神马文学网Securing Portal Applications
来源:百度文库 编辑:神马文学网 时间:2024/04/27 17:44:43
This topic provides a basic overview of WebLogic Portal security. The other portal topics, listed inTopics Included in this Section, provide implementation instructions.
WebLogic Portal uses the underlying WebLogic Server security architecture to let you create secure portal applications. The ultimate goal of portal security is to restrict access to portal resources and administrative functions to only those users who need access to those resources and functions.
Topics Included in This Section
Overview
Provides overview information on authentication, user and group management, authorization, and WebLogic Portal security management tools and resources.
Portal Security Scenario
Provides a scenario describing a fictitious company‘s portal application.
Implementing the Portal Security Scenario
Uses the portal scenario to identify the security touch points and link to implementation information.
Implementing Authentication
Provides details on the authentication examples contained in theTutorial Portal.
Using Multiple Authentication Providers in Portal Development
Describes how to develop applications with users stored in external authentication providers.
How WebLogic Portal Uses the WebLogic Server Security Framework
Discusses WebLogic portal support and limitations for working with multiple authentication providers.
Overview
Note: Implementing security in a portal requires a basic understanding of standard security concepts, many of which are outside the scope of WebLogic documentation; for example, encryption, injection of SQL statements at login, and secure socket layers (SSL). TheRelated Topics section contains, among other things, links to information that will help give you a broader, more complete view of security and the issues surrounding it.
WebLogic Portal provides built-in functionality for authentication ("Who are you?") and authorization ("What can you access?").
Authentication
WebLogic Portal provides many authentication samples that you can incorporate into your portals. WebLogic Portal also provides many tools for user/group management.
Samples
Implementing Authentication contains details about the authentication examples contained in theTutorial Portal.
WebLogic Portal also provides two sample login portlets you can reuse in your portals to authenticate WebLogic users:
Login to Portal portlet - Provides basic login functionality.
Login Director portlet - Provides login and shows the user the first desktop to which he is entitled.
You can also build other types of authentication supported by WebLogic Server.
User/Group Management
The WebLogic Administration Portal provides tools for managing users, groups, and setting user/group properties. For information on managing users and groups, see:
Creating User Proflie Properties
User/Group Management JSP Tags
Using Portal ControlsWebLogic Portal Javadoc The WebLogic Administration Portal help system
Authorization
There are three fundamental categories of things that can be secured in portals:
The WebLogic Administration Portal Portal Resources Java 2 Enterprise Edition (J2EE) Resources
Using the WebLogic Server concept of security roles, WebLogic Portal lets you dynamically match users to roles at login. Different roles are, in turn, assigned to different portal resources, administrative tools, and J2EE resources so users can access only the resources and tools that their assigned roles allow.
WebLogic Administration Portal
The WebLogic Administration Portal provides the tools for managing users, portal delegated administration roles, visitor entitlement roles, interaction management rules, content management, and portal resources.
You can lock down the WebLogic administration portal with delegated administration, which provides secure administrative access to the WebLogic Administration Portal tools. Delegated administration security is based on the delegated administration roles you create.
Portal Resources
The WebLogic Workshop Portal Extensions and the WebLogic Administration Portal provide tools for creating and managing portals, desktops, shells, books, pages, layouts, look & feels, and portlets. You can control access to portal resources for two types of users: administrators and visitors.
Administrators - You can control the portal resources that can be managed by portal administrators using delegated administration.
Visitors - You can control visitor access to portals and portal resources with visitor entitlements. Visitor entitlements are based on the visitor entitlement roles you create.
J2EE Resources
J2EE resources are the application framework and logic (Web applications, JSPs, EJBs, and so on) for which you can control visitor access. Security on J2EE resources is based on global security roles set up in WebLogic Server and applied to the individual J2EE resources. Security roles for J2EE resources are different than security roles that users can belong to, though both types of roles use the same roles architecture.
Default Users
The portal sample domain\\samples\domains\portal and any portal domain you create with the Configuration Wizard include the following default users. You can add these usernames and passwords to your existing domains.
Username Password Belongs to these groups
weblogic
Note: This is the username for the portal sample domain. In a new portal domain created with the Configuration Wizard, this can be whatever was used for the primary system administrator.
weblogic
Note: This is the password for the portal sample domain. In a new portal domain created with the Configuration Wizard, this can be whatever was used for the primary system administrator.
Administrators
PortalSystemAdministrators
portaladmin
This is a default user for managing and setting up delegated administration on portals.
About deleting portaladmin: If your domain does not contain portals, you can delete this user. However, this user is part of the campaign service configuration. Deleting portaladmin will cause deployment failure unless you perform the "Set up e-mail security" modifications as described inCreating Campaigns on BEA‘s e-docs Web site.
portaladmin
Administrators
PortalSystemAdministrators
Related Topics
WebLogic Server Security
The Open Web Application Security Project (OWASP)
Unified User Profiles (edocs)
Creating User Profile Properties
Using Portal Controls (for user/group management)
User/Group Management JSP Tags
For details on managing users and groups, see the WebLogic Administration portal online help system, also available one-docs.
Feedback or Suggestions? |Show in Table of Contents
http://e-docs.bea.com/workshop/docs81/doc/en/portal/security/securityIntro.html
Version: 2006.0314.123656
WebLogic Portal uses the underlying WebLogic Server security architecture to let you create secure portal applications. The ultimate goal of portal security is to restrict access to portal resources and administrative functions to only those users who need access to those resources and functions.
