Oracle Fusion Middleware
Oracle WebLogic Server API Reference
11g Release 1 (10.3.6)

Part Number E13941-06

weblogic.security.spi
Interface DeployableAuthorizationProviderV2

All Superinterfaces:
AuthorizationProvider, SecurityProvider

public interface DeployableAuthorizationProviderV2
extends AuthorizationProvider

An Authorization provider that supports deploying policies on behalf of Web application and EJB deployments is required to implement this interface.

A policy states which roles are allowed to perform particular actions on a resource (for example, who is allowed to call a particular method on a certain EJB).

When a Web application or EJB is deployed, policies need to be created. Similarly, when the Web application or EJB is re/hot deployed, the policies need to be updated. And, when the Web application or EJB is undeployed, the policies should be removed. This work needs to be done by an Authorization provider.

Not all Authorization providers need to support this interface. However, in a realm, at least one of the Authorization providers must support this interface. Otherwise, it is impossible to deploy Web applications and EJBs. To help with this, there are two MBeans associated with Authorization providers: one for providers who support deployment and one for those that do not support deployment. The MBean for deployment has an attribute that indicates whether this provider should be used for deployment. This way, when the realm is configured, it is possible to detect illegal configurations (for example, none of the Authorization providers support Web application/EJB deployment).

The DeployableAuthorizationProviderV2 adds support for deployment start, deployment end and application deletion callbacks. In addition, excluded and unchecked policies are deployed.


Method Summary
 void deleteApplicationPolicies(ApplicationInfo application)
          Deletes all policies for an application and is only called on one server within a WebLogic Server domain at the time an application is deleted.
 void deployExcludedPolicy(DeployPolicyHandle handle, Resource resource)
          Deploys a policy that always denies access.
 void deployPolicy(DeployPolicyHandle handle, Resource resource, String[] roleNames)
          Deploys a policy (that is, creates a policy on behalf of a deployed Web application or EJB).
 void deployUncheckedPolicy(DeployPolicyHandle handle, Resource resource)
          Deploys a policy that always grants access.
 void endDeployPolicies(DeployPolicyHandle handle)
          Marks the end of an application policy deployment.
 DeployPolicyHandle startDeployPolicies(ApplicationInfo application)
          Marks the beginning of an application policy deployment and is called on all servers within a WebLogic Server domain where an application is targeted.
 void undeployAllPolicies(DeployPolicyHandle handle)
          Undeploys all policy for an deployed application (that is, deletes a set of policy definitions on behalf of an undeployed Web application or EJB).
 
Methods inherited from interface weblogic.security.spi.AuthorizationProvider
getAccessDecision
 
Methods inherited from interface weblogic.security.spi.SecurityProvider
getDescription, initialize, shutdown
 

Method Detail

startDeployPolicies

DeployPolicyHandle startDeployPolicies(ApplicationInfo application)
                                       throws DeployHandleCreationException
Marks the beginning of an application policy deployment and is called on all servers within a WebLogic Server domain where an application is targeted.

Parameters:
application - the ApplicationInfo data for the application being deployed
Returns:
a DeployPolicyHandle for the application that is used when deploying policy
Throws:
DeployHandleCreationException - if an unexpected error occurs while creating a DeployPolicyHandle for the application

deployPolicy

void deployPolicy(DeployPolicyHandle handle,
                  Resource resource,
                  String[] roleNames)
                  throws ResourceCreationException
Deploys a policy (that is, creates a policy on behalf of a deployed Web application or EJB). If the policy already exists, it is removed and replaced by this policy.

Parameters:
handle - the DeployPolicyHandle created from a call to startDeployPolicy()
resource - the Resource object to which the policy applies
roleNames - a String array of roles that are in this policy. (For example, for a Web application, the <role-name> from the <auth-constraint> portion of the web.xml deployment descriptor file.)
Throws:
ResourceCreationException - if an unexpected error occurs while deploying the policy for the specified resource

deployUncheckedPolicy

void deployUncheckedPolicy(DeployPolicyHandle handle,
                           Resource resource)
                           throws ResourceCreationException
Deploys a policy that always grants access. If a policy already exists, it is removed and replaced by this policy.

Parameters:
handle - the DeployPolicyHandle created from a call to startDeployPolicy()
resource - the Resource object to which the policy applies
Throws:
ResourceCreationException - if an unexpected error occurs while deploying the policy for the specified resource

deployExcludedPolicy

void deployExcludedPolicy(DeployPolicyHandle handle,
                          Resource resource)
                          throws ResourceCreationException
Deploys a policy that always denies access. If a policy already exists, it is removed and replaced by this policy.

Parameters:
handle - the DeployPolicyHandle created from a call to startDeployPolicy()
resource - the Resource object to which the policy applies
Throws:
ResourceCreationException - if an unexpected error occurs while deploying the policy for the specