Book Image

Getting Started with Oracle WebLogic Server 12c: Developer's Guide

Book Image

Getting Started with Oracle WebLogic Server 12c: Developer's Guide

Overview of this book

Oracle WebLogic server has long been the most important, and most innovative, application server on the market. The updates in the 12c release have seen changes to the Java EE runtime and JDK version, providing developers and administrators more powerful and feature-packed functionalities. Getting Started with Oracle WebLogic Server 12c: Developer's Guide provides a practical, hands-on, introduction to the application server, helping beginners and intermediate users alike get up to speed with Java EE development, using the Oracle application server. Starting with an overview of the new features of JDK 7 and Java EE 6, Getting Started with Oracle WebLogic Server 12c quickly moves on to showing you how to set up a WebLogic development environment, by creating a domain and setting it up to deploy the application. Once set up, we then explain how to use the key components of WebLogic Server, showing you how to apply them using a sample application that is continually developed throughout the chapters. On the way, we'll also be exploring Java EE 6 features such as context injection, persistence layer and transactions. After the application has been built, you will then learn how to tune its performance with some expert WebLogic Server tips.
Table of Contents (18 chapters)
Getting Started with Oracle WebLogic Server 12c: Developer's Guide
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

WebLogic security


Oracle WebLogic supports and fully implements both Java SE and EE security models using JDK APIs such as JASPIC, JAAS, JSSE, or JCE for remote and even internal authentication. So, if the client is an EJB, a servlet, or an applet, the same mechanisms will be used to authenticate and authorize its execution.

The authentication can be performed through these models:

  • Username/Password: The most traditional model, which requires a user ID and password to authorize and provide access to a protected resource. It can be enhanced to use a certificate (SSL) or HTTPS to provide transport-level security.

  • Certificate: During HTTPS/SSL requests, the client can verify whether the digital certificate is authentic and if the Secure Socket Layer (SSL) connection was established. WebLogic also supports two-way SSL authentication through a specific authentication provider (provided both client and server present a valid certificate).

  • Digest: This is a very sophisticated method to authenticate...