Auditing Providers 10-5

10.3.2 Example: Implementing the ContextHandlerMBean

Example 10–5 shows the SimpleSampleAuditProviderImpl.java class, which is the runtime class for the sample Auditing provider. This sample Auditing provider has been enhanced to implement the ContextHandlerMBean. An MBean Definition File MDF is an XML file used by the WebLogic MBeanMaker utility to generate the Java files that comprise an MBean type. All MDFs must extend a required SSPI MBean that is specific to the type of the security provider you have created, and can implement optional SSPI MBeans. Example 10–1 shows the key sections of the MDF for the sample Auditing provider, which implements the optional ContexthandlerMBean. Example 10–1 Example: SimpleSampleAuditor.xml MBeanType Name = SimpleSampleAuditor DisplayName = SimpleSampleAuditor Package = examples.security.providers.audit.simple Extends = weblogic.management.security.audit.Auditor Implements = weblogic.management.security.audit.ContextHandler PersistPolicy = OnUpdate ... MBeanAttribute Name = SupportedContextHandlerEntries Type = java.lang.String[] Writeable = false Default = new String[] { quot;com.bea.contextelement.servlet.HttpServletRequestquot; } Description = List of all ContextHandler entries supported by the auditor.

10.3.3 Extend weblogic.management.security.audit.ContextHandlerImpl

The ContextHandlerMBean has an setActiveContextHandlerEntries attribute that sets the ContextHandler entries that the Audit provider is currently configured to process. The entries you specify must be listed in the Audit providers SupportedContextHandlerEntries attribute. However, this requirement is not actually enforced by the MBean. Additional work is required to validate that this attribute can set only values from the SupportedContextHandlerEntries attribute. You must also create an MBean customizer for example, you might call it MyAuditorImpl.java file that extends weblogic.management.security.audit.ContextHandlerImpl. Extending weblogic.management.security.audit.ContextHandlerImpl gives the provider access to the ActiveContextHandlerEntries attribute validator, which ensures that the entries include only SupportedContextHandlerEntries. An example of extending ContextHandlerImpl is available in SimpleSampleAuditorImpl, which is shown in Example 10–2 . Example 10–2 SimpleSampleAuditorImpl package examples.security.providers.audit.simple; import javax.management.MBeanException; import javax.management.modelmbean.RequiredModelMBean; 10-6 Developing Security Providers for Oracle WebLogic Server import weblogic.management.security.audit.ContextHandlerImpl; The simple sample auditors mbean implementation. p It is needed to inherit the ContextHandlerMBeans ActiveContextHandlerEntries attribute validator that ensures that the ActiveContextHandlerEntries attribute only contains values from the SupportedContextHandlerEntries attribute. author Copyright © 1996, 2008, Oracle andor its affiliates. All rights reserved. public class SimpleSampleAuditorImpl extends ContextHandlerImpl Note: extend ContextHandlerImpl instead of AuditorImpl to inherit the ActiveContextHandlerEntries attribute validator. { Standard mbean impl constructor. throws MBeanException public SimpleSampleAuditorImplRequiredModelMBean base throws MBeanException { superbase; } } After you implement code similar to that in SimpleSampleAuditorImpl, add code to your Audit runtime provider to get the ActiveContextHandlerEntries. One possible way to do this is shown in Example 10–3 . Example 10–3 Getting Active Context Handler Entries String [] activeHandlerEntries = myMBean.getActiveContextHandlerEntries; if activeHandlerEntries = null { for int i=0; iactiveHandlerEntries.length; i++ { if activeHandlerEntries[i] = null activeHandlerEntries[i].equalsIgnoreCaseHTTP_REQUEST_ELEMENT { handlerEnabled = true; break; } } } 10.4 Do You Need to Develop a Custom Auditing Provider?