Review the descriptions of the WebLogic security providers to determine whether Determine which type of custom security provider you want to create. Identify which security service provider interfaces SSPIs you must implement to Decide whether you will im
2.2.1 Designing the Custom Security Provider
The design process includes the following steps:1. Review the descriptions of the WebLogic security providers to determine whether
you need to create a custom security provider. Descriptions of the WebLogic security providers are available under WebLogic Security Providers in Understanding Security for Oracle WebLogic Server and in later sections of this guide under the Do You Need to Create a Custom Provider_Type Provider? headings.2. Determine which type of custom security provider you want to create.
The type may be Authentication, Identity Assertion, Principal Validation, Authorization, Adjudication, Role Mapping, Auditing, Credential Mapping, Versionable Application, or CertPath, as described in Types of Security Providers in Understanding Security for Oracle WebLogic Server. Your custom security provider can augment or replace the WebLogic security providers that are already supplied with WebLogic Server.3. Identify which security service provider interfaces SSPIs you must implement to
create the runtime classes for your custom security provider, based on the type of security provider you want to create. The SSPIs for the different security provider types are described in Section 3.2, Security Services Provider Interfaces SSPIs and summarized in Section 3.2.6, SSPI Quick Reference.4. Decide whether you will implement the SSPIs in one or two runtime classes.
These options are discussed in Section 3.2.5, Understand the SSPI Hierarchy and Determine Whether You Will Create One or Two Runtime Classes.5. Identify which required SSPI MBeans you must extend to generate an MBean type
through which your custom security provider can be managed. If you want to provide additional management functionality for your custom security provider such as handling of users, groups, security roles, and security policies, you also need to identify which optional SSPI MBeans to implement. The SSPI MBeans are described in Section 3.3, Security Service Provider Interface SSPI MBeans and summarized in Section 3.3.6, SSPI MBean Quick Reference. 6. Determine how you will initialize the database that your custom security provider requires. You can have your custom security provider create a simple database, or configure your custom security provider to use an existing, fully-populated database. These two database initialization options are explained in Section 3.7, Initialization of the Security Provider Database. 7. Identify any database seeding that your custom security provider will need to do as part of its interaction with security policies on WebLogic resources. This seeding may involve creating default groups, security roles, or security policies. For more information, see Section 3.6, Security Providers and WebLogic Resources. Introduction to Developing Security Providers for WebLogic Server 2-32.2.2 Creating Runtime Classes for the Custom Security Provider by Implementing SSPIs
Parts
» Oracle Fusion Middleware Online Documentation Library
» Document Scope Documentation Audience Guide to this Document
» Writing Console Extensions Overview of the Development Process
» Understand Two Important Restrictions
» Understand the Purpose of the Provider SSPIs Understand the Purpose of the Bulk Access Providers
» Determine Which Provider Interface You Will Implement
» Understand Why You Need an MBean Type
» Understand the SSPI MBean Hierarchy and How It Affects the Administration Console
» Understand What the WebLogic MBeanMaker Provides
» Migration Concepts Security Data Migration
» The Architecture of WebLogic Resources Types of WebLogic Resources
» Looking Up WebLogic Resources in a Security Providers Runtime Class
» ContextHandlers and WebLogic Resources
» Best Practice: Create a Simple Database If None Exists
» Best Practice: Configure an Existing Database
» Users and Groups, Principals and Subjects
» Java Authentication and Authorization Service JAAS
» Example: Creating the Runtime Classes for the Sample Authentication Provider
» Install the MBean Type Into the WebLogic Server Environment
» Specifying the Order of Authentication Providers
» Identity Assertion Providers and LoginModules Identity Assertion and Tokens
» Do You Need to Develop a Custom Authentication Provider? The Identity Assertion Process
» Do You Need to Develop a Custom Identity Assertion Provider?
» Create Runtime Classes Using the Appropriate SSPIs
» Implement the PrincipalValidator SSPI
» The Principal Validation Process The Authorization Process
» Policy Consumer SSPI How to Develop a Custom Authorization Provider
» PolicyStoreMBean How to Develop a Custom Authorization Provider
» Provide a Mechanism for Security Policy Management
» Security Roles Dynamic Security Role Computation
» Role Consumer SSPI How to Develop a Custom Role Mapping Provider
» PolicyStoreMBean How to Develop a Custom Role Mapping Provider
» Is Your Custom Role Mapping Provider Thread Safe? The Auditing Process
» ContextHandlerMBean Methods Example: Implementing the ContextHandlerMBean
» Extend weblogic.management.security.audit.ContextHandlerImpl
» Do You Need to Develop a Custom Auditing Provider?
» Configure the Custom Auditing Provider Using the Administration Console
» Passing Additional Audit Information Audit Event Interfaces and Audit Events
» Credential Mapping Concepts The Credential Mapping Process
» Security Services and the Auditor Service
» Example: Auditing Management Operations from a Providers MBean
» Best Practice: Posting Audit Events from a Providers MBean
» Why Filters are Needed Servlet Authentication Filter Design Considerations
» Implementing Challenge Identity Assertion from a Filter
» Example of a Provider that Implements a Filter Versionable Application Concepts
Show more