Introduction to Developing Security Providers for WebLogic Server

 

Audience for This Guide

Prerequisites for This Guide

Overview of the Development Process


Designing the Custom Security Provider
Creating Runtime Classes for the Custom Security Provider by Implementing SSPIs
Generating an MBean Type to Configure and Manage the Custom Security Provider
Writing Console Extensions
Configuring the Custom Security Provider
Providing Management Mechanisms for Security Policies, Security Roles, and Credential Maps

 

Design Considerations

 

General Architecture of a Security Provider

Security Services Provider Interfaces (SSPIs)


Understand an Important Restriction
Understand the Purpose of the "Provider" SSPIs
Determine Which "Provider" Interface You Will Implement
The DeployableAuthorizationProvider SSPI
The DeployableRoleProvider SSPI
The DeployableCredentialProvider SSPI
Understand the SSPI Hierarchy and Determine Whether You Will Create One or Two Runtime Classes
SSPI Quick Reference

 

Security Service Provider Interface (SSPI) MBeans


Understand Why You Need an MBean Type
Determine Which SSPI MBeans to Extend and Implement
Understand the Basic Elements of an MBean Definition File (MDF)
Understand the SSPI MBean Hierarchy and How It Affects the Administration Console
Understand What the WebLogic MBeanMaker Provides
About the MBean Information File
SSPI MBean Quick Reference

 

Security Data Migration


Migration Concepts
Formats
Constraints
Migration Files
Adding Migration Support to Your Custom Security Providers
Administration Console Support for Security Data Migration

 

Management Utilities Available to Developers of Security Providers

Security Providers and WebLogic Resources


The Architecture of WebLogic Resources
Types of WebLogic Resources
WebLogic Resource Identifiers
The toString() Method
Resource IDs and the getID() Method
Creating Default Groups for WebLogic Resources
Creating Default Security Roles for WebLogic Resources
Creating Default Security Policies for WebLogic Resources
Looking Up WebLogic Resources in a Security Provider's Runtime Class
Single-Parent Resource Hierarchies
Pattern Matching for URL Resources
ContextHandlers and WebLogic Resources

 

Initialization of the Security Provider Database


Best Practice: Create a Simple Database If None Exists
Best Practice: Configure an Existing Database
Best Practice: Delegate Database Initialization

 

Authentication Providers

 

Authentication Concepts


Users and Groups, Principals and Subjects
LoginModules
The LoginModule Interface
LoginModules and Multipart Authentication
Java Authentication and Authorization Service (JAAS)
How JAAS Works With the WebLogic Security Framework
Example: Standalone T3 Application

 

The Authentication Process

Do You Need to Develop a Custom Authentication Provider?

How to Develop a Custom Authentication Provider


Create Runtime Classes Using the Appropriate SSPIs
Implement the AuthenticationProvider SSPI
Implement the JAAS LoginModule Interface
Throwing Custom Exceptions from LoginModules
Example: Creating the Runtime Classes for the Sample Authentication Provider
Generate an MBean Type Using the WebLogic MBeanMaker
Create an MBean Definition File (MDF)
Use the WebLogic MBeanMaker to Generate the MBean Type
Use the WebLogic MBeanMaker to Create the MBean JAR File (MJF)
Install the MBean Type Into the WebLogic Server Environment
Configure the Custom Authentication Provider Using the Administration Console
Managing User Lockouts
Specifying the Order of Authentication Providers

 

Identity Assertion Providers

 

Identity Assertion Concepts


Identity Assertion Providers and LoginModules
Identity Assertion and Tokens
How to Create New Token Types
How to Make New Token Types Available for Identity Assertion Provider Configurations
Passing Tokens for Perimeter Authentication
Common Secure Interoperability Version 2 (CSIv2)

 

The Identity Assertion Process

Do You Need to Develop a Custom Identity Assertion Provider?

How to Develop a Custom Identity Assertion Provider


Create Runtime Classes Using the Appropriate SSPIs
Implement the AuthenticationProvider SSPI
Implement the IdentityAsserter SSPI
Example: Creating the Runtime Class for the Sample Identity Assertion Provider
Generate an MBean Type Using the WebLogic MBeanMaker
Create an MBean Definition File (MDF)
Use the WebLogic MBeanMaker to Generate the MBean Type
Use the WebLogic MBeanMaker to Create the MBean JAR File (MJF)
Install the MBean Type Into the WebLogic Server Environment
Configure the Custom Identity Assertion Provider Using the Administration Console

 

Principal Validation Providers

 

Principal Validation Concepts


Principal Validation and Principal Types
How Principal Validation Providers Differ From Other Types of Security Providers
Security Exceptions Resulting from Invalid Principals

 

The Principal Validation Process

Do You Need to Develop a Custom Principal Validation Provider?


How to Use the WebLogic Principal Validation Provider

 

How to Develop a Custom Principal Validation Provider


Implement the PrincipalValidator SSPI

 

Authorization Providers

 

Authorization Concepts


Access Decisions

 

The Authorization Process

Do You Need to Develop a Custom Authorization Provider?

