Looking Up WebLogic Resources in a Security Providers Runtime Class
3.6.6 Creating Default Security Policies for WebLogic Resources
When writing a runtime class for a custom Authorization provider, there are several default security policies that you are required to create. These default security policies initially protect the various types of WebLogic resources. Table 3–10 provides information to assist you with this task.3.6.7 Looking Up WebLogic Resources in a Security Providers Runtime Class
Example 3–2 illustrates how to look up a WebLogic resource in the runtime class of an Authorization provider. This algorithm assumes that the security provider database for the Authorization provider contains a mapping of WebLogic resources to security policies. It is not required that you use the algorithm shown in Example 3–2 , or that Table 3–10 Default Security Policies for WebLogic Resources WebLogic Resource Constructor Security Policy new AdminResourcenull, null, null Admin global role new AdminResourceConfiguration, null, null Admin, Deployer, Monitor, or Operator global roles new AdminResourceFileDownload, null, null Admin or Deployer global role new AdminResourceFileUpload, null, null Admin or Deployer global role New AdminResourceViewLog, null, null Admin or Deployer global role new ControlResourcenull, null, null weblogic.security.WLSPrincipals .getEveryoneGroupname group new EISResourcenull, null, null weblogic.security.WLSPrincipals .getEveryoneGroupname group new EJBResourcenull, null, null, null, null, null weblogic.security.WLSPrincipals .getEveryoneGroupname group new JDBCResourcenull, null, null, null, null weblogic.security.WLSPrincipals .getEveryoneGroupname group new JNDIResourcenull, null, null weblogic.security.WLSPrincipals .getEveryoneGroupname group new JMSResourcenull, null, null, null weblogic.security.WLSPrincipals .getEveryoneGroupname group new ServerResourcenull, null, null Admin or Operator global roles new URLResourcenull, null, null, null, null weblogic.security.WLSPrincipals .getEveryoneGroupname group new WebServiceResourcenull, null, null, null weblogic.security.WLSPrincipals .getEveryoneGroupname group new WorkContextnull, null weblogic.security.WLSPrincipals .getEveryoneGroupname group Note: Application and COM resources should not have default security policies that is, they should not grant permission to anyone by default. Design Considerations 3-27 you utilize the call to the getParentResource method. For more information about the getParentResource method, see Section 3.6.8, Single-Parent Resource Hierarchies.Parts
» Oracle Fusion Middleware Online Documentation Library
» Document Scope Documentation Audience Guide to this Document
» Writing Console Extensions Overview of the Development Process
» Understand Two Important Restrictions
» Understand the Purpose of the Provider SSPIs Understand the Purpose of the Bulk Access Providers
» Determine Which Provider Interface You Will Implement
» Understand Why You Need an MBean Type
» Understand the SSPI MBean Hierarchy and How It Affects the Administration Console
» Understand What the WebLogic MBeanMaker Provides
» Migration Concepts Security Data Migration
» The Architecture of WebLogic Resources Types of WebLogic Resources
» Looking Up WebLogic Resources in a Security Providers Runtime Class
» ContextHandlers and WebLogic Resources
» Best Practice: Create a Simple Database If None Exists
» Best Practice: Configure an Existing Database
» Users and Groups, Principals and Subjects
» Java Authentication and Authorization Service JAAS
» Example: Creating the Runtime Classes for the Sample Authentication Provider
» Install the MBean Type Into the WebLogic Server Environment
» Specifying the Order of Authentication Providers
» Identity Assertion Providers and LoginModules Identity Assertion and Tokens
» Do You Need to Develop a Custom Authentication Provider? The Identity Assertion Process
» Do You Need to Develop a Custom Identity Assertion Provider?
» Create Runtime Classes Using the Appropriate SSPIs
» Implement the PrincipalValidator SSPI
» The Principal Validation Process The Authorization Process
» Policy Consumer SSPI How to Develop a Custom Authorization Provider
» PolicyStoreMBean How to Develop a Custom Authorization Provider
» Provide a Mechanism for Security Policy Management
» Security Roles Dynamic Security Role Computation
» Role Consumer SSPI How to Develop a Custom Role Mapping Provider
» PolicyStoreMBean How to Develop a Custom Role Mapping Provider
» Is Your Custom Role Mapping Provider Thread Safe? The Auditing Process
» ContextHandlerMBean Methods Example: Implementing the ContextHandlerMBean
» Extend weblogic.management.security.audit.ContextHandlerImpl
» Do You Need to Develop a Custom Auditing Provider?
» Configure the Custom Auditing Provider Using the Administration Console
» Passing Additional Audit Information Audit Event Interfaces and Audit Events
» Credential Mapping Concepts The Credential Mapping Process
» Security Services and the Auditor Service
» Example: Auditing Management Operations from a Providers MBean
» Best Practice: Posting Audit Events from a Providers MBean
» Why Filters are Needed Servlet Authentication Filter Design Considerations
» Implementing Challenge Identity Assertion from a Filter
» Example of a Provider that Implements a Filter Versionable Application Concepts
Show more