Search your topic in Java2share
Home > FAQs
eXTReMe Tracker


Weblogic Application Server FAQs

Untitled Document

161.Explain Security Realms?

    • A security realm is a collection of system resources and security service providers.
    • Only one security realm can be active at a given time.
    • A single security policy is used in any realm.
    • Users must be recognized by an authentication provider of the security realm.
    • Administration tasks include creating security realms.

162.What Is SSL?
Secure Sockets Layer (SSL) is a protocol that enables:

    • Connection security through encryption
    • A server to authenticate to a client
    • A client to authenticate to a server (optional)
    • Data integrity such that the data that flows between a client and server is protected from tampering by a third party

    163.What Is a Deployment Plan?

      • It is an optional XML document that resides outside an application archive.
      • It configures an application for deployment to a specific WLS environment.
      • It is created and owned by administrators or developers for a particular environment.

    A JavaEE deployment plan:

      • Is an XML file that is associated with an application
      • Resides outside an application archive
      • Sets or overrides the values in the JavaEE deployment descriptors

    Allows a single application to be easily customized to multiple deployment environments

    164.What are the Advantages of Production Redeployment?
    Saves the trouble of:

      • Scheduling application downtime
      • Setting up redundant servers to host new application versions
      • Managing client access to multiple application versions manually
      • Retiring older versions of an application manually
      • Explain about Packaging Applications?
        • When you deploy applications to a single Managed Server, you can deploy the applications in an exploded format.
        • Oracle recommends deploying packaged applications to a cluster of Managed Servers as .war, .ear, or .jar file

      165.What are the Oracle WebLogic Server SSL Requirements?

        • To enable Oracle WebLogic Server SSL, you must:
          • Obtain an appropriate digital certificate
          • Install the certificate
          • Configure SSL properties
          • Configure two-way authentication (if desired)
            • SSL impacts performance.

      166.What is the user of keytool Utility in WLS?

        • keytool is a standard J2SE SDK utility for managing:
          • The generation of private keys and the corresponding digital certificates
          • Keystores (databases) of private keys and the associated certificates
        • The keytool utility can the display certificate and keystore contents.

      167.How WLS Protecting Against Attacks? What kinds of Attacks are there?

        • WLS can help protect applications against several attacks:
          • Man-in-the-middle attacks
          • Denial of service (DoS) attacks
          • Large buffer attacks
          • Connection starvation attacks
        • The slides that follow detail the countermeasures that WLS provides to address these attacks.

      168.Explain about Man-in-the-Middle Attacks?

        • In the “man-in-the-middle” attack, a third party poses as a destination host intercepting messages between the client and the real host.
        • Instead of issuing the real destination host’s SSL certificate, the attacker issues his or her own hoping that the client would accept it as being from the real destination host.
        • The “man-in-the-middle” attacks can be resisted by using
          a Host Name Verifier.
        • A Host Name Verifier validates that the host to which an SSL connection is made is the intended or authorized party.
        • WLS provides a Host Name Verifier by default.
        • A custom Host Name Verifier can be created by implementing the interface weblogic.security.SSL.HostnameVerifier

      169.Explain about Denial of Service Attacks (DOS)?

        • DoS attacks are attempts by attackers to prevent legitimate users of a service from using that service.
        • There are three basic types of attack:
          • Consumption of scarce, limited, or nonrenewable resources
          • Destruction or alteration of configuration information
          • Physical destruction or alteration of network components

      Harden WLS against “denial of service” attacks by:

        • Filtering incoming network connections
        • Configuring consumable WLS resources with the appropriate threshold and quotas
        • Limiting access to configuration information and backing up configuration files
        • Preventing unauthorized access by protecting passwords against password-guessing attacks

      170.Explain about Filtering Network Connections?

        • WLS can be configured to accept or deny network connections based on the origin of the client.
        • This feature can be used to:
          • Restrict the location from which connections to WLS are made
          • Restrict the type of connection made, that is, allow only SSL connections and reject all others
        • To filter network connections, create a class that implements the ConnectionFilter interface and install it using the Administration Console.