3-18 Developing Security Providers for Oracle WebLogic Server
locations for security data as it is migrated from one security providers database to another.
3.4.2 Adding Migration Support to Your Custom Security Providers
If you want to develop custom security providers that support security data migration like the WebLogic security providers do, you need to extend the
weblogic.management.security.ImportMBean and weblogic.management.security.ExportMBean optional SSPI MBeans in the
MBean Definition File MDF that you use to generate MBean types for your custom security providers, then implement their methods. These optional SSPI MBeans
include the attributes and operations described in
Table 3–6 and
Table 3–7 ,
respectively.
Caution: The migration files are not protected unless you take
additional measures to protect them. Because migration files may contain sensitive data, take extra care when working with them.
Table 3–6 Attributes and Operations of the ExportMBean Optional SSPI MBean
AttributesOperations Description
SupportedExportFormats A list of export data formats that the
security provider supports. SupportedExportConstraints
A list of export constraints that the security provider supports.
exportData Exports provider-specific security data in a
specified format. format
A parameter on the exportData operation that specifies the format to use
for exporting provider-specific data. filename
A parameter on the exportData operation that specifies the full path to the
filename used to export provider-specific data.
Notes: The WebLogic security providers
that support security data migration are implemented in a way that allows you to
specify a relative path from the directory relative to the server you are working on.
You must specify a directory that already exists; WebLogic Server will not create one
for you.
constraints A parameter on the exportData
operation that specifies the constraints to be used when exporting provider-specific
data.
Note:
For more information, see the WebLogic Server API Reference Javadoc for the ExportMBean interface.
Design Considerations 3-19
3.4.3 Administration Console Support for Security Data Migration
Unlike other optional SSPI MBeans you may extend in the MDF for your custom security providers, the attributes and operations inherited from the ExportMBean and
ImportMBean optional SSPI MBeans automatically appear in a WebLogic Server Administration Console page for the associated security provider, under a Migration
tab see
Figure 3–8 for an example. This allows administrators to export and import
security data for each security provider individually.
Table 3–7 Attributes and Operations of the ImportMBean Optional SSPI MBean
AttributesOperations Description
SupportedImportFormats A list of import data formats that the
security provider supports. SupportedImportConstraints
A list of import constraints that the security provider supports.
importData Imports provider-specific data from a
specified format. format
A parameter on the importData operation that specifies the format to use
for importing provider-specific data. filename
A parameter on the importData operation that specifies the full path to the
filename used to import provider-specific data.
Note: The WebLogic security providers that
support security data migration are implemented in a way that allows you to
specify a relative path from the directory relative to the server you are working on.
You must specify a directory that already exists; WebLogic Server will not create one
for you.
constraints A parameter on the importData
operation that specifies the constraints to be used when importing provider-specific
data.
Note: For more information, see the WebLogic Server API Reference
Javadoc for the ImportMBean interface.
Note:
If a security provider does not have migration capabilities, the Migration tab for that security provider will not appear in the
Administration Console. For instructions about how to migrate security data for individual
security providers using the Administration Console, see Migrating Security Data in Securing Oracle WebLogic Server.
3-20 Developing Security Providers for Oracle WebLogic Server
Figure 3–8 Migration Tab for the WebLogic Authentication Provider
Additionally, if any of the security providers configured in your security realm have migration capabilities, the Migration tab at the security realm level see
Figure 3–9 for
an example allows administrators to export or import security data for all the security providers configured in the security realm at once.
Figure 3–9 Migration Tab for a Security Realm
Note: The Migration tab at the security realm level always appears in
the Administration Console, whether or not any security providers with migration capabilities are configured in the security realm.
However, it is only operational if one or more security providers have migration capabilities.
For instructions about how to migrate security data for all security providers at once, see Migrating Security Data in Securing Oracle
WebLogic Server.
Design Considerations 3-21
As always, if you add additional attributes or operations to your MDF, you must write a console extension in order to make them available in the Administration Console.
3.5 Management Utilities Available to Developers of Security Providers