In this chapter, we discuss the WebLogic Server Security Service. If you are unfamiliar with general security concepts or Java EE security features, you should consult the WebLogic Server documentation at Link 11-1 in the book's online Appendix at http://www.wrox.com/ for more information.

We begin with an overview of WebLogic Server security, from both a runtime and administrative perspective. This is important so that you understand the big picture of how interactions with WebLogic Server are secured. Next, we dive into the details of the WebLogic Security Framework and the security providers that are available to the security service. We follow that with a brief discussion of how to use external security stores with WebLogic Server. Next, we show you how to set up WebLogic Server to use Secure Socket Layer/Transport Layer Security (SSL/TLS). From there, we move into a discussion of client-side programming to the WebLogic Server Security Service. This includes a detailed discussion of how to set up and use two-way SSL between different types of Java clients and WebLogic Server. Then, we briefly discuss how to manage application security using both Java EE security features and WebLogic Server's own application security. We end the chapter with a discussion of how to provide single sign-on (SSO) to WebLogic Server across domains and across the Internet.

In this chapter, the term server refers to one instance of a WebLogic Server or multiple instances ...