BEA Weblogic Question: Download Questions PDF
Which of the following is NOT true about the security implementation in the WebLogic Server?
Answer:
a. Servlets, JSPs, EJBs, RMI objects, and Java applications use the Java Authentication and Authorization Service to authenticate WebLogic Server.
b. The default security realm in WebLogic Server is the File realm.
c. The default authentication scheme for WebLogic Server is two-way authentication.
d. An Administration Server may contain configuration information for one WebLogic Server or a cluster of WebLogic servers.
Choice C is correct because it is not true about the security in WebLogic server. A,B and D are true. Servlets, JSPs, EJBs, RMI objects, and Java applications use the Java Authentication and Authorization Service to authenticate WebLogic Server. JAAS is a standard extension to the Java 2 Software Development Kit. The authentication component of JAAS provides the ability to reliably and securely maintain client identity, regardless of whether the code is running as a Java application, a JSP, an EJB, an RMI object or a servlet.
In WebLogic Server, JAAS is layered over the existing Security Service Provider Interface (SPI) allowing the continued use of realm-based authorization. The default security realm in WebLogic Server is the File realm. When WebLogic Server is started, the File realm creates User, Group, and ACL objects from properties defined through the Administration Console in WebLogic Server and stored in the fileRealm.properties file. The File realm is designed for use with 1,000 or fewer users, for more no of users, an alternate security realm should be used. In WebLogic Server, an Administration Server is a WebLogic Server that functions as the central source of all configuration information. An Administration Server may contain configuration information for one WebLogic Server or a cluster of WebLogic servers.
b. The default security realm in WebLogic Server is the File realm.
c. The default authentication scheme for WebLogic Server is two-way authentication.
d. An Administration Server may contain configuration information for one WebLogic Server or a cluster of WebLogic servers.
Choice C is correct because it is not true about the security in WebLogic server. A,B and D are true. Servlets, JSPs, EJBs, RMI objects, and Java applications use the Java Authentication and Authorization Service to authenticate WebLogic Server. JAAS is a standard extension to the Java 2 Software Development Kit. The authentication component of JAAS provides the ability to reliably and securely maintain client identity, regardless of whether the code is running as a Java application, a JSP, an EJB, an RMI object or a servlet.
In WebLogic Server, JAAS is layered over the existing Security Service Provider Interface (SPI) allowing the continued use of realm-based authorization. The default security realm in WebLogic Server is the File realm. When WebLogic Server is started, the File realm creates User, Group, and ACL objects from properties defined through the Administration Console in WebLogic Server and stored in the fileRealm.properties file. The File realm is designed for use with 1,000 or fewer users, for more no of users, an alternate security realm should be used. In WebLogic Server, an Administration Server is a WebLogic Server that functions as the central source of all configuration information. An Administration Server may contain configuration information for one WebLogic Server or a cluster of WebLogic servers.
Download BEA Weblogic Interview Questions And Answers
PDF