Manualshelf

Technical data

ManualsBrandsBEA ManualsComputer equipmentWebLogic Server 7
301302303304305306307308309310
14 Managing Security
14-64 Administration Guide
Installing a Connection Filter
You can create connection filters that allow you to reject or accept client connections
based on a client’s origin and protocol. After the client connects, and before any work
is performed on its behalf, WebLogic Server passes the client’s IP number and port,
protocol (HTTP, HTTPS, T3, T3S, or IIOP), and WebLogic Server port number to the
connection filter. By examining this information, you can choose to allow the
connection or throw a
FilterException to terminate it.
To use a connection filter, you must first create an implementation of the
weblogic.security.net.ConnectionFilter interface. Then use the
Administration Console to install your implementation.
To install a connection filter, enter the name of your implementation of the
weblogic.security.net.ConnectionFilter interface, in the Connection Filter
attribute on the Advanced tab under Security in the Administration Console. Reboot
WebLogic Server.
For information about writing a connection filter, see Filtering Network Connections.
For an example of creating a connection filter, see the
SimpleConnectionFilter
example in the
\samples\examples\security directory of the WebLogic Server
installation.
Setting Up the Java Security Manager
When you run WebLogic Server under Java 2 (JDK 1.2 or 1.3), WebLogic Server can
use the Java Security Manager in Java 2 to provide additional access control for
WebLogic Server resources. The Java Virtual Machine (JVM) has security
mechanisms built into it that you which manage through a security policy file. The Java
Security Manager can enforce a set of permissions granted to CodeSource or SignedBy
classes. The permissions allow certain classes running in that instance of the JVM to
do or not do certain runtime operations. In many cases, where the threat model does
not include malicious code being run on the JVM, the Java Security Manager is
unnecessary. In cases such as when an Application Service Provider uses WebLogic
Server and unknown classes are being run, the Java Security Manager is necessary.