Chapter 27. How WebLogic Server Implements Security

by Jeff Marin and Paul J. Perrone

IN THIS CHAPTER

• The J2SE Security Model

• J2EE Security Model

• How Security Works in WebLogic Server

• Migration from WebLogic Server 6.x

As the use of Java code at the enterprise level is ushered in with increased industry penetration of J2EE, the security features of the middleware become all the more important. It is no longer sufficient just to be able to support multiple security protocols. Rather, the application server must be adaptable to new security technologies and be manageable under conditions involving complex security requirements. Routine tasks should be relatively easy to perform and support for backward compatibility should be out of the box. WLS 8.1 delivers on all of these expectations and more. By far, it boasts the most powerful security model of any J2EE application server on the planet.

Being a J2EE 1.3–compliant application server, WebLogic Server implements the J2EE security specification. Being a Java application itself, WebLogic Server runs in a JVM with J2SE security. In this chapter, we take a brief look at the security models within J2SE and J2EE and then plunge into the extensive security features offered with WebLogic Server 8.1.