Amazon cover image
Image from Amazon.com

Securing WebLogic Server 12c / Luca Masini.

By: Contributor(s): Material type: TextTextSeries: Professional expertise distilledPublication details: Birmingham : Packt Pub., 2012.Description: 1 online resource (1 volume) : illustrationsContent type:
  • text
Media type:
  • computer
Carrier type:
  • online resource
ISBN:
  • 9781849687799
  • 184968779X
  • 1849687781
  • 9781849687782
Subject(s): Genre/Form: Additional physical formats: Print version:: Securing WebLogic Server 12c.DDC classification:
  • 004.36
LOC classification:
  • TK5105.8885 .O75 M37 2012
Online resources:
Contents:
Cover; Copyright; Credits; About the Authors; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: WebLogic Security Concepts; General concept of security in Java EE; WebLogic security architecture; Identifying -- Subjects, Principals, and Credentials; WebLogic resources; Writing custom providers -- MBeans; Authentication Providers; Authentication under WebLogic; MBean and JAAS; Multipart Authentication Provider; Perimeter Authentication; Identity Assertion; Credential Mapper; JASPIC and Java EE; JACC; Summary; Chapter 2: WebLogic Security Realm
Configuration of local LDAP server: user/roles/lockoutUsers and groups; Users section; Groups section; Security role condition; Basic; Date and time-based; Context element; User Lockout; Unlocking user; Configuring an external LDAP for Authentication/Authorization; Configuring a new provider; Control Flag; Active Directory provider-specific configuration; Connection; Users; Groups; Static groups; General; Performance options; Principal Validator Cache; Troubleshooting problems; User Lockout in an Active Directory context; Using Identity Assertion; Summary
Chapter 3: Java EE Security with WebLogicSetting up an Enterprise Maven project; Creating the modules with maven-archetype-plugin; Installing the WebLogic Server and the WebLogic Maven plugin; Configuring wls-maven-plugin into the EAR POM; Split deploy and beabuild-maven-plugin; Launching our Hello Maven and WebLogic world application; Securing the web module; Standard DD mapping; Custom Roles Mapping; Programmatic security; Programmatic security with WebLogic XACML Provider; A RESTful and secure EJB component; Bean packaged into the WAR module; Changing Security Identity with RunAs
Securing the EJB moduleSummary; Chapter 4: Creating Custom Authentication Providers with Maven; The Maven project; Creating the Maven project; Dependencies; Reconfiguring standard plugins; Adding WebLogic MBeanMaker to the POM; Defining the MBean with an MDF File; Writing the MBean implementation; Initializing the provider; Implementation of the provider; Custom JAAS LoginModule; The login() method; Lifecycle methods -- commit(), abort(), and logout(); A simple SSO JSP; Running the Provider; Summary; Chapter 5: Integrating with Kerberos SPNEGO Identity Assertion
Using Identity Assertion SSO Kerberos in a Microsoft domainWindows client needs to be in the Active Directory domain; Windows client session needs to be logged in the Active Directory domain; Integrated Windows Authentication; DNS URL entry configuration and SPN definition; Technical Active Directory user; Keytab generation and the krb5 config file; JAAS file creation; WLS init startup arguments configuration; SPNEGO Identity asserter configuration; Debugging issues; Summary; Index
Summary: In Detail Security is a must in modern Enterprise architecture, and WebLogic implements a very complete and complex architecture for configuration and implementation, and we need to deeply know in technologies, terminology and how the security process works between all actors. Transparent security of your applications and Weblogic infrastructure need a good knowledge of the issues you can incur in this long and error prone configuration process. "Securing WebLogic Server 12c" will simplify a complex world like WebLogic Security, helping the reader to implement and configure. It's the only fast guide that will let you develop and deploy in a production system with best practices both from the development world and the operation world. This book will try to make a clear picture of Java EE Security with clean and simple step-by-step examples that will guide the reader to security implementation and configuration From the concepts of Java EE Security to the development of secure application, from the configuration of a realm to the setup of Kerberos Single Sign on, every concept is expressed in simple terms and surrounded by examples and pictures. Finally, also a way to develop WebLogic Security Providers with Maven, so that you can add the security part of your infrastructure to your enterprise best practices. Approach This book is written in simple, easy to understand format with lots of screenshots and step-by-step explanations. Who this book is for If you are a WebLogic Server administrator looking forward to a step by step guide to administer and configure WebLogic security, then this is the guide for you. Working knowledge of WebLogic is required.
Holdings
Item type Current library Collection Call number Status Date due Barcode Item holds
eBook eBook e-Library EBSCO Computers Available
Total holds: 0

Online resource; title from cover (Safari, viewed Jan. 23, 2013).

