Table of Contents

Securing WebLogic Server 12c

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers and more

Why Subscribe?

Free Access for Packt account holders

Instant Updates on New Packt Books

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Errata

Piracy

Questions

1. WebLogic Security Concepts

General concept of security in Java EE

WebLogic security architecture

Identifying – Subjects, Principals, and Credentials

WebLogic resources

Writing custom providers – MBeans

Authentication Providers

Authentication under WebLogic

MBean and JAAS

Multipart Authentication Provider

Perimeter Authentication

Identity Assertion

Credential Mapper

JASPIC and Java EE

JACC

Summary

2. WebLogic Security Realm

Configuration of local LDAP server: user/roles/lockout

Users and groups

Users section

Groups section

Security role condition

Basic

Date and time-based

Context element

User lockout

Unlocking user

Configuring an external LDAP for Authentication/Authorization

Configuring a new provider

Control Flag

Active Directory provider-specific configuration

Connection

Users

Groups

Static groups

General

Performance options

Principal Validator Cache

Troubleshooting problems

User lockout in an Active Directory context

Using Identity Assertion

Summary

3. Java EE Security with WebLogic

Setting up an Enterprise Maven project

Creating the modules with maven-archetype-plugin

Installing the WebLogic Server and the WebLogic Maven plugin

Configuring wls-maven-plugin into the EAR POM

Split deploy and beabuild-maven-plugin

Launching our Hello Maven and WebLogic world application

Securing the web module

Standard DD mapping

Custom Roles Mapping

Programmatic security

Programmatic security with WebLogic XACML provider

A RESTful and secure EJB component

Bean packaged into the WAR module

Changing Security Identity with RunAs

Securing the EJB module

Summary

4. Creating Custom Authentication Providers with Maven

The Maven project

Creating the Maven project

Dependencies

Reconfiguring standard plugins

Adding WebLogic MBeanMaker to the POM

Defining the MBean with an MDF File

Writing the MBean implementation

Initializing the provider

Implementation of the provider

Custom JAAS LoginModule

The login() method

Lifecycle methods – commit(), abort(), and logout()

A simple SSO JSP

Running the provider

Summary

5. Integrating with Kerberos SPNEGO Identity Assertion

Using Identity Assertion SSO Kerberos in a Microsoft domain

Windows client needs to be in the Active Directory domain

Windows client session needs to be logged in the Active Directory domain

Integrated Windows Authentication

DNS URL entry configuration and SPN definition

Technical Active Directory user

Keytab generation and the krb5 config file

JAAS file creation

WLS init startup arguments configuration

SPNEGO Identity asserter configuration

Debugging issues

Summary

Index

Securing WebLogic Server 12c

Securing WebLogic Server 12c

Copyright © 2012 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: November 2012

Production Reference: 1201112

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham B3 2PB, UK.

ISBN 978-1-84968-778-2

www.packtpub.com

Credits

Authors

Luca Masini

Rinaldi Vincenzo

Reviewers

Andrea Fiorentini

Michel Schildmeijer

Acquisition Editor

Rukhsana Khambatta

Commissioning Editor

Priyanka Shah

Technical Editor

Dominic Pereira

Copy Editors

Aditya Nair

Alfida Paiva

Project Coordinator

Michelle Quadros

Proofreader

Maria Gould

Indexer

Tejal Daruwale

Production Coordinator

Melwyn D'sa

Cover Work

Melwyn D'sa

Cover Image

Sheetal Aute

About the Authors

Luca Masini is a Senior Software Engineer and Architect who started as a Game Developer for Commodore 64 (Football Manager) and Commodore Amiga (Ken il Guerriero); he soon switched to object-oriented programming and, from its inception in 1995, he was always attracted to the Java language.

He worked on this passion as a consultant for some major Italian banks, developing and integrating major software projects for which he has often taken on the technical leadership role. He adapted Java Enterprise in environments where COBOL was the flagship platform, converting them from mainframe-centric to distributed.

He then shifted his focus to open source, starting from Linux, and then enterprise frameworks, with which he was able to introduce concepts like IoC, ORM, and MVC with minimum impact. He was an early adopter of Spring, Hibernate, Struts, and a whole host of other technologies that in the long run have given his customers a technological advantage and because of which development costs have also lowered.

Lately, however, his attention has been completely directed towards the simplification and standardization of development with Java EE, and for this reason he's now working at the Information and Communications Technology department of a large Italian company to introduce advanced build tools (Maven and Continuous Integration), archetypes of projects, and Agile Development with plain standards.

He has worked on the following books published by Packt Publishing:

Google Web Toolkit

Spring Web Flow 2

Spring Persistence with Hibernate

Dedicated to my skunk
(Dedicato alla mia puzzola)

Vincenzo Rinaldi was born in Milan, Italy, and continues to live and work there. He has over 10 years of experience with system administration in critical contexts, where he contributes with designing, managing, and supporting internal IT infrastructures. He studies and researches many technologies, products, Operating Systems, and custom implementations on a daily basis to meet the business processes. He works with many suppliers, internal teams, and customer services in a mass retail company and coordinates a team to work in the middleware, Operating Systems, and DB stack.

He is an RHCE Certified Engineer and also has great experience in WebLogic setup and administration, generally in the middleware layer.

You can read more about him on his Linkedin profile at http://www.linkedin.com/in/vincenzorinaldi.

The first big thanks goes to my pregnant wife Nadia and my son Mattia, they have supported me with their energy. One big thanks to my colleague Luca Masini and all those colleagues who supported me in the writing of this book.

About the Reviewers

Andrea Fiorentini graduated in Multimedia Systems and Telecommunications Engineering from the University of Siena in the year 2003. He attended a course for an internship at the company for which he works since June 2004 as a systems engineer and programmer.

The company for which he works is dedicated to providing services to the cooperative credit banks in Italy. He has a sound knowledge of the Oracle database, Application Server (iAS), WebLogic Server, and Business Intelligence software. He has also finished a training course in Oracle named Developing Oracle Web Services Using Java Technology.

For the last two years he has been the head of the development team at the company that