A Principal is an identity assigned to a user or group as a result of Authentication.
After successful authentication, principals are stored and signed in a Subject for future use.
A Principal Validation provider signs the Principals and the Authentication Provider Login module populates the subject with the principals. Later, when a caller attempts to access a principal stored in a subject,Principal Validation Provider verifies that the principal has not been altered since it was signed, and the principal is returned to teh caller.
A Security Policy is created when we define an association between a Weblogic resource and users/groups.A Weblogic resource has no security until a security policy is assigned to it.
Security Policies are stored in an Authorization Provider's Database. By Default, Authorization providers are configured and Security Policies are stored in the embedded LDAP server.
Security realm comprises mechanisms for protecting Weblogic resources.Security Realm consists of:
Security providers
Users
Groups
Security Roles
Security Policies
A user must be defined in a security realm inorder to access any weblogic resource belonging to that realm.When the user tries to access a weblogic resource,WLS tries to authenticate and authorize the user by checking the security role assigned to the user in the security realm and the security policy of the resource.
When a User wants to access weblogic server resource, authentication happens through the JAAS login Module to the Authentication Provider configured in the security realm.
If Weblogic can identify the user based on the Credentials, WLS associates the principal assigned to a user, with a thread that executes code on behalf of the user.
No comments:
Post a Comment