Topics Included in This Section
Overview
Provides overview information on authentication, user and group management, authorization, and WebLogic Portal security management tools and resources.
Portal Security Scenario
Provides a scenario describing a fictitious company‘s portal application.
Implementing the Portal Security Scenario
Uses the portal scenario to identify the security touch points and link to implementation information.
Implementing Authentication
Provides details on the authentication examples contained in theTutorial Portal.
Using Multiple Authentication Providers in Portal Development
Describes how to develop applications with users stored in external authentication providers.
How WebLogic Portal Uses the WebLogic Server Security Framework
Discusses WebLogic portal support and limitations for working with multiple authentication providers.
Overview
Note: Implementing security in a portal requires a basic understanding of standard security concepts, many of which are outside the scope of WebLogic documentation; for example, encryption, injection of SQL statements at login, and secure socket layers (SSL). TheRelated Topics section contains, among other things, links to information that will help give you a broader, more complete view of security and the issues surrounding it.
WebLogic Portal provides built-in functionality for authentication ("Who are you?") and authorization ("What can you access?").
Authentication
WebLogic Portal provides many authentication samples that you can incorporate into your portals. WebLogic Portal also provides many tools for user/group management.
Samples
Implementing Authentication contains details about the authentication examples contained in theTutorial Portal.
WebLogic Portal also provides two sample login portlets you can reuse in your portals to authenticate WebLogic users:
Login to Portal portlet - Provides basic login functionality.
Login Director portlet - Provides login and shows the user the first desktop to which he is entitled.
You can also build other types of authentication supported by WebLogic Server.
User/Group Management
The WebLogic Administration Portal provides tools for managing users, groups, and setting user/group properties. For information on managing users and groups, see:
Creating User Proflie Properties
User/Group Management JSP Tags
Using Portal ControlsWebLogic Portal Javadoc The WebLogic Administration Portal help system
Authorization
There are three fundamental categories of things that can be secured in portals:
The WebLogic Administration Portal Portal Resources Java 2 Enterprise Edition (J2EE) Resources
Using the WebLogic Server concept of security roles, WebLogic Portal lets you dynamically match users to roles at login. Different roles are, in turn, assigned to different portal resources, administrative tools, and J2EE resources so users can access only the resources and tools that their assigned roles allow.
WebLogic Administration Portal
The WebLogic Administration Portal provides the tools for managing users, portal delegated administration roles, visitor entitlement roles, interaction management rules, content management, and portal resources.
You can lock down the WebLogic administration portal with delegated administration, which provides secure administrative access to the WebLogic Administration Portal tools. Delegated administration security is based on the delegated administration roles you create.
Portal Resources
The WebLogic Workshop Portal Extensions and the WebLogic Administration Portal provide tools for creating and managing portals, desktops, shells, books, pages, layouts, look & feels, and portlets. You can control access to portal resources for two types of users: administrators and visitors.
Administrators - You can control the portal resources that can be managed by portal administrators using delegated administration.
Visitors - You can control visitor access to portals and portal resources with visitor entitlements. Visitor entitlements are based on the visitor entitlement roles you create.
J2EE Resources
J2EE resources are the application framework and logic (Web applications, JSPs, EJBs, and so on) for which you can control visitor access. Security on J2EE resources is based on global security roles set up in WebLogic Server and applied to the individual J2EE resources. Security roles for J2EE resources are different than security roles that users can belong to, though both types of roles use the same roles architecture.
Default Users
The portal sample domain
Username Password Belongs to these groups
weblogic
Note: This is the username for the portal sample domain. In a new portal domain created with the Configuration Wizard, this can be whatever was used for the primary system administrator.
weblogic
Note: This is the password for the portal sample domain. In a new portal domain created with the Configuration Wizard, this can be whatever was used for the primary system administrator.
Administrators
PortalSystemAdministrators
portaladmin
This is a default user for managing and setting up delegated administration on portals.
About deleting portaladmin: If your domain does not contain portals, you can delete this user. However, this user is part of the campaign service configuration. Deleting portaladmin will cause deployment failure unless you perform the "Set up e-mail security" modifications as described inCreating Campaigns on BEA‘s e-docs Web site.
portaladmin
Administrators
PortalSystemAdministrators
Related Topics
WebLogic Server Security
The Open Web Application Security Project (OWASP)
Unified User Profiles (edocs)
Creating User Profile Properties
Using Portal Controls (for user/group management)
User/Group Management JSP Tags
For details on managing users and groups, see the WebLogic Administration portal online help system, also available one-docs.
Feedback or Suggestions? |Show in Table of Contents
http://e-docs.bea.com/workshop/docs81/doc/en/portal/security/securityIntro.html
Version: 2006.0314.123656
Securing Portal Applications
Securing Sendmail
weblogic portal
portal基础知识
Portal简介
Web 2.0 applications vs. desktop applications
Best Free Web Applications
Load Balancing Web Applications
Developing Windows-based Applications
Wasterwater Treatment Applications
[Cockcroft98] Chapter 7. Applications
Portal精华帖整理(四):Portal开发
weblogic portal 8.1
Portal中文问题解决
SW Portal--JIRA破解
Liferay Portal二次开发指南
SW Portal--JIRA破解
The Portal Rules Service
Creating a Personalization Portal
Weblogic Portal Reference
JavaEye - portal sso
Liferay Portal二次开发
[Portal参考手册]Portlet概念
Liferay Portal评估报告