How to Develop a Custom Authorization Provider


Create Runtime Classes Using the Appropriate SSPIs
Implement the AuthorizationProvider SSPI
Implement the DeployableAuthorizationProvider SSPI
Implement the AccessDecision SSPI
Example: Creating the Runtime Class for the Sample Authorization Provider
Generate an MBean Type Using the WebLogic MBeanMaker
Create an MBean Definition File (MDF)
Use the WebLogic MBeanMaker to Generate the MBean Type
Use the WebLogic MBeanMaker to Create the MBean JAR File (MJF)
Install the MBean Type Into the WebLogic Server Environment
Configure the Custom Authorization Provider Using the Administration Console
Managing Authorization Providers and Deployment Descriptors
Enabling Security Policy Deployment
Provide a Mechanism for Security Policy Management
Option 1: Create Your Own "Policy Editor" Page Using Console Extensions
Option 2: Develop a Stand-Alone Tool for Security Policy Management
Option 3: Integrate an Existing Security Policy Management Tool into the Administration Console

 

Adjudication Providers

 

The Adjudication Process

Do You Need to Develop a Custom Adjudication Provider?

How to Develop a Custom Adjudication Provider


Create Runtime Classes Using the Appropriate SSPIs
Implement the AdjudicationProvider SSPI
Implement the Adjudicator SSPI
Generate an MBean Type Using the WebLogic MBeanMaker
Create an MBean Definition File (MDF)
Use the WebLogic MBeanMaker to Generate the MBean Type
Use the WebLogic MBeanMaker to Create the MBean JAR File (MJF)
Install the MBean Type Into the WebLogic Server Environment
Configure the Custom Adjudication Provider Using the Administration Console

 

Role Mapping Providers

 

Role Mapping Concepts


Security Roles
Dynamic Security Role Computation

 

The Role Mapping Process

Do You Need to Develop a Custom Role Mapping Provider?

How to Develop a Custom Role Mapping Provider


Create Runtime Classes Using the Appropriate SSPIs
Implement the RoleProvider SSPI
Implement the DeployableRoleProvider SSPI
Implement the RoleMapper SSPI
Implement the SecurityRole Interface
Example: Creating the Runtime Class for the Sample Role Mapping Provider
Generate an MBean Type Using the WebLogic MBeanMaker
Create an MBean Definition File (MDF)
Use the WebLogic MBeanMaker to Generate the MBean Type
Use the WebLogic MBeanMaker to Create the MBean JAR File (MJF)
Install the MBean Type Into the WebLogic Server Environment
Configure the Custom Role Mapping Provider Using the Administration Console
Managing Role Mapping Providers and Deployment Descriptors
Enabling Security Role Deployment
Provide a Mechanism for Security Role Management
Option 1: Create Your Own "Role Editor" Page Using Console Extensions
Option 2: Develop a Stand-Alone Tool for Security Role Management
Option 3: Integrate an Existing Security Role Management Tool into the Administration Console

 

Auditing Providers

 

Auditing Concepts


Audit Channels
Auditing Events From Custom Security Providers

 

The Auditing Process

Do You Need to Develop a Custom Auditing Provider?

How to Develop a Custom Auditing Provider


Create Runtime Classes Using the Appropriate SSPIs
Implement the AuditProvider SSPI
Implement the AuditChannel SSPI
Example: Creating the Runtime Class for the Sample Auditing Provider
Generate an MBean Type Using the WebLogic MBeanMaker
Create an MBean Definition File (MDF)
Use the WebLogic MBeanMaker to Generate the MBean Type
Use the WebLogic MBeanMaker to Create the MBean JAR File (MJF)
Install the MBean Type Into the WebLogic Server Environment
Configure the Custom Auditing Provider Using the Administration Console
Configuring Audit Severity

 

Credential Mapping Providers

 

Credential Mapping Concepts

The Credential Mapping Process

Do You Need to Develop a Custom Credential Mapping Provider?

How to Develop a Custom Credential Mapping Provider


Create Runtime Classes Using the Appropriate SSPIs
Implement the CredentialProvider SSPI
Implement the DeployableCredentialProvider SSPI
Implement the CredentialMapper SSPI
Generate an MBean Type Using the WebLogic MBeanMaker
Create an MBean Definition File (MDF)
Use the WebLogic MBeanMaker to Generate the MBean Type
Use the WebLogic MBeanMaker to Create the MBean JAR File (MJF)
Install the MBean Type Into the WebLogic Server Environment
Configure the Custom Credential Mapping Provider Using the Administration Console
Managing Credential Mapping Providers, Resource Adapters, and Deployment Descriptors
Enabling Deployable Credential Mappings
Provide a Mechanism for Credential Map Management
Option 1: Create Your Own "Credential Mappings" Page Using Console Extensions
Option 2: Develop a Stand-Alone Tool for Credential Map Management
Option 3: Integrate an Existing Credential Map Management Tool into the Administration Console

 

Auditing Events From Custom Security Providers

 

Security Services and the Auditor Service

How to Audit From a Custom Security Provider


Create an Audit Event
Implement the AuditEvent SSPI
Implement an Audit Event Convenience Interface
Audit Severity
Audit Context
Example: Implementation of the AuditRoleEvent Interface
Obtain and Use the Auditor Service to Write Audit Events
Example: Obtaining and Using the Auditor Service to Write Role Audit Events

 

Writing Console Extensions for Custom Security Providers

 

When Should I Write a Console Extension?

When In the Development Process Should I Write a Console Extension?

How Writing a Console Extension for a Custom Security Provider Differs From a Basic Console Extension

Main Steps for Writing an Administration Console Extension

Replacing Custom Security Provider-Related Administration Console Dialog Screens Using the SecurityExtensionV2 Interface

How a Console Extension Affects the Administration Console

MBean Definition File (MDF) Element Syntax

 

The MBeanType (Root) Element

The MBeanAttribute Subelement

The MBeanNotification Subelement

The MBeanConstructor Subelement

The MBeanOperation Subelement

Examples: Well-Formed and Valid MBean Definition Files (MDFs)

Skip footer navigation  Back to Top Previous Next