Introduction to Developing Security Providers for WebLogic Server 2-5

2.2.5 Configuring the Custom Security Provider

The configuration process consists of using the WebLogic Server Administration Console to supply the custom security provider with configuration information. If you generated an MBean type for managing the custom security provider, configuring the custom security provider in the Administration Console also means that you are creating a specific instance of the MBean type. For more information about configuring security providers using the Administration Console, see Securing Oracle WebLogic Server.

2.2.6 Providing Management Mechanisms for Security Policies, Security Roles, and Credential Maps

Certain types of security providers need to provide administrators with a way to manage the security data associated with them. For example, an Authorization provider needs to supply administrators with a way to manage security policies. Similarly, a Role Mapping provider needs to supply administrators with a way to manage security roles, and a Credential Mapping provider needs to supply administrators with a way to manage credential maps. For the WebLogic Authorization, Role Mapping, and Credential Mapping providers, there are already management mechanisms available for administrators in the WebLogic Server Administration Console. However, do you not inherit these mechanisms when you develop a custom version of one of these security providers; you need to provide your own mechanisms to manage security policies, security roles, and credential maps. These mechanisms must read and write the appropriate security data to and from the custom security providers database, but may or may not be integrated with the Administration Console. For more information, refer to one of the following sections: ■ Section 7.5.7, Provide a Mechanism for Security Policy Management for custom Authorization providers ■ Section 9.5.7, Provide a Mechanism for Security Role Management for custom Role Mapping providers ■ Section 11.4.3, Provide a Mechanism for Credential Map Management for custom Credential Mapping providers Note: The configuration process can be completed by the same person who developed the custom security provider, or by a designated administrator. 2-6 Developing Security Providers for Oracle WebLogic Server 3 Design Considerations 3-1 3 Design Considerations Careful planning of development activities can greatly reduce the time and effort you spend developing custom security providers. The following sections describe security provider concepts and functionality in more detail to help you get started: ■ Section 3.1, General Architecture of a Security Provider ■ Section 3.2, Security Services Provider Interfaces SSPIs ■ Section 3.3, Security Service Provider Interface SSPI MBeans ■ Section 3.4, Security Data Migration ■ Section 3.5, Management Utilities Available to Developers of Security Providers ■ Section 3.6, Security Providers and WebLogic Resources ■ Section 3.7, Initialization of the Security Provider Database ■ Section 3.8, Differences In Attribute Validators

3.1 General Architecture of a Security Provider

Although there are different types of security providers you can create see Types of Security Providers in Understanding Security for Oracle WebLogic Server, all security providers follow the same general architecture. Figure 3–1 illustrates the general architecture of a security provider, and an explanation follows. Figure 3–1 Security Provider Architecture