In a typical WebLogic Server application, all of these technologies fit together to create a secure deployment:
A WebLogic Server realm is used to store all of the security information for an application. It includes a given set of resources, rules to protect resources (ACLs), users, and groups.
Form-based authentication is used to secure a Web application. This Web application has roles that are mapped in weblogic.xml to the deployed WebLogic Server caching realm instance that is deployed.
Resources in the Web application are designated to have different security attributes in the web.xml deployment descriptor file. This designates that certain pages should be sent unencrypted while others should be protected with encryption. ...