BEA Touts New Security Framework

BEA Systems on Tuesday rolled out the general release of
its WebLogic
Server Version 7.0
J2EE-based application server product, touting a
redesigned security framework as a key asset in its efforts to compete with
offerings from IBM Corp. and Sun Microsystems .

To enhance its Web Services potential, WebLogic Server Version 7.0 has been
equipped with full UDDI implementation to host public and private registries
and BEA went at lengths in Tuesday’s general release announcement to hype
the new security framework, which promises to separate application
development from application security management. (More security information
available here.

“This frees developers to focus on integration and implementation, leaving
the securing of applications to administrators and security experts, while
providing the flexibility to change security policy without having to change
application code,” BEA said. The new framework would let administrators
easily control and change user access privileges by using WebLogic Server
7.0’s role-based and rules-driven authorization scheme.

The San Jose, Calif.-based BEA said the range of security capabilities
include application access (authorization), user validation
(authentication), access tracking (auditing), and application and data
protection (public key infrastructure — PKI).

Using the new menu driven policy tool in BEA WebLogic Server 7.0,
administrators can easily define security policies, providing the
flexibility and control needed to secure any component in the application,
including Web Services.

The WebLogic Server application, which previously lent support to the Simple
Object Access Protocol (SOAP) and Web Services Description Language (WSDL)
standards, is now fully J2EE 1.3-compliant. This includes support for Java
Secure Socket Extension (JSSE), Secure Sockets Layer (SSL) and Java
Authentication and Authorization Service (JAAS).

As pr
eviously reported
, BEA said the upgraded WebLogic Server 7.0 would
include fewer manual steps, cleaner code, and easy packaging. It also adds
WebLogic Builder, a new graphical tool for assembling, packaging and
deploying J2EE applications on the server. BEA said the tool, coupled with
new command-line utilities, reduces the number of manual steps necessary to
create deployable J2EE applications.

Other additions include tools to allow developers to automatically expose
applications as Web services without additional skills or coding, as well as
tools to simplify the management and configuration of clusters, code and
content updates.

BEA’s WebLogic Server is currently being using by third-party security firms
like Baltimore, Entegrity, Entrust, Netegrity, PentaSafe, RSA Security and
VeriSign.

News Around the Web