Credential Mapping Providers 11-13 ■ Section 11.4.3.2, Option 2: Integrate an Existing Credential Map Management Tool into the Administration Console

11.4.3.1 Option 1: Develop a Stand-Alone Tool for Credential Map Management

You would typically select this option if you want to develop a tool that is entirely separate from the WebLogic Server Administration Console. For this option, you do not need to write any console extensions for your custom Credential Mapping provider, nor do you need to develop any management MBeans. However, your tool needs to:

1. Determine the WebLogic resources ID, since it is not automatically provided to

you by the console extension. For more information, see Section 3.6.3, WebLogic Resource Identifiers.

2. Determine how to represent the represent the local-to-remote user relationship.

This representation is entirely up to you and need not be a string.

3. Read and write the expressions from and to the custom Credential Mapping

providers database. 11.4.3.2 Option 2: Integrate an Existing Credential Map Management Tool into the Administration Console You would typically select this option if you have a tool that is separate from the WebLogic Server Administration Console, but you want to launch that tool from the Administration Console. For this option, your tool needs to: 1. Determine the WebLogic resources ID. For more information, see Section 3.6.3, WebLogic Resource Identifiers. 2. Determine how to represent the represent the local-to-remote user relationship. This representation is entirely up to you and need not be a string. 3. Read and write the expressions from and to the custom Credential Mapping providers database. 4. Link into the Administration Console using basic console extension techniques, as described in Extending the Administration Console for Oracle WebLogic Server. 11-14 Developing Security Providers for Oracle WebLogic Server 12 Auditing Events From Custom Security Providers 12-1 12 Auditing Events From Custom Security Providers As described in Chapter 10, Auditing Providers auditing is the process whereby information about operating requests and the outcome of those requests are collected, stored, and distributed for the purposes of non-repudiation. Auditing providers provide this electronic trail of computer activity. Each type of security provider can call the configured Auditing providers with a request to write out information about security-related events, before or after these events take place. For example, if a user attempts to access a withdraw method in a bank account application to which they should not have access, the Authorization provider can request that this operation be recorded. Security-related events are only recorded when they meet or exceed the severity level specified in the configuration of the Auditing providers. The following sections provide the background information you need to understand before adding auditing capability to your custom security providers, and provide step-by-step instructions for adding auditing capability to a custom security provider: ■ Section 12.1, Security Services and the Auditor Service ■ Section 12.2, How to Audit From a Custom Security Provider

12.1 Security Services and the Auditor Service

The SecurityServices interface, located in the weblogic.security.spi package, is a repository for security services currently just the Auditor Service. As such, the SecurityServices interface is responsible for supplying callers with a reference to the Auditor Service via the following method: ■ getAuditorService public AuditorService getAuditorService The getAuditorService method returns the AuditService if an Auditing provider is configured. The AuditorService interface, also located in the weblogic.security.spi package, provides other types of security providers for example, Authentication providers with limited write-only auditing capabilities. In other words, the Auditor Service fans out invocations of each configured Auditing providers writeEvent method, which simply writes an audit record based on the information specified in the AuditEvent object that is passed in. For more information about the writeEvent method, see Section 10.5.1.2, Implement the AuditChannel SSPI. For more information about AuditEvent