Securing WebLogic Server 12c E-Book

Table of Contents

Securing WebLogic Server 12c

Copyright © 2012 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: November 2012

Production Reference: 1201112

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham B3 2PB, UK.

ISBN 978-1-84968-778-2

www.packtpub.com

Authors

Luca Masini

Rinaldi Vincenzo

Reviewers

Andrea Fiorentini

Michel Schildmeijer

Acquisition Editor

Rukhsana Khambatta

Commissioning Editor

Priyanka Shah

Technical Editor

Dominic Pereira

Copy Editors

Aditya Nair

Alfida Paiva

Project Coordinator

Michelle Quadros

Proofreader

Maria Gould

Indexer

Tejal Daruwale

Production Coordinator

Melwyn D'sa

Cover Work

Melwyn D'sa

Cover Image

Sheetal Aute

Luca Masini is a Senior Software Engineer and Architect who started as a Game Developer for Commodore 64 (Football Manager) and Commodore Amiga (Ken il Guerriero); he soon switched to object-oriented programming and, from its inception in 1995, he was always attracted to the Java language.

He worked on this passion as a consultant for some major Italian banks, developing and integrating major software projects for which he has often taken on the technical leadership role. He adapted Java Enterprise in environments where COBOL was the flagship platform, converting them from mainframe-centric to distributed.

He then shifted his focus to open source, starting from Linux, and then enterprise frameworks, with which he was able to introduce concepts like IoC, ORM, and MVC with minimum impact. He was an early adopter of Spring, Hibernate, Struts, and a whole host of other technologies that in the long run have given his customers a technological advantage and because of which development costs have also lowered.

Lately, however, his attention has been completely directed towards the simplification and standardization of development with Java EE, and for this reason he's now working at the Information and Communications Technology department of a large Italian company to introduce advanced build tools (Maven and Continuous Integration), archetypes of projects, and Agile Development with plain standards.

He has worked on the following books published by Packt Publishing:

Vincenzo Rinaldi was born in Milan, Italy, and continues to live and work there. He has over 10 years of experience with system administration in critical contexts, where he contributes with designing, managing, and supporting internal IT infrastructures. He studies and researches many technologies, products, Operating Systems, and custom implementations on a daily basis to meet the business processes. He works with many suppliers, internal teams, and customer services in a mass retail company and coordinates a team to work in the middleware, Operating Systems, and DB stack.

He is an RHCE Certified Engineer and also has great experience in WebLogic setup and administration, generally in the middleware layer.

You can read more about him on his Linkedin profile at http://www.linkedin.com/in/vincenzorinaldi.

Andrea Fiorentini graduated in Multimedia Systems and Telecommunications Engineering from the University of Siena in the year 2003. He attended a course for an internship at the company for which he works since June 2004 as a systems engineer and programmer.

The company for which he works is dedicated to providing services to the cooperative credit banks in Italy. He has a sound knowledge of the Oracle database, Application Server (iAS), WebLogic Server, and Business Intelligence software. He has also finished a training course in Oracle named "Developing Oracle Web Services Using Java Technology".

For the last two years he has been the head of the development team at the company that he works for, which specializes in technology-oriented Java using instruments such as GWT+, GXT, and EJB 3.0.

Michel Schildmeijer was born in the Netherlands, in the hot summer of 1966. He has lived his entire life in the capital, Amsterdam. After middle school, he started studying Pharmacy. After 4 years, he had to fulfill his military duty at the Royal Dutch Air force, where he worked in a pharmacy.

After this period, he got a job as a Quality Inspector at a pharmacy company; but after about two years he switched his job for a position in a hospital pharmacy, where he has worked for over 10 years.

In the meantime, he married his wife, Tamara, and had two kids, Marciano and Robin. His personal life wasn't always that easy, as his wife got extremely ill for a brief period and he had to take the entire responsibility of managing his family. Fortunately, he got plenty of support from his parents-in-law, who took great care of his kids.

While on his pharmacy job, around 1994, he got acquainted with the Medical Information System that was taking care of structuring patients' medical history and other information. This was a system running on HP UNIX, a MUMPS SQL database and text-based terminal. He started learning UNIX and MUMPS to give operational support. By then he became very enthusiastic, so he made a job switch and started working for some IT companies. Around the year 2000, he started using Oracle on a big banking application for settlements and clearance. The system was running on Oracle 7, AIX UNIX, BEA WebLogic, and BEA Tuxedo. This was the first time that he had worked with WebLogic. From then on, he gained more and more specialized knowledge in Middleware and Oracle. He has worked on many projects for the same. Around 2006, he started working on several projects for IBM in the Oracle Middleware team, administering, configuring, and tweaking large Oracle Middleware systems with Oracle SOA Suite, Oracle Portal, Oracle HTTP, and many more.

In 2008, he started working for Randstad Holding, and gained more and more expertise in developing the middleware infrastructure around applications. He began research on migrating the Oracle Application Server 10g and SOA Suite 10g to the 11g platform. Around that same period, Oracle acquired BEA.

From working in Brussels for Belgacom—a large Telco company in Belgium—he started his own as an Oracle Fusion Middleware Architect, for AMIS, an IT company specializing in Oracle and JAVA.

His focus was always on developing the infrastructure for many companies and advising them how to migrate or build a new middleware platform based on the latest 11g techniques. He also became an instructor, teaching all the basics of Oracle WebLogic.

For him, the reason to review this book was to get familiar with the new features in WebLogic 12c, because he thinks it's a great product with a lot of new features, especially the new JAVA EE 6 features and the Exalogic optimizations.

Michel is now working for Qualogy as a member of the Exalogic Squad Team.

Security is a must in a modern Enterprise infrastructure, and WebLogic implements a very complete and complex architecture for configuration and implementation. That is why it is necessary to deeply know technologies, terminologies, and how the security process works between all actors. Securing WebLogic Server 12c aims to simplify the complex world of WebLogic Security, helping the reader to implement standard Java EE application security, and configuring it inside WebLogic with clean and simple step-by-step examples. This guide will let you develop and deploy in a production system with the best practices, both from the development world and the operation world. From the concepts of Java EE Security to the development of secure applications, from the configuration of a realm to the setup of Kerberos Single Sign-on, every concept is expressed in simple terms and completed by working examples and pictures. Finally, a way to develop WebLogic security providers with Maven is provided, so that you can add the security part of your infrastructure to your enterprise best practices.