WebLogic security
Oracle WebLogic supports and fully implements both Java SE and EE security models using JDK APIs such as JASPIC, JAAS, JSSE, or JCE for remote and even internal authentication. So, if the client is an EJB, a servlet, or an applet, the same mechanisms will be used to authenticate and authorize its execution.
The authentication can be performed through these models:
Username/Password: The most traditional model, which requires a user ID and password to authorize and provide access to a protected resource. It can be enhanced to use a certificate (SSL) or HTTPS to provide transport-level security.
Certificate: During HTTPS/SSL requests, the client can verify whether the digital certificate is authentic and if the Secure Socket Layer (SSL) connection was established. WebLogic also supports two-way SSL authentication through a specific authentication provider (provided both client and server present a valid certificate).
Digest: This is a very sophisticated method to authenticate...
