WebLogic 10 Released
With this release, the big push was for Java EE5, EJB, 3.0, and Spring interoperability. Security-wise, the changes seem to be incremental. Here are the highlights of the security changes:
- Cross-domain security has been improved. Instead of having two or more domains with the same credentials (crazy!), the credential mapper is used. Sounds like a good improvement…
- The console can now record your interaction with it as WLST scripts. That’s nifty. I haven’t tried it (nor have I tried WebLogic 10 at all yet) but it has the potential to supersede my MBean-finding techniques described in Find WebLogic MBeans with Ease and Using Audit Logs to Make Scripting Easier.
- The WebLogic Diagnostic Framework (WLDF) can now poke around in an HTTP session. That sounds like fun! 😉
- weblogic.jar has been “refactored.” Read the release notes for more information especially if you use custom Java security policies.
- Support for additional and updated WS-* specifications include WS-SecureConversations 1.3, WS-Security 1.1, WS-SecurityPolicy 1.2, and WS-Trust 1.3.
- The Windows NT Authentication provider was deprecated.
That’s all of the documented changes in the security arena. I plan on going a little more in-depth on some of these in the near future.