Now we’ll take a closer look at the different SSPIs that constitute a security realm. We’ll learn about WebLogic’s default implementation of these security providers and how to configure them. The default implementation provides the authentication architecture (and much more) that we have just seen. You can replace one or more of the providers with your own code if you want to change its behavior. Once again, the Administration Console lets you view and modify the configuration of these security providers. All of the security providers available to your realm can be found under the Security/Realms/myrealm/Providers node in the left pane of the Administration Console, where “myrealm” refers to the name of the security realm. Finally, we’ll learn about the embedded LDAP server that holds all of the security data for the domain on behalf of the default security providers.
Authentication refers to the server’s ability to reliably verify the identity of a user or system. We generally refer to a user or system being authenticated as simply a user. A user requires some proof of identity before it can establish trust with the server. WebLogic supports Authentication Providers that can validate user credentials based on a username-password combination or a digital certificate. The security provider repository, which stores the user and group information, can be implemented in the following ways:
As an embedded LDAP server, which is the default used ...