Design Considerations 3-11

3.3.3.1 Custom Providers and Classpaths

Classes loaded from WL_HOME\server\lib\mbeantypes are not visible to other JAR and EAR files deployed on WebLogic Server. If you have common utility classes that you want to share, you must place them in the system classpath.

3.3.3.2 Throwing Exceptions from MBean Operations

Your custom provider MBeans must throw only JDK exception types or weblogic.management.utils exception types. Otherwise, JMX clients may not include the code necessary to receive your exceptions. ■ For typed exceptions, you must throw only the exact types from the throw clause of your MBeans method, as opposed to deriving and throwing your own exception type from that type. ■ For nested exceptions, you must throw only JDK exception types or weblogic.management.utils exceptions. ■ For runtime exceptions, you must throw or pass through only JDK exceptions.

3.3.3.3 Specifying Non-Clear Text Values for MBean Attributes

As described in Table A.2 , you can use the Encrypted attribute to specify that the value of an MBean attribute should not be displayed as clear text. For example, you encrypt the value of the MBean attribute when getting input for a password. The following code fragment shows an example of using the Encrypted attribute: MBeanAttribute Name = PrivatePassPhrase Type = java.lang.String Encrypted = true Default = quot;quot; Description = The Keystore password.

3.3.4 Understand the SSPI MBean Hierarchy and How It Affects the Administration Console

All attributes and operations that are specified in the required SSPI MBeans that your MBean Definition File MDF extends all the way up to the Provider base SSPI MBean automatically appear in a WebLogic Server Administration Console page for the associated security provider. You use these attributes and operations to configure and manage your custom security providers. Note: WL_HOME\server\lib\mbeantypes is the default directory for installing MBean types. Beginning with 9.0, security providers can be loaded from ...\domaindir\lib\mbeantypes as well. JAR files loaded from the ...\domaindir\lib\mbeantypes directory can be shared across applications. They do not need to be explicitly placed in the system classpath. 3-12 Developing Security Providers for Oracle WebLogic Server Figure 3–5 illustrates the SSPI MBean hierarchy for security providers using the WebLogic Credential Mapping MDF as an example, and indicates what attributes and operations will appear in the Administration Console for the WebLogic Credential Mapping provider. Figure 3–5 SSPI MBean Hierarchy for Credential Mapping Providers Implementing the hierarchy of SSPI MBeans in the DefaultCredentialMapper MDF shown in Figure 3–5 produces the page in the Administration Console that is shown in Figure 3–6 . A partial listing of the DefaultCredentialMapper MDF is shown in Example 3–1 . Note: For Authentication security providers only, the attributes and operations that are specified in the optional SSPI MBeans your MDF implements are also automatically supported by the Administration Console. For other types of security providers, you must write a console extension in order to make the attributes and operations inherited from the optional SSPI MBeans available in the Administration Console. For more information, see Section 2.2.4, Writing Console Extensions. Design Considerations 3-13 Figure 3–6 DefaultCredentialMapper Administration Console Page The Name, Description, and Version fields come from attributes with these names inherited from the base required SSPI MBean called Provider and specified in the DefaultCredentialMapper MDF. Note that the DisplayName attribute in the DefaultCredentialMapper MDF generates the value for the Name field, and that the Description and Version attributes generate the values for their respective fields as well. The Credential Mapping Deployment Enabled field is displayed on the Provider Specific page because of the CredentialMappingDeploymentEnabled attribute in the DeployableCredentialMapper required SSPI MBean, which the DefaultCredentialMapper MDF extends. Notice that this Administration Console page does not display a field for the DefaultCredentialMapper implementation of the UserPasswordCredentialMapEditor optional SSPI MBean.

3.3.5 Understand What the WebLogic MBeanMaker Provides