Securing WebLogic Server 12c -- Table of Contents -- Securing WebLogic Server 12c -- Credits -- About the Authors -- About the Reviewers -- www.PacktPub.com -- Support files, eBooks, discount offers and more -- Why Subscribe? -- Free Access for Packt account holders -- Instant Updates on New Packt Books -- Preface -- What this book covers -- What you need for this book -- Who this book is for -- Conventions -- Reader feedback -- Customer support -- Downloading the example code -- Errata -- Piracy -- Questions -- 1. WebLogic Security Concepts -- General concept of security in Java EE -- WebLogic security architecture -- Identifying - Subjects, Principals, and Credentials -- WebLogic resources -- Writing custom providers - MBeans -- Authentication Providers -- Authentication under WebLogic -- MBean and JAAS -- Multipart Authentication Provider -- Perimeter Authentication -- Identity Assertion -- Credential Mapper -- JASPIC and Java EE -- JACC -- Summary -- 2. WebLogic Security Realm -- Configuration of local LDAP server: user/roles/lockout -- Users and groups -- Users section -- Groups section -- Security role condition -- Basic -- Date and time-based -- Context element -- User lockout -- Unlocking user -- Configuring an external LDAP for Authentication/Authorization -- Configuring a new provider -- Control Flag -- Active Directory provider-specific configuration -- Connection -- Users -- Groups -- Static groups -- General -- Performance options -- Principal Validator Cache -- Troubleshooting problems -- User lockout in an Active Directory context -- Using Identity Assertion -- Summary -- 3. Java EE Security with WebLogic -- Setting up an Enterprise Maven project -- Creating the modules with maven-archetype-plugin -- Installing the WebLogic Server and the WebLogic Maven plugin -- Configuring wls-maven-plugin into the EAR POM.

Split deploy and beabuild-maven-plugin -- Launching our Hello Maven and WebLogic world application -- Securing the web module -- Standard DD mapping -- Custom Roles Mapping -- Programmatic security -- Programmatic security with WebLogic XACML provider -- A RESTful and secure EJB component -- Bean packaged into the WAR module -- Changing Security Identity with RunAs -- Securing the EJB module -- Summary -- 4. Creating Custom Authentication Providers with Maven -- The Maven project -- Creating the Maven project -- Dependencies -- Reconfiguring standard plugins -- Adding WebLogic MBeanMaker to the POM -- Defining the MBean with an MDF File -- Writing the MBean implementation -- Initializing the provider -- Implementation of the provider -- Custom JAAS LoginModule -- The login() method -- Lifecycle methods - commit(), abort(), and logout() -- A simple SSO JSP -- Running the provider -- Summary -- 5. Integrating with Kerberos SPNEGO Identity Assertion -- Using Identity Assertion SSO Kerberos in a Microsoft domain -- Windows client needs to be in the Active Directory domain -- Windows client session needs to be logged in the Active Directory domain -- Integrated Windows Authentication -- DNS URL entry configuration and SPN definition -- Technical Active Directory user -- Keytab generation and the krb5 config file -- JAAS file creation -- WLS init startup arguments configuration -- SPNEGO Identity asserter configuration -- Debugging issues -- Summary -- Index.