[CygnaCom Solutions logo]
Login    Contact Us   
  Products   Services   Corporate   Labs   Careers
Search
Security Testing and Evaluation Labs
 
 
Security Evaluation Laboratory
 
Overview (pdf)
 
Common Criteria
 
Evaluated Products
 
More Information...
 
CC Assurance Index
 
CC Function Index
 
 
Cryptographic Equipment Assessment Laboratory
Careers
 
Contact Us


Entrust Home
Security Testing
 

Security Testing and Evaluation Labs

Security Evaluation Laboratory (SEL)


BEA : WebLogic Server 7.0

Sponsor:BEA Systems
Point of Contact:Paul Patrick Phone: (781)993-7302
Assurance Level:EAL2
Status:Evaluated
The BEA WebLogic Server is a J2EE application server that provides a foundation for an enterprise to build and integrate applications and databases. The BEA WebLogic Portal is a J2EE-based portal that provides a portal framework for enterprises.

A group of logically connected WebLogic Servers is called a domain. WebLogic Servers in a domain may be clustered to support load balancing. One WebLogic Server in each domain is designated as the Administration Server. The other WebLogic Servers are designated Managed Servers. BEA WebLogic Portal is a layered framework on top of WebLogic Server. As such, it receives much of its security capabilities directly from WebLogic Server.

The BEA WebLogic Server security functionality includes authentication, authorization, auditing, SSL/TLS, enhanced support for LDAP, Java2 sandbox, CORBA CSIv2 protocol, Credential Mapping, and management functions.

The WebLogic Server security architecture is layered as follows:

  • The security services are accessed through three containers: Servlets (JSP), Enterprise Java Bean (EJB) or web services (JSP or EJB).
  • The security services layer is accessed through the framework interface, which is not a public interface. The services provided include audit, authentication, authorization, role mapper, and credential manager.
  • The security provider layer provides public interfaces to the security providers. The security providers include: Adjudication Provider, Audit Provider, Authentication Provider, Authorization Provider, Credential Provider, and Role Provider.
  • The security providers implement an out of the box (OOTB) capability with a set of default plug in modules. The OOTB plug-ins will be included in the evaluated configuration. The security architecture allows for additional plug-in modules. In addition, the plug-in modules include "realm adapters" that support V6.X functionality.

Some services have multiple OOTB plug-in modules:

  • The OOTB plug-in modules for authentication include the default authentication provider, the LDAP authentication provider, the certificate based identity assertion provider, and the realm adapter authentication (ATN) provider.
  • The OOTB plug-in modules for authorization include the OOTB authorization provider, the OOTB adjudication provider, the OOTB role mapping provider, and the realm adapter (ATZ) provider.
  • The OOTB plug-in modules for auditing include the default audit provider and the realm adapter (AUD) provider.

Back to SEL Main Page
 
 
   Privacy Statement    Legal    Contact Us
 
© Copyright 2003 Entrust. All rights reserved.