In Detail Security is a must in modern Enterprise architecture, and WebLogic implements a very complete and complex architecture for configuration and implementation, and we need to deeply know in technologies, terminology and how the security process works between all actors. Transparent security of your applications and Weblogic infrastructure need a good knowledge of the issues you can incur in this long and error prone configuration process. "Securing WebLogic Server 12c" will simplify a complex world like WebLogic Security, helping the reader to implement and configure. It's the only fast guide that will let you develop and deploy in a production system with best practices both from the development world and the operation world. This book will try to make a clear picture of Java EE Security with clean and simple step-by-step examples that will guide the reader to security implementation and configuration From the concepts of Java EE Security to the development of secure application, from the configuration of a realm to the setup of Kerberos Single Sign on, every concept is expressed in simple terms and surrounded by examples and pictures. Finally, also a way to develop WebLogic Security Providers with Maven, so that you can add the security part of your infrastructure to your enterprise best practices. Approach This book is written in simple, easy to understand format with lots of screenshots and step-by-step explanations. Who this book is for If you are a WebLogic Server administrator looking forward to a step by step guide to administer and configure WebLogic security, then this is the guide for you. Working knowledge of WebLogic is required.

Cover; Copyright; Credits; About the Authors; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: WebLogic Security Concepts; General concept of security in Java EE; WebLogic security architecture; Identifying -- Subjects, Principals, and Credentials; WebLogic resources; Writing custom providers -- MBeans; Authentication Providers; Authentication under WebLogic; MBean and JAAS; Multipart Authentication Provider; Perimeter Authentication; Identity Assertion; Credential Mapper; JASPIC and Java EE; JACC; Summary; Chapter 2: WebLogic Security Realm

Configuration of local LDAP server: user/roles/lockoutUsers and groups; Users section; Groups section; Security role condition; Basic; Date and time-based; Context element; User Lockout; Unlocking user; Configuring an external LDAP for Authentication/Authorization; Configuring a new provider; Control Flag; Active Directory provider-specific configuration; Connection; Users; Groups; Static groups; General; Performance options; Principal Validator Cache; Troubleshooting problems; User Lockout in an Active Directory context; Using Identity Assertion; Summary

Chapter 3: Java EE Security with WebLogicSetting up an Enterprise Maven project; Creating the modules with maven-archetype-plugin; Installing the WebLogic Server and the WebLogic Maven plugin; Configuring wls-maven-plugin into the EAR POM; Split deploy and beabuild-maven-plugin; Launching our Hello Maven and WebLogic world application; Securing the web module; Standard DD mapping; Custom Roles Mapping; Programmatic security; Programmatic security with WebLogic XACML Provider; A RESTful and secure EJB component; Bean packaged into the WAR module; Changing Security Identity with RunAs

Securing the EJB moduleSummary; Chapter 4: Creating Custom Authentication Providers with Maven; The Maven project; Creating the Maven project; Dependencies; Reconfiguring standard plugins; Adding WebLogic MBeanMaker to the POM; Defining the MBean with an MDF File; Writing the MBean implementation; Initializing the provider; Implementation of the provider; Custom JAAS LoginModule; The login() method; Lifecycle methods -- commit(), abort(), and logout(); A simple SSO JSP; Running the Provider; Summary; Chapter 5: Integrating with Kerberos SPNEGO Identity Assertion

Using Identity Assertion SSO Kerberos in a Microsoft domainWindows client needs to be in the Active Directory domain; Windows client session needs to be logged in the Active Directory domain; Integrated Windows Authentication; DNS URL entry configuration and SPN definition; Technical Active Directory user; Keytab generation and the krb5 config file; JAAS file creation; WLS init startup arguments configuration; SPNEGO Identity asserter configuration; Debugging issues; Summary; Index

Added to collection customer.56279.3

Powered by Koha