Understand the SSPI Hierarchy and Determine Whether You Will Create One or Two Runtime Classes SSPI Quick Reference
3.2.5 Understand the SSPI Hierarchy and Determine Whether You Will Create One or Two Runtime Classes
Figure 3–3 uses a Credential Mapping provider to illustrate the inheritance hierarchy that is common to all SSPIs, and shows how a runtime class you supply can implement those interfaces. In this example, Oracle supplies the SecurityProvider interface, and the CredentialProviderV2 and CredentialMapperV2 SSPIs. Figure 3–3 shows a single runtime class called MyCredentialMapperProviderImpl that implements the CredentialProviderV2 and CredentialMapperV2 SSPIs. Figure 3–3 Credential Mapping SSPIs and a Single Runtime Class However, Figure 3–3 illustrates only one way you can implement SSPIs: by creating a single runtime class. If you prefer, you can have two runtime classes as shown in Figure 3–4 : one for the implementation of the SSPI ending in Provider for example, CredentialProviderV2, and one for the implementation of the other SSPI for example, the CredentialMapperV2 SSPI. When there are separate runtime classes, the class that implements the SSPI ending in Provider acts as a factory for generating the runtime class that implements the other SSPI. For example, in Figure 3–4 , MyCredentialMapperProviderImpl acts as a factory for generating MyCredentialMapperImpl. Note: For more information about credentials, see Section 11.1, Credential Mapping Concepts. For more information about security policies, see Security Policies in Securing Resources Using Roles and Policies for Oracle WebLogic Server. Design Considerations 3-7 Figure 3–4 Credential Mapping SSPIs and Two Runtime Classes3.2.6 SSPI Quick Reference
Table 3–1 maps the types of security providers and their components with the SSPIs and other interfaces you use to develop them. Note: If you decide to have two runtime implementation classes, you need to remember to include both runtime implementation classes in the MBean JAR File MJF when you generate the security providers MBean type. For more information, see Section 2.2.3, Generating an MBean Type to Configure and Manage the Custom Security Provider. Table 3–1 Security Providers, Their Components, and Corresponding SSPIs TypeComponent SSPIsInterfaces Authentication provider AuthenticationProviderV2 LoginModule JAAS LoginModule Identity Assertion provider AuthenticationProviderV2 Identity Asserter IdentityAsserterV2 Principal Validation provider PrincipalValidator Authorization AuthorizationProvider DeployableAuthorizationProviderV2 Access Decision AccessDecision Adjudication provider AdjudicationProviderV2 Adjudicator AdjudicatorV2 Role Mapping provider RoleProvider DeployableRoleProviderV2 3-8 Developing Security Providers for Oracle WebLogic Server3.3 Security Service Provider Interface SSPI MBeans
Parts
» Oracle Fusion Middleware Online Documentation Library
» Document Scope Documentation Audience Guide to this Document
» Writing Console Extensions Overview of the Development Process
» Understand Two Important Restrictions
» Understand the Purpose of the Provider SSPIs Understand the Purpose of the Bulk Access Providers
» Determine Which Provider Interface You Will Implement
» Understand Why You Need an MBean Type
» Understand the SSPI MBean Hierarchy and How It Affects the Administration Console
» Understand What the WebLogic MBeanMaker Provides
» Migration Concepts Security Data Migration
» The Architecture of WebLogic Resources Types of WebLogic Resources
» Looking Up WebLogic Resources in a Security Providers Runtime Class
» ContextHandlers and WebLogic Resources
» Best Practice: Create a Simple Database If None Exists
» Best Practice: Configure an Existing Database
» Users and Groups, Principals and Subjects
» Java Authentication and Authorization Service JAAS
» Example: Creating the Runtime Classes for the Sample Authentication Provider
» Install the MBean Type Into the WebLogic Server Environment
» Specifying the Order of Authentication Providers
» Identity Assertion Providers and LoginModules Identity Assertion and Tokens
» Do You Need to Develop a Custom Authentication Provider? The Identity Assertion Process
» Do You Need to Develop a Custom Identity Assertion Provider?
» Create Runtime Classes Using the Appropriate SSPIs
» Implement the PrincipalValidator SSPI
» The Principal Validation Process The Authorization Process
» Policy Consumer SSPI How to Develop a Custom Authorization Provider
» PolicyStoreMBean How to Develop a Custom Authorization Provider
» Provide a Mechanism for Security Policy Management
» Security Roles Dynamic Security Role Computation
» Role Consumer SSPI How to Develop a Custom Role Mapping Provider
» PolicyStoreMBean How to Develop a Custom Role Mapping Provider
» Is Your Custom Role Mapping Provider Thread Safe? The Auditing Process
» ContextHandlerMBean Methods Example: Implementing the ContextHandlerMBean
» Extend weblogic.management.security.audit.ContextHandlerImpl
» Do You Need to Develop a Custom Auditing Provider?
» Configure the Custom Auditing Provider Using the Administration Console
» Passing Additional Audit Information Audit Event Interfaces and Audit Events
» Credential Mapping Concepts The Credential Mapping Process
» Security Services and the Auditor Service
» Example: Auditing Management Operations from a Providers MBean
» Best Practice: Posting Audit Events from a Providers MBean
» Why Filters are Needed Servlet Authentication Filter Design Considerations
» Implementing Challenge Identity Assertion from a Filter
» Example of a Provider that Implements a Filter Versionable Application Concepts
Show more