域之间的信任关系配置(英文)
2007-09-21 23:46
302 查看
[align=left]Enabling Trust Between WebLogic Domains[/align]
[align=left]Note: Enabling trust between WebLogic Server domains opens the servers up to man-in-the-middle attacks. Great care should be taken when enabling trust in a production environment. BEA recommends having strong network security such as a dedicated communication channel or protection by a strong firewall.[/align]
[align=left]A trust relationship is established when principals in a Subject from one WebLogic Server domain (referred to as the domain) are accepted as principals in the local domain.[/align]
[align=left]This release of WebLogic Server adds more restrictions to the trust relationship between domains. Now a trust relationship is established when the Credential attribute for one domain matches the Credential attribute for another domain.[/align]
[align=left]By default, when you boot an Administration Server for the first time, the Credential attribute is not defined. As the Administration Server boots, it notices that the Credential attribute is not defined and generates a random credential. The Administration Server uses that credential to sign principals in subjects created in that domain. The config.xml file which stores the credential is saved after the credential is generated. Managed servers in that domain obtain the credential from the Administration Server when booting.[/align]
[align=left]WebLogic Server performs a validation (comparing how the principal was signed with how a local principal would be signed) whenever the code is asked to create a new subject.[/align]
[align=left]Note: Any credentials in clear text are encrypted the next time the config.xml file is persisted to disk.[/align]
[align=left]If you want a WebLogic Server 6.x domain to interoperate with a WebLogic Server 7.0 domain, change the Credential attribute in the WebLogic Server 7.0 domain to the password of the system user in the WebLogic Server 6.x domain.[/align]
[align=left]If you want two 7.0 domains to interoperate, perform the following procedure in both domains.[/align]
[align=left]To establish a trust relationship between WebLogic Server domains:[/align]
[align=left]1. In the left panel of the console, select the domain name at the top of the tree. [/align]
[align=left]2. Select the Security-->Advanced tab. [/align]
[align=left]3. Uncheck the Enable Generated Credential attribute. [/align]
[align=left]4. Click the Change... link in the Credential attribute. [/align]
[align=left]5. Enter a password for the domain. Choose the password carefully. BEA Systems recommends using a combination of upper and lower case letters and numbers. [/align]
[align=left]6. Confirm the password. [/align]
[align=left]7. Click Apply. [/align]
[align=left]8. Reboot WebLogic Server.[/align]
[align=left]When using inter-domain trust with a WebLogic Server domain that uses custom Principals (meaning a custom Authentication provider is configured in the domain), the domain that is not using custom Principals must have the class for the custom Principal defined in the server's class path in order for authentication to work properly. Otherwise, a java.lang.ClassNotFound is thrown.[/align]
[align=left]For example: two domains (Domain 1 and Domain 2) have established trust (meaning their domain credentials are set to the same value).[/align]
[align=left]§ Domain 1 has a custom Authentication provider that creates custom Principals of type myPrincipal. [/align]
[align=left]§ mySubject is a Subject authenticated on Domain 1 that contains a Principal of type myPrincipal. [/align]
[align=left]§ mySubject is passed from Domain 1 to Domain 2. Subjects are passed between domains in the following circumstances: [/align]
[align=left]· When one domain makes an RMI call over T3 to another domain. [/align]
[align=left]· When one domain makes an RMI call over IIOP and CSIv2 cannot be established. [/align]
[align=left]· A Subject is passed as a argument to a user's method. [/align]
· When using the JMX Message bridge.
[align=left]§ Domain 2 must have myPrincipal defined in the server class path or a java.lang.ClassNotFound will be thrown when Domain 2 tries to deserialize the Subject. [/align]
相关文章推荐
- ssh免密码登入-配置双机之间信任关系
- WINDOWS SERVER 2003从入门到精通之林之间的信任关系
- 不同林之间的信任关系
- Oracle Study之-AIX6.1构建主机之间的信任关系(ssh)
- 《精通Spring4.X企业应用开发实战》读后感第五章(<bean>之间的关系\整合多个配置文件)
- 建立linux两用户之间的信任关系
- Solaris ssh配置主机间信任关系
- 配置多台虚拟机间的ssh信任关系
- 建立linux两用户之间的信任关系 ZT
- linux之间建立信任关系
- Linux技巧:两个主机互相信任关系配置
- Linux主机信任关系配置(无密码登陆)
- spring 5 bean配置--bean之间的关系
- 图解JavaWeb与tomact及Servlet之间的配置及调用关系(;JavaWeb入门)
- 关于CodeFirst异常:无法确定类型'XXX'和类型‘YYY’之间的关联的主体端,必须使用关系 Fluent API 或数据注释显式配置此关联的主体端。
- Linux服务器之间建立信任关系
- AD不同林之间的信任关系域
- ssh双机之间添加信任关系
- 在两台linux机器之间建立信任关系
- Hibernate学习-14:实体之间的关系及其配置,级联操作