource, you now accomplish this with Realms.