1. Security domains, roles, and user groups
Two types of security controls provided by the container: declarative Security control and programmatic security control
A security domain refers to a logical collection of users, user groups, and ACLs. Two common security domains supported by the server: theRDBMS security Domain and the file system security domain.
2. Jaas Basic Process
Initialize the request--Initialize authentication-->url authorization--to complete the original request--invoke the EJB's business method
For Java EE applications, user-submitted authentication information can be transparently passed to other tiers after being authenticated once. The authorization process needs to be executed multiple times.
3. Managing users and groups on the WebLogic server
4. Declaring security in a web App
5. Map security roles in the Web app to user groups on the WebLogic server
6. Basic login and form login based on WebLogic server
7. Programmatic security in Web applications
8. Declaring security for EJBS
9. Mapping security roles in EJB components to user groups on WebLogic servers
10. Access to the methods accessed in the EJB in the client or Web Component
Programmatic security in EJB
Basic theory of SSL and RSA encryption
13. Enable SSL support for the application server
14. Enable SSL support for Web Apps
Java EE ($)-Jaas development security applications