Design Considerations 3-3 ■ No local where local refers to the same server, cluster, or domain Java Platform, Enterprise Edition Java EE Version 5 services are available for use within a security providers implementation. Any attempt to use them is unsupported. For example, this prohibits calling an EJB in the current domain from your security provider. Java EE services in other domains are accessible and can be used within a security provider.

3.2.2 Understand the Purpose of the Provider SSPIs

Each SSPI that ends in the suffix Provider for example, CredentialProvider exposes the services of a security provider to the WebLogic Security Framework. This allows the security provider to be manipulated initialized, started, stopped, and so on. Figure 3–2 Provider SSPIs As shown in Figure 3–2 , the SSPIs exposing security services to the WebLogic Security Framework are provided by WebLogic Server, and all extend the SecurityProvider interface, which includes the following methods: ■ initialize public void initializeProviderMBean providerMBean, SecurityServices securityServices The initialize method takes as an argument a ProviderMBean, which can be narrowed to the security providers associated MBean instance. The MBean instance is created from the MBean type you generate, and contains configuration data that allows the custom security provider to be managed in the WebLogic Server environment. If this configuration data is available, the initialize method should be used to extract it. The securityServices argument is an object from which the custom security provider can obtain and use the Auditor Service. For more information about the Auditor Service and auditing, see Chapter 10, Auditing Providers and Chapter 12, Auditing Events From Custom Security Providers. ■ getDescription public String getDescription This method returns a brief textual description of the custom security provider. 3-4 Developing Security Providers for Oracle WebLogic Server ■ shutdown public void shutdown This method shuts down the custom security provider. Because they extend SecurityProvider, a runtime class that implements any SSPI ending in Provider must provide implementations for these inherited methods.

3.2.3 Understand the Purpose of the Bulk Access Providers

This release of WebLogic Server includes bulk access versions of the following Authorization, Adjudication, and Role Mapping provider SSPI interfaces: ■ BulkAuthorizationProvider ■ BulkAccessDecision ■ BulkAdjudicationProvider ■ BulkAdjudicator ■ BulkRoleProvider ■ BulkRoleMapper The bulk access SSPI interfaces allow Authorization, Adjudication, and Role Mapping providers to receive multiple decision requests in one call rather than through multiple calls, typically in a for loop. The intent of the bulk SSPI variants is to allow provider implementations to take advantage of internal performance optimizations, such as detecting that many of the passed-in Resource objects are protected by the same policy and will generate the same decision result. See Section 7.5.4, Bulk Authorization Providers, Section 8.3.2, Bulk Adjudication Providers, and Section 9.5.4, Bulk Role Mapping Providers for additional information.

3.2.4 Determine Which Provider Interface You Will Implement