Design Considerations 3-11
3.3.3.1 Custom Providers and Classpaths
Classes loaded from WL_HOME\server\lib\mbeantypes are not visible to other JAR and EAR files deployed on WebLogic Server. If you have common utility classes
that you want to share, you must place them in the system classpath.
3.3.3.2 Throwing Exceptions from MBean Operations
Your custom provider MBeans must throw only JDK exception types or weblogic.management.utils exception types. Otherwise, JMX clients may not
include the code necessary to receive your exceptions.
■
For typed exceptions, you must throw only the exact types from the throw clause of your MBeans method, as opposed to deriving and throwing your own
exception type from that type.
■
For nested exceptions, you must throw only JDK exception types or weblogic.management.utils exceptions.
■
For runtime exceptions, you must throw or pass through only JDK exceptions.
3.3.3.3 Specifying Non-Clear Text Values for MBean Attributes
As described in Table A.2
, you can use the Encrypted attribute to specify that the value of an MBean attribute should not be displayed as clear text. For example, you encrypt
the value of the MBean attribute when getting input for a password. The following code fragment shows an example of using the Encrypted attribute:
MBeanAttribute Name = PrivatePassPhrase
Type = java.lang.String Encrypted = true
Default = quot;quot; Description = The Keystore password.
3.3.4 Understand the SSPI MBean Hierarchy and How It Affects the Administration Console
All attributes and operations that are specified in the required SSPI MBeans that your MBean Definition File MDF extends all the way up to the Provider base SSPI
MBean automatically appear in a WebLogic Server Administration Console page for the associated security provider. You use these attributes and operations to configure
and manage your custom security providers.
Note:
WL_HOME\server\lib\mbeantypes is the default directory for installing MBean types. Beginning with 9.0, security providers can
be loaded from ...\domaindir\lib\mbeantypes as well. JAR files loaded from the ...\domaindir\lib\mbeantypes directory
can be shared across applications. They do not need to be explicitly placed in the system classpath.
3-12 Developing Security Providers for Oracle WebLogic Server
Figure 3–5 illustrates the SSPI MBean hierarchy for security providers using the
WebLogic Credential Mapping MDF as an example, and indicates what attributes and operations will appear in the Administration Console for the WebLogic Credential
Mapping provider.
Figure 3–5 SSPI MBean Hierarchy for Credential Mapping Providers
Implementing the hierarchy of SSPI MBeans in the DefaultCredentialMapper MDF shown in
Figure 3–5 produces the page in the Administration Console that is
shown in Figure 3–6
. A partial listing of the DefaultCredentialMapper MDF is shown in
Example 3–1 .
Note: For Authentication security providers only, the attributes and
operations that are specified in the optional SSPI MBeans your MDF implements are also automatically supported by the Administration
Console. For other types of security providers, you must write a console extension in order to make the attributes and operations
inherited from the optional SSPI MBeans available in the Administration Console. For more information, see
Section 2.2.4, Writing Console Extensions.
Design Considerations 3-13
Figure 3–6 DefaultCredentialMapper Administration Console Page
The Name, Description, and Version fields come from attributes with these names inherited from the base required SSPI MBean called Provider and specified in the
DefaultCredentialMapper MDF. Note that the DisplayName attribute in the DefaultCredentialMapper MDF generates the value for the Name field, and that
the Description and Version attributes generate the values for their respective fields as well. The Credential Mapping Deployment Enabled field is displayed on the
Provider Specific page because of the CredentialMappingDeploymentEnabled attribute in the DeployableCredentialMapper required SSPI MBean, which the
DefaultCredentialMapper MDF extends. Notice that this Administration Console page does not display a field for the DefaultCredentialMapper implementation of
the UserPasswordCredentialMapEditor optional SSPI MBean.
3.3.5 Understand What the WebLogic MBeanMaker Provides