[ Team LiB ] Previous Section Next Section

Chapter 28. Securing WebLogic Server and WebLogic Server Applications

by Jeff Marin and Steve Steffen


In this chapter, we discuss how to secure applications that run on WebLogic Server and how to secure WebLogic Server itself. WebLogic Server applications can potentially have many resources that must be restricted to authorized users. The J2EE specification allows EJB methods, EIS instances, and Web components to be restricted. WebLogic Server extends this by allowing just about every other resource to be restricted as well. This includes resources related to JMS, JNDI, JDBC, Web services, COM objects, and the administrator console.

Protecting WebLogic Server applications without protecting WebLogic Server itself is a futile task. There's no point in creating users, groups, and roles and then trying to protect them with security policies if hackers can just bypass the whole security framework and tap into our sensitive data and business logic. Therefore, in this chapter, we discuss the mechanisms that WebLogic Server supplies to deter hackers from disrupting our applications and bringing down WebLogic Server itself.

    [ Team LiB ] Previous Section Next Section