Administration Application Installation
BEA WebLogic Enterprise Security is certified by standard BEA platform requirements. The Administration Application is an n
-tier Java-based web application that is primarily based on JavaServer Pages (JSP). The Administration Application includes a variety of utilities, including the Administration Console, Service Control Manager, Policy Importer, and Policy Exporter. The console allows you to manage and configure services and policies for any number of distributed Security Service Modules. This guide provides the information needed to install the Administration Application, including system requirements and prerequisite software and hardware. It does not include information for additional Security Service Modules that you may also be installing.
This section covers the following topics:
This document provides application developers with the information needed to setup the database, install the BEA WebLogic Enterprise SecurityTM Administration Application, and configure metadirectories. The document is organized as follows:
Prior to reading this guide, you should read the Introduction to BEA WebLogic Enterprise Security. This document describes how the product works and provides conceptual information that is helpful to understanding the necessary installation components.
Additionally, BEA WebLogic Enterprise Security includes many unique terms and concepts that you need to understand. These terms and concepts—which you will encounter throughout the documentation—are defined in the Glossary.
BEA product documentation, along with other information about BEA software, is available from the BEA dev2dev web site:
To view the documentation for a particular product, select that product from the Product Centers menu on the left side of the screen on the dev2dev page. Select More Product Centers. From the BEA Products list, choose WebLogic Enterprise Security 4.2. The home page for this product is displayed. From the Resources menu, choose Documentation 4.2. The home page for the complete documentation set for the product and release you have selected is displayed.
The BEA corporate web site provides all documentation for BEA WebLogic Enterprise Security. Other BEA WebLogic Enterprise Security documents that may be of interest to the reader include:
The following sections describe the audience for this document and provide an overview of the Administration Application:
It is assumed that readers understand web technologies and have a general understanding of the Microsoft Windows or UNIX operating system being used. The general audience for this installation guide includes Database Administrators and System Administrators.
Figure 1-1 shows the BEA WebLogic Enterprise Security system environment.
Figure 1-1 WebLogic Enterprise Security Environment
The Administration Application allows you to manage and configure multiple Security Service Modules. While Security Service Modules specify and consume configuration data and then service security requests accordingly, the Administration Application allows you to configure and display the security providers that are deployed in the Security Service Module, and to modify the configuration data for those providers.
The Service Control Manager is an essential component of the BEA WebLogic Enterprise Security provisioning mechanism and is a key component of a fully-distributed security enforcement architecture. A Service Control Manager is a machine agent that exposes a provisioning interface to the Administration Application to facilitate the management of a potentially large number of distributed Security Service Modules. A Service Control Manager can receive and store meta-data updates, both full and incremental, initiated by the Administration Application.
The Administration Application uses the provisioning mechanism of the Service Control Manager to distribute configuration and policy data to each Security Service Module where it is stored locally (see Figure 1-2). Security Service Modules can be distributed throughout an enterprise and can be embedded in Java applications, application servers, and web servers.
After you use the Administration Application to configure an instance of a Security Service Module with configuration and policy data, the Security Service Module does not require any additional communication with the Service Control Manager to provide security services. However, the Service Control Manager maintains communication with the Security Service Module to distribute full and incremental updates whenever necessary.
Figure 1-2 Deploying Configuration and Policy Data
Figure 1-3 shows the major architectural components of the Administration Application. The following topics describe these components:
Figure 1-3 Architectural Components
The Administration Application supports the following security services:
The primary function of the Security Framework is to provide an application programming interface (API) that security and application developers can use to implement security functions. Within that context, the Security Framework also acts as an intermediary between security services and the security providers that are configured into the Security Service Module.
When you install the Administration Application or a Security Service Module, a JAR file is deployed that contains all the security providers that ship with the product. However, before any of the security providers can be used, you must configure them through the Administration Application. You have the option of configuring either the security providers that ship with the product or custom security providers, that you develop or purchase from third-party security vendors. You can configure your providers through the Administration Console or by importing policy datafiles directly into the database. The Administration Application supports the following types of security providers:
Note: To use custom security providers with a Security Service Module, you must deploy the security provider MBean JAR file (MJF) to both the provider directory on the machine on which you install the Security Service Module and on the Administration Server. For more information on how to develop custom security providers, see Developing Security Providers for BEA WebLogic Enterprise Security.
For more information on security providers, see Introduction to BEA WebLogic Enterprise Security.