Summary

In this chapter we covered security, starting with the J2SE model based on where code comes from and how code can be trusted with digital certificates. Then we discussed the J2EE security model for authentication as well as access control that defines roles and access rights to restricted resources. We continued with an overview of JAAS and the Pluggable Authorization Model (PAM). We then talked about the WebLogic Server security framework and the features within it, including security realms and providers.

In the next chapter, we will discuss and demonstrate additional steps necessary for implementing security in WebLogic Server applications. We will discuss how to create WebLogic Server users, groups, roles, and security policies, and how LDAP is used. You will be introduced to the JAAS APIs and how to provide security for non-Web users. We will also discuss how to use digital certificates and SSL. All this and more…so, if you're ready to get started, turn the page!