At the connection level, WebLogic provides two security features: filtering and SSL. Chapter 16 provides a detailed look at SSL. Let’s take a look at connection filtering here. A connection filter allows the server to reject unwanted connections based on some criteria. For example, a connection filter would allow you to configure WebLogic to permit T3 or IIOP connections only from within your intranet, and reject any T3 or IIOP connection request from outside the intranet. So, connection filtering provides network-level access control.

WebLogic comes equipped with a default connection filter that examines one or more connection filter rules defined in the Administration Console. Alternatively, you can create your own custom connection filter that evaluates the basis that incoming connections are accepted by the server. A custom connection filter is a Java class that implements WebLogic’s ConnectionFilter interface. The interface is dead simple — the class must implement the accept( ) method, which simply throws a FilterException to indicate that an incoming connection request should not be allowed through. Here is an example of a connection filter that refuses T3 connections from hosts unless their IP address matches 10.*.*.*:

import weblogic.security.net.*;

public class MyConnectionFilter implements ConnectionFilter {
   public void accept(ConnectionEvent evt) throws FilterException { if ( evt.getProtocol( ).equals("t3") ) { byte [] addr = evt.getRemoteAddress( ...