Servlet Authentication Filters 13-7
Therefore, if you plan to implement multiple challengeresponse identity assertion from a filter, you need to implement the ChallengeIdentityAsserterV2 and
ProviderChallengeContext interfaces, and then use the weblogic.security.services.Authentication methods and
AppChallengeContect interface to invoke them from a Servlet Authentication Filter.
The steps to accomplish this process are described in Chapter 5, Identity Assertion
Providers and are summarized here:
■
Section 5.4.1.1, Implement the AuthenticationProviderV2 SSPI or
Section 5.4.1.2, Implement the IdentityAsserterV2 SSPI
■
Section 5.4.4.4, Implement the ChallengeIdentityAsserterV2 Interface
■
Section 5.4.4.5, Implement the ProviderChallengeContext Interface
■
Section 5.4.4.6, Invoke the weblogic.security.services Challenge Identity Methods
■
Section 5.4.4.7, Invoke the weblogic.security.services AppChallengeContext Methods
13.4.5 Generate an MBean Type Using the WebLogic MBeanMaker
When you generate the MBean type for your custom Authentication provider as described in
Chapter 4, Authentication Providers you must also implement the
MBean for your Servlet Authentication Filter. The ServletAuthenticationFilter MBean extends the
AuthenticationProvider MBean. The ServletAuthenticationFilter MBean is a marker interface and has no methods.
?xml version=1.0 ? DOCTYPE MBeanType SYSTEM commo.dtd
MBeanType
Name = ServletAuthenticationFilter Package = weblogic.management.security.authentication
Extends = weblogic.management.security.authentication.AuthenticationProvider
PersistPolicy = OnUpdate Abstract = true
Description = The SSPI MBean that all Servlet Authentication Filter providers must extend.
This MBean is just a marker interface. It has no methods on it. MBeanType
13.4.5.1 Use the WebLogic MBeanMaker to Create the MBean JAR File MJF
Once your have run your MDF through the WebLogic MBeanMaker to generate your intermediate files, and you have edited the MBean implementation file to supply
implementations for the appropriate methods within it, you need to package the MBean files and the runtime classes for the custom Authentication provider, including
the Servlet Authentication Filter, into an MBean JAR File MJF.
These steps are described for the custom Authentication provider in Section 4.4.2.3,
Use the WebLogic MBeanMaker to Create the MBean JAR File MJF.
13-8 Developing Security Providers for Oracle WebLogic Server
13.4.6 Configure the Authentication Provider Using Administration Console
Configuring a custom Authentication provider that implements a Servlet Authentication Filter means that you are adding the custom Authorization provider to
your security realm, where it can be accessed by applications requiring authorization services.
Configuring custom security providers is an administrative task, but it is a task that may also be performed by developers of custom security providers.
The steps for configuring a custom Authorization provider using the WebLogic Server Administration Console are described under Configuring WebLogic Security
Providers in Securing Oracle WebLogic Server.
14
Versionable Application Providers 14-1
14
Versionable Application Providers
A versionable application is an application that has an application archive version specified in the manifest of the application archive EAR file. Versionable applications
can be deployed side-by-side and active simultaneously. Versionable applications allow multiple versions of an application, where security constraints can vary between
the application versions.
The Versionable Application provider SSPI enables all security providers that support application versioning to be notified when versions are created and deleted. It also
enables all security providers that support application versioning to be notified when non-versioned applications are removed.
The following sections provide the background information you need to understand before adding application versioning capability to your custom security providers, and
provide step-by-step instructions for adding application versioning capability to a custom security provider:
■
Section 14.1, Versionable Application Concepts