Protecting WebLogic resources
WebLogic lets you define a set of rules to protect resources on the application or even on the server. These rules are called security policies and they leverage the WebLogic security framework using Authentication Providers, Users, and Groups. This model is extended by introducing conditions, which not only defines who can access a resource but also when; sometimes, a combination of other conditions can be used to let the user access the resources. Some examples of these policies are as follows:
A user in a specific group can call any EJB method during business hours
Only users with the admin role can edit JDBC resources
Only one specific user can post messages on a JMS queue
And to illustrate one of these examples, we're going to implement a sign-up user case for the Store application using a protected JMS queue in the next section.
Here is a comprehensive list of the main resources that can be secured in WebLogic:
Administrative resources – Secures actions such...
