|
 |
| e-docs > WebLogic Server > Developing Security Providers for WebLogic Server |
|
Developing Security Providers for WebLogic Server
|
Introduction to Developing Security Providers for WebLogic Server
Overview of the Development Process
Designing the Custom Security Provider
Creating Runtime Classes for the Custom Security Provider by Implementing SSPIs
Generating an MBean Type to Configure and Manage the Custom Security Provider
Configuring the Custom Security Provider
Providing Management Mechanisms for Security Policies, Security Roles, and Credential Maps
General Architecture of a Security Provider
Security Services Provider Interfaces (SSPIs)
Understand an Important Restriction
Understand the Purpose of the "Provider" SSPIs
Determine Which "Provider" Interface You Will Implement
The DeployableAuthorizationProvider SSPI
The DeployableRoleProvider SSPI
The DeployableCredentialProvider SSPI
Understand the SSPI Hierarchy and Determine Whether You Will Create One or Two Runtime Classes
Security Service Provider Interface (SSPI) MBeans
Understand Why You Need an MBean Type
Determine Which SSPI MBeans to Extend and Implement
Understand the Basic Elements of an MBean Definition File (MDF)
Understand the SSPI MBean Hierarchy and How It Affects the Administration Console
Understand What the WebLogic MBeanMaker Provides
About the MBean Information File
Management Utilities Available to Developers of Security Providers
Security Providers and WebLogic Resources
The Architecture of WebLogic Resources
Resource IDs and the getID() Method
Creating Default Groups for WebLogic Resources
Creating Default Security Roles for WebLogic Resources
Creating Default Security Policies for WebLogic Resources
Looking Up WebLogic Resources in a Security Provider's Runtime Class
Single-Parent Resource Hierarchies
Pattern Matching for URL Resources
ContextHandlers and WebLogic Resources
Initializing the Security Provider Database
Best Practice: Create a Simple Database If None Exists
Best Practice: Configure an Existing Database
Best Practice: Delegate Database Initialization
Users and Groups, Principals and Subjects
LoginModules and Multipart Authentication
Java Authentication and Authorization Service (JAAS)
How JAAS Works With the WebLogic Security Framework
Example: Standalone T3 Application
Do You Need to Develop a Custom Authentication Provider?
How to Develop a Custom Authentication Provider
Create Runtime Classes Using the Appropriate SSPIs
Implement the AuthenticationProvider SSPI
Implement the JAAS LoginModule Interface
Throwing Custom Exceptions from LoginModules
Example: Creating the Runtime Classes for the Sample Authentication Provider
Generate an MBean Type Using the WebLogic MBeanMaker
Create an MBean Definition File (MDF)
Use the WebLogic MBeanMaker to Generate the MBean Type
Use the WebLogic MBeanMaker to Create the MBean JAR File (MJF)
Install the MBean Type Into the WebLogic Server Environment
Configure the Custom Authentication Provider Using the Administration Console
Identity Assertion Providers and LoginModules
How to Make New Token Types Available for Identity Assertion Provider Configurations
Passing Tokens for Perimeter Authentication
Common Secure Interoperability Version 2 (CSIv2)
The Identity Assertion Process
Do You Need to Develop a Custom Identity Assertion Provider?
How to Develop a Custom Identity Assertion Provider
Create Runtime Classes Using the Appropriate SSPIs
Implement the AuthenticationProvider SSPI
Implement the IdentityAsserter SSPI
Example: Creating the Runtime Class for the Sample Identity Assertion Provider
Generate an MBean Type Using the WebLogic MBeanMaker
Create an MBean Definition File (MDF)
Use the WebLogic MBeanMaker to Generate the MBean Type
Use the WebLogic MBeanMaker to Create the MBean JAR File (MJF)
Install the MBean Type Into the WebLogic Server Environment
Configure the Custom Identity Assertion Provider Using the Administration Console
Principal Validation Providers
Principal Validation and Principal Types
How Principal Validation Providers Differ From Other Types of Security Providers
Security Exceptions Resulting from Invalid Principals
The Principal Validation Process
Do You Need to Develop a Custom Principal Validation Provider?
How to Use the WebLogic Principal Validation Provider
How to Develop a Custom Principal Validation Provider
Implement the PrincipalValidator SSPI
Do You Need to Develop a Custom Authorization Provider?
