Introduction to Developing Security Providers for WebLogic Server 2-5
2.2.5 Configuring the Custom Security Provider
The configuration process consists of using the WebLogic Server Administration Console to supply the custom security provider with configuration information. If you
generated an MBean type for managing the custom security provider, configuring the custom security provider in the Administration Console also means that you are
creating a specific instance of the MBean type.
For more information about configuring security providers using the Administration Console, see Securing Oracle WebLogic Server.
2.2.6 Providing Management Mechanisms for Security Policies, Security Roles, and Credential Maps
Certain types of security providers need to provide administrators with a way to manage the security data associated with them. For example, an Authorization
provider needs to supply administrators with a way to manage security policies. Similarly, a Role Mapping provider needs to supply administrators with a way to
manage security roles, and a Credential Mapping provider needs to supply administrators with a way to manage credential maps.
For the WebLogic Authorization, Role Mapping, and Credential Mapping providers, there are already management mechanisms available for administrators in the
WebLogic Server Administration Console. However, do you not inherit these mechanisms when you develop a custom version of one of these security providers;
you need to provide your own mechanisms to manage security policies, security roles, and credential maps. These mechanisms must read and write the appropriate security
data to and from the custom security providers database, but may or may not be integrated with the Administration Console.
For more information, refer to one of the following sections:
■
Section 7.5.7, Provide a Mechanism for Security Policy Management for custom
Authorization providers
■
Section 9.5.7, Provide a Mechanism for Security Role Management for custom
Role Mapping providers
■
Section 11.4.3, Provide a Mechanism for Credential Map Management for
custom Credential Mapping providers
Note: The configuration process can be completed by the same
person who developed the custom security provider, or by a designated administrator.
2-6 Developing Security Providers for Oracle WebLogic Server
3
Design Considerations 3-1
3
Design Considerations
Careful planning of development activities can greatly reduce the time and effort you spend developing custom security providers. The following sections describe security
provider concepts and functionality in more detail to help you get started:
■
Section 3.1, General Architecture of a Security Provider
■
Section 3.2, Security Services Provider Interfaces SSPIs
■
Section 3.3, Security Service Provider Interface SSPI MBeans
■
Section 3.4, Security Data Migration
■
Section 3.5, Management Utilities Available to Developers of Security Providers
■
Section 3.6, Security Providers and WebLogic Resources
■
Section 3.7, Initialization of the Security Provider Database
■
Section 3.8, Differences In Attribute Validators
3.1 General Architecture of a Security Provider
Although there are different types of security providers you can create see Types of Security Providers in Understanding Security for Oracle WebLogic Server, all security
providers follow the same general architecture. Figure 3–1
illustrates the general architecture of a security provider, and an explanation follows.
Figure 3–1 Security Provider Architecture