The Architecture of WebLogic Resources Types of WebLogic Resources
3.6.1 The Architecture of WebLogic Resources
The Resource interface, located in the weblogic.security.spi package, provides the definition for an object that represents a WebLogic resource, which can be protected from unauthorized access. The ResourceBase class, located in the weblogic.security.service package, is an abstract base class for more specific WebLogic resource types, and facilitates the model for extending resources. See Figure 3–10 and Section 3.6.2, Types of WebLogic Resources for more information. Figure 3–10 Architecture of WebLogic Resources Note: Security policies replace the access control lists ACLs and permissions that were used to protect WebLogic resources in previous releases of WebLogic Server. Note: For more information, see Securing Resources Using Roles and Policies for Oracle WebLogic Server. Design Considerations 3-23 The ResourceBase class includes the Oracle-provided implementations of the getID, getKeys, getValues, and toString methods. For more information, see the WebLogic Server API Reference Javadoc for the ResourceBase class. This architecture allows you to develop security providers without requiring that they be aware of any particular WebLogic resources. Therefore, when new resource types are added, you should not need to modify the security providers.3.6.2 Types of WebLogic Resources
As shown in Figure 3–10, Architecture of WebLogic Resources , certain classes in the weblogic.security.service package extend the ResourceBase class, and therefore provide you with implementations for specific types of WebLogic resources. WebLogic resource implementations are available for: ■ Administrative resources ■ Application resources ■ COM resources ■ Control resources ■ EIS resources ■ EJB resources ■ JDBC resources ■ JMS resources ■ JNDI resources ■ Remote resources ■ Server resources ■ URL resources ■ Web service resources ■ Work Context resources3.6.3 WebLogic Resource Identifiers
Parts
» Oracle Fusion Middleware Online Documentation Library
» Document Scope Documentation Audience Guide to this Document
» Writing Console Extensions Overview of the Development Process
» Understand Two Important Restrictions
» Understand the Purpose of the Provider SSPIs Understand the Purpose of the Bulk Access Providers
» Determine Which Provider Interface You Will Implement
» Understand Why You Need an MBean Type
» Understand the SSPI MBean Hierarchy and How It Affects the Administration Console
» Understand What the WebLogic MBeanMaker Provides
» Migration Concepts Security Data Migration
» The Architecture of WebLogic Resources Types of WebLogic Resources
» Looking Up WebLogic Resources in a Security Providers Runtime Class
» ContextHandlers and WebLogic Resources
» Best Practice: Create a Simple Database If None Exists
» Best Practice: Configure an Existing Database
» Users and Groups, Principals and Subjects
» Java Authentication and Authorization Service JAAS
» Example: Creating the Runtime Classes for the Sample Authentication Provider
» Install the MBean Type Into the WebLogic Server Environment
» Specifying the Order of Authentication Providers
» Identity Assertion Providers and LoginModules Identity Assertion and Tokens
» Do You Need to Develop a Custom Authentication Provider? The Identity Assertion Process
» Do You Need to Develop a Custom Identity Assertion Provider?
» Create Runtime Classes Using the Appropriate SSPIs
» Implement the PrincipalValidator SSPI
» The Principal Validation Process The Authorization Process
» Policy Consumer SSPI How to Develop a Custom Authorization Provider
» PolicyStoreMBean How to Develop a Custom Authorization Provider
» Provide a Mechanism for Security Policy Management
» Security Roles Dynamic Security Role Computation
» Role Consumer SSPI How to Develop a Custom Role Mapping Provider
» PolicyStoreMBean How to Develop a Custom Role Mapping Provider
» Is Your Custom Role Mapping Provider Thread Safe? The Auditing Process
» ContextHandlerMBean Methods Example: Implementing the ContextHandlerMBean
» Extend weblogic.management.security.audit.ContextHandlerImpl
» Do You Need to Develop a Custom Auditing Provider?
» Configure the Custom Auditing Provider Using the Administration Console
» Passing Additional Audit Information Audit Event Interfaces and Audit Events
» Credential Mapping Concepts The Credential Mapping Process
» Security Services and the Auditor Service
» Example: Auditing Management Operations from a Providers MBean
» Best Practice: Posting Audit Events from a Providers MBean
» Why Filters are Needed Servlet Authentication Filter Design Considerations
» Implementing Challenge Identity Assertion from a Filter
» Example of a Provider that Implements a Filter Versionable Application Concepts
Show more