Covering J2EE Security and WebLogic Topics

WebLogic 10 Released

Permanent Article Link

BEA announced that WebLogic 10 has been released for general availability. I don’t know about you, but I haven’t even fully kicked the tires on 9.x yet!

With this release, the big push was for Java EE5, EJB, 3.0, and Spring interoperability. Security-wise, the changes seem to be incremental. Here are the highlights of the security changes:

  • Cross-domain security has been improved. Instead of having two or more domains with the same credentials (crazy!), the credential mapper is used. Sounds like a good improvement…
  • The console can now record your interaction with it as WLST scripts. That’s nifty. I haven’t tried it (nor have I tried WebLogic 10 at all yet) but it has the potential to supersede my MBean-finding techniques described in Find WebLogic MBeans with Ease and Using Audit Logs to Make Scripting Easier.
  • The WebLogic Diagnostic Framework (WLDF) can now poke around in an HTTP session. That sounds like fun! ;-)
  • weblogic.jar has been “refactored.” Read the release notes for more information especially if you use custom Java security policies.
  • Support for additional and updated WS-* specifications include WS-SecureConversations 1.3, WS-Security 1.1, WS-SecurityPolicy 1.2, and WS-Trust 1.3.
  • The Windows NT Authentication provider was deprecated.

That’s all of the documented changes in the security arena. I plan on going a little more in-depth on some of these in the near future.

Posted in Security, WebLogic April 2nd, 2007 by Mike Fleming |

Bookmark this post on del.icio.us

2 Comments

  1. You can already use the WLSTScriptGenerator with version 9.2. In version 10, it comes “built-in”.

    https://codesamples.projects.dev2dev.bea.com/servlets/Scarab?id=S4

    Comment by Andre Glauser — April 9, 2007 @ 9:05 am

  2. Thanks, Andre!

    Comment by Mike Fleming — April 9, 2007 @ 6:29 pm

Sorry, the comment form is closed at this time.

 

Bookmark this page on del.icio.us