3-18 Developing Security Providers for Oracle WebLogic Server locations for security data as it is migrated from one security providers database to another.

3.4.2 Adding Migration Support to Your Custom Security Providers

If you want to develop custom security providers that support security data migration like the WebLogic security providers do, you need to extend the weblogic.management.security.ImportMBean and weblogic.management.security.ExportMBean optional SSPI MBeans in the MBean Definition File MDF that you use to generate MBean types for your custom security providers, then implement their methods. These optional SSPI MBeans include the attributes and operations described in Table 3–6 and Table 3–7 , respectively. Caution: The migration files are not protected unless you take additional measures to protect them. Because migration files may contain sensitive data, take extra care when working with them. Table 3–6 Attributes and Operations of the ExportMBean Optional SSPI MBean AttributesOperations Description SupportedExportFormats A list of export data formats that the security provider supports. SupportedExportConstraints A list of export constraints that the security provider supports. exportData Exports provider-specific security data in a specified format. format A parameter on the exportData operation that specifies the format to use for exporting provider-specific data. filename A parameter on the exportData operation that specifies the full path to the filename used to export provider-specific data. Notes: The WebLogic security providers that support security data migration are implemented in a way that allows you to specify a relative path from the directory relative to the server you are working on. You must specify a directory that already exists; WebLogic Server will not create one for you. constraints A parameter on the exportData operation that specifies the constraints to be used when exporting provider-specific data. Note: For more information, see the WebLogic Server API Reference Javadoc for the ExportMBean interface. Design Considerations 3-19

3.4.3 Administration Console Support for Security Data Migration

Unlike other optional SSPI MBeans you may extend in the MDF for your custom security providers, the attributes and operations inherited from the ExportMBean and ImportMBean optional SSPI MBeans automatically appear in a WebLogic Server Administration Console page for the associated security provider, under a Migration tab see Figure 3–8 for an example. This allows administrators to export and import security data for each security provider individually. Table 3–7 Attributes and Operations of the ImportMBean Optional SSPI MBean AttributesOperations Description SupportedImportFormats A list of import data formats that the security provider supports. SupportedImportConstraints A list of import constraints that the security provider supports. importData Imports provider-specific data from a specified format. format A parameter on the importData operation that specifies the format to use for importing provider-specific data. filename A parameter on the importData operation that specifies the full path to the filename used to import provider-specific data. Note: The WebLogic security providers that support security data migration are implemented in a way that allows you to specify a relative path from the directory relative to the server you are working on. You must specify a directory that already exists; WebLogic Server will not create one for you. constraints A parameter on the importData operation that specifies the constraints to be used when importing provider-specific data. Note: For more information, see the WebLogic Server API Reference Javadoc for the ImportMBean interface. Note: If a security provider does not have migration capabilities, the Migration tab for that security provider will not appear in the Administration Console. For instructions about how to migrate security data for individual security providers using the Administration Console, see Migrating Security Data in Securing Oracle WebLogic Server. 3-20 Developing Security Providers for Oracle WebLogic Server Figure 3–8 Migration Tab for the WebLogic Authentication Provider Additionally, if any of the security providers configured in your security realm have migration capabilities, the Migration tab at the security realm level see Figure 3–9 for an example allows administrators to export or import security data for all the security providers configured in the security realm at once. Figure 3–9 Migration Tab for a Security Realm Note: The Migration tab at the security realm level always appears in the Administration Console, whether or not any security providers with migration capabilities are configured in the security realm. However, it is only operational if one or more security providers have migration capabilities. For instructions about how to migrate security data for all security providers at once, see Migrating Security Data in Securing Oracle WebLogic Server. Design Considerations 3-21 As always, if you add additional attributes or operations to your MDF, you must write a console extension in order to make them available in the Administration Console.

3.5 Management Utilities Available to Developers of Security Providers