4-24 Developing Security Providers for Oracle WebLogic Server text MBean appended to it. For example, the result of running the SimpleSampleAuthenticator MDF through the WebLogic MBeanMaker will yield an MBean interface file called SimpleSampleAuthenticatorMBean.java.

4.4.2.3 Use the WebLogic MBeanMaker to Create the MBean JAR File MJF

Once your have run your MDF through the WebLogic MBeanMaker to generate your intermediate files, and you have edited the MBean implementation file to supply implementations for the appropriate methods within it, you need to package the MBean files and the runtime classes for the custom Authentication provider into an MBean JAR File MJF. The WebLogic MBeanMaker also automates this process. To create an MJF for your custom Authentication provider, follow these steps:

1. Create a new DOS shell.

2. Type the following command:

java -DMJF=jarfile -Dfiles=filesdir weblogic.management.commo.WebLogicMBeanMaker where the -DMJF flag indicates that the WebLogic MBeanMaker should build a JAR file containing the new MBean types, jarfile is the name for the MJF and filesdir is the location where the WebLogic MBeanMaker looks for the files to JAR into the MJF. Compilation occurs at this point, so errors are possible. If jarfile is provided, and no errors occur, an MJF is created with the specified name. The resulting MJF can be installed into your WebLogic Server environment, or distributed to your customers for installation into their WebLogic Server environments.

4.4.2.4 Install the MBean Type Into the WebLogic Server Environment

To install an MBean type into the WebLogic Server environment, copy the MJF into the WL_HOME\server\lib\mbeantypes directory, where WL_HOME is the top-level installation directory for WebLogic Server. This deploys your custom Authentication provider—that is, it makes the custom Authentication provider manageable from the WebLogic Server Administration Console. Note: When you create a JAR file for a custom security provider, a set of XML binding classes and a schema are also generated. You can choose a namespace to associate with that schema. Doing so avoids the possibility that your custom classes will conflict with those provided by Oracle. The default for the namespace is vendor. You can change this default by passing the -targetNameSpace argument to the WebLogicMBeanMaker or the associated WLMBeanMaker ant task. If you want to update an existing MJF, simply delete the MJF and regenerate it. The WebLogic MBeanMaker also has a -DIncludeSource option, which controls whether source files are included into the resulting MJF. Source files include both the generated source and the MDF itself. The default is false. This option is ignored when -DMJF is not used. Authentication Providers 4-25 You can create instances of the MBean type by configuring your custom Authentication provider see Section 4.4.3, Configure the Custom Authentication Provider Using the Administration Console , and then use those MBean instances from a GUI, from other Java code, or from APIs. For example, you can use the WebLogic Server Administration Console to get and set attributes and invoke operations, or you can develop other Java objects that instantiate MBeans and automatically respond to information that the MBeans supply. We recommend that you back up these MBean instances.

4.4.3 Configure the Custom Authentication Provider Using the Administration Console

Configuring a custom Authentication provider means that you are adding the custom Authentication provider to your security realm, where it can be accessed by applications requiring authentication services. Configuring custom security providers is an administrative task, but it is a task that may also be performed by developers of custom security providers. This section contains information that is important for the person configuring your custom Authentication providers: ■ Section 4.4.3.1, Managing User Lockouts ■ Section 4.4.3.2, Specifying the Order of Authentication Providers Note: WL_HOME\server\lib\mbeantypes is the default directory for installing MBean types. Beginning with 9.0, security providers can be loaded from ...\domaindir\lib\mbeantypes as well. However, if you want WebLogic Server to look for MBean types in additional directories, use the -Dweblogic.alternateTypesDirectory=dir command-line flag when starting your server, where dir is a comma-separated list of directory names. When you use this flag, WebLogic Server will always load MBean types from WL_ HOME\server\lib\mbeantypes first, then will look in the additional directories and load all valid archives present in those directories regardless of their extension. For example, if -Dweblogic.alternateTypesDirectory = dirX,dirY, WebLogic Server will first load MBean types from WL_ HOME\server\lib\mbeantypes, then any valid archives present in dirX and dirY. If you instruct WebLogic Server to look in additional directories for MBean types and are using the Java Security Manager, you must also update the weblogic.policy file to grant appropriate permissions for the MBean type and thus, the custom security provider. For more information, see Using Java Security to Protect WebLogic Resources in Programming Security for Oracle WebLogic Server. Note: The steps for configuring a custom Authentication provider using the WebLogic Server Administration Console are described in Configuring WebLogic Security Providers in Securing Oracle WebLogic Server.