...
WebLogic's security can be extended by creating WebLogic Security Plugins, which uses BEA's Security Services Provider Interface (SSPI). PortalProtect provides plugins that integrates with these plugins.
BEA provides documentation on their plugins at http://e-docs.bea.com – there you can find additional detail about the possibilities with them.
PortalProtect implements several types of plugins, including Authentication, Authorization, RoleMapper and Adjudicator. Not all plugins need to be used, typically only the Authentication plugin is required.
Authentication
...
Provider
The Authentication provider provides authentication only – it is meant to be used in connection with the PortalProtect Tunnel agent. The tunnel then inserts the session ID in an authorization http header, and WebLogic will then provide the PortalProtect session ID to the plugin as userid, and the plugin will then use it for authenticating the user.
Authorization
...
Provider
PortalProtect's Authorization provider can make authorization decisions if the default J2EE way of authorizing based on deployment descriptors and roles is not sufficient. Any ACL defined in PortalProtect will be checked against the corresponding WebLogic resource, which includes JNDI, EJB, JDBC and portlets. Please consult BEA's documentation for details about the format of the WebLogic resources.
...