How to Develop a Custom Authorization Provider
Create Runtime Classes Using the Appropriate SSPIs
Implement the AuthorizationProvider SSPI
Implement the DeployableAuthorizationProvider SSPI
Implement the AccessDecision SSPI
Example: Creating the Runtime Class for the Sample Authorization Provider
Generate an MBean Type Using the WebLogic MBeanMaker
Create an MBean Definition File (MDF)
Use the WebLogic MBeanMaker to Generate the MBean Type
Use the WebLogic MBeanMaker to Create the MBean JAR File (MJF)
Install the MBean Type Into the WebLogic Server Environment
Configure the Custom Authorization Provider Using the Administration Console
Managing Authorization Providers and Deployment Descriptors
Enabling Security Policy Deployment
Provide a Mechanism for Security Policy Management
Option 1: Create Your Own "Policy Editor" Page Using Console Extensions
Option 2: Develop a Stand-Alone Tool for Security Policy Management
Option 3: Integrate an Existing Security Policy Management Tool into the Administration Console
Do You Need to Develop a Custom Adjudication Provider?
How to Develop a Custom Adjudication Provider
Create Runtime Classes Using the Appropriate SSPIs
Implement the AdjudicationProvider SSPI
Implement the Adjudicator SSPI
Generate an MBean Type Using the WebLogic MBeanMaker
Create an MBean Definition File (MDF)
Use the WebLogic MBeanMaker to Generate the MBean Type
Use the WebLogic MBeanMaker to Create the MBean JAR File (MJF)
Install the MBean Type Into the WebLogic Server Environment
Configure the Custom Adjudication Provider Using the Administration Console
Dynamic Security Role Computation
Do You Need to Develop a Custom Role Mapping Provider?
How to Develop a Custom Role Mapping Provider
Create Runtime Classes Using the Appropriate SSPIs
Implement the RoleProvider SSPI
Implement the DeployableRoleProvider SSPI
Implement the SecurityRole Interface
Example: Creating the Runtime Class for the Sample Role Mapping Provider
Generate an MBean Type Using the WebLogic MBeanMaker
Create an MBean Definition File (MDF)
Use the WebLogic MBeanMaker to Generate the MBean Type
Use the WebLogic MBeanMaker to Create the MBean JAR File (MJF)
Install the MBean Type Into the WebLogic Server Environment
Configure the Custom Role Mapping Provider Using the Administration Console
Managing Role Mapping Providers and Deployment Descriptors
Enabling Security Role Deployment
Provide a Mechanism for Security Role Management
Option 1: Create Your Own "Role Editor" Page Using Console Extensions
Option 2: Develop a Stand-Alone Tool for Security Role Management
Option 3: Integrate an Existing Security Role Management Tool into the Administration Console
Auditing Events From Custom Security Providers
Do You Need to Develop a Custom Auditing Provider?
How to Develop a Custom Auditing Provider
Create Runtime Classes Using the Appropriate SSPIs
Implement the AuditProvider SSPI
Implement the AuditChannel SSPI
Example: Creating the Runtime Class for the Sample Auditing Provider
Generate an MBean Type Using the WebLogic MBeanMaker
Create an MBean Definition File (MDF)
Use the WebLogic MBeanMaker to Generate the MBean Type
Use the WebLogic MBeanMaker to Create the MBean JAR File (MJF)
Install the MBean Type Into the WebLogic Server Environment
Configure the Custom Auditing Provider Using the Administration Console
The Credential Mapping Process
Do You Need to Develop a Custom Credential Mapping Provider?
How to Develop a Custom Credential Mapping Provider
Create Runtime Classes Using the Appropriate SSPIs
Implement the CredentialProvider SSPI
Implement the DeployableCredentialProvider SSPI
Implement the CredentialMapper SSPI
Generate an MBean Type Using the WebLogic MBeanMaker
Create an MBean Definition File (MDF)
Use the WebLogic MBeanMaker to Generate the MBean Type
Use the WebLogic MBeanMaker to Create the MBean JAR File (MJF)
Install the MBean Type Into the WebLogic Server Environment
Configure the Custom Credential Mapping Provider Using the Administration Console
Managing Credential Mapping Providers, Resource Adapters, and Deployment Descriptors
Enabling Deployable Credential Mappings
Provide a Mechanism for Credential Map Management
Option 1: Develop a Stand-Alone Tool for Credential Map Management
Option 2: Integrate an Existing Credential Map Management Tool into the Administration Console
Auditing Events From Custom Security Providers
Security Services and the Auditor Service
How to Audit From a Custom Security Provider
Implement an Audit Event Convenience Interface
Example: Implementation of the AuditRoleEvent Interface
Obtain and Use the Auditor Service to Write Audit Events
Example: Obtaining and Using the Auditor Service to Write Role Audit Events
Writing Console Extensions for Custom Security Providers
When Should I Write a Console Extension?
When In the Development Process Should I Write a Console Extension?
Main Steps for Writing an Administration Console Extension
How a Console Extension Affects the Administration Console
MBean Definition File (MDF) Element Syntax
The MBeanNotification Subelement
The MBeanConstructor Subelement
Examples: Well-Formed and Valid MBean Definition Files (MDFs)
|
|
|
|
||
 |
|
|
 |
 |
 |
|
||
