Covering J2EE Security and WebLogic Topics

New Security Features in WebLogic 9.2 Beta

Earlier this week I noticed that BEA released a beta of WebLogic 9.2. The release notes mention the following security-related items:

Now, I haven’t had the chance to look at 9.2 yet, but several of these items seem pretty juicy. For example, the addition of custom XACML roles and policies could pave the way for a standardized approach to extending the J2EE security model without relying on proprietary mechanisms. This is definitely on my list to check out.

The other additions are interesting, too.

WLS 8.x didn’t break much ground in the security department, but 9.x is coming out swinging with lots of new things to think about. There have been new provider types (the CertPathValidator, for example), new provider implementations (SAML, RDBMS, etc.), and now the changes in 9.2.

I’m particularly curious about the bulk providers. I haven’t dug into it, but how the heck does WebLogic know which resources to roll up into a bulk authorization check? [4/13/06 Update: Since writing this post, it’s occurred to me that the most likely candidates for bulk authorization are hierarchical resources such as JNDI and URLs. Just speculation, though…]

Anyway, I have a gut feeling that at least being aware of the changes in this release will pay off in the future. Perhaps your next clever usage of the security framework will hinge on one of these new features…