1 Introduction and Roadmap 1-1 1 Introduction and Roadmap The following sections describe the content and organization of this document: ■ Section 1.1, Document Scope ■ Section 1.2, Documentation Audience ■ Section 1.3, Guide to this Document ■ Section 1.4, Related Information ■ Section 1.5, New and Changed Features in this Release

1.1 Document Scope

This document provides security vendors and application developers with the information needed to develop new security providers for use with WebLogic Server.

1.2 Documentation Audience

This document is written for independent software vendors ISVs who want to write their own security providers for use with WebLogic Server. It is assumed that most ISVs reading this documentation are sophisticated application developers who have a solid understanding of security concepts, and that no basic security concepts require explanation. It is also assumed that security vendors and application developers are familiar with WebLogic Server and with Java including Java Management eXtensions JMX.

1.3 Guide to this Document

This document provides security vendors and application developers with the information needed to develop new security providers for use with the WebLogic Server. The document is organized as follows: ■ Chapter 2, Introduction to Developing Security Providers for WebLogic Server which prepares you to learn more about developing security providers for use with WebLogic Server. It specifies the audience and prerequisites for this guide, and provides an overview of the development process. ■ Chapter 3, Design Considerations which explains the general architecture of a security provider and provides background information you should understand about implementing SSPIs and generating MBean types. This section also includes information about using optional management utilities and discusses how security providers interact with WebLogic resources. Lastly, this section suggests ways in 1-2 Developing Security Providers for Oracle WebLogic Server which your custom security providers might work with databases that contain information security providers require. ■ Chapter 4, Authentication Providers which explains the authentication process for simple logins and provides instructions about how to implement each type of security service provider interface SSPI associated with custom Authentication providers. This topic also includes a discussion about JAAS LoginModules. ■ Chapter 5, Identity Assertion Providers which explains the authentication process for perimeter authentication using tokens and provides instructions about how to implement each type of security service provider interface SSPI associated with custom Identity Assertion providers. ■ Chapter 6, Principal Validation Providers which explains how Principal Validation providers assist Authentication providers by signing and verifying the authenticity of principals stored in a subject, and provides instructions about how to develop custom Principal Validation providers. ■ Chapter 7, Authorization Providers which explains the authorization process and provides instructions about how to implement each type of security service provider interface SSPI associated with custom Authorization providers. ■ Chapter 8, Adjudication Providers which explains the adjudication process and provides instructions about how to implement each type of security service provider interface SSPI associated with custom Adjudication providers. ■ Chapter 9, Role Mapping Providers which explains the role mapping process and provides instructions about how to implement each type of security service provider interface SSPI associated with custom Role Mapping providers. ■ Chapter 10, Auditing Providers which explains the auditing process and provides instructions about how to implement each type of security service provider interface SSPI associated with custom Auditing providers. This topic also includes information about how to audit from other types of security providers. ■ Chapter 11, Credential Mapping Providers which explains the credential mapping process and provides instructions about how to implement each type of security service provider interface SSPI associated with custom Credential Mapping providers. ■ Chapter 12, Auditing Events From Custom Security Providers which explains how to add auditing capabilities to the custom security providers you develop. ■ Chapter 13, Servlet Authentication Filters which explains the Servlet authentication filter process and provides instructions about how to implement each type of security service provider interface SSPI associated with Servlet authentication filters. ■ Chapter 14, Versionable Application Providers which explains the concept of versionable applications and provides instructions about how to implement each type of security service provider interface SSPI associated with custom Versionable Application providers. ■ Chapter 15, CertPath Providers which explains the certificate lookup and validation process and provides instructions about how to implement each type of security service provider interface SSPI associated with custom CertPath provider. ■ Appendix A, MBean Definition File MDF Element Syntax which describes all the elements and attributes that are available for use in a valid MDF. An MDF is an Introduction and Roadmap 1-3 XML file used to generate the MBean types, which enable the management of your custom security providers.

1.4 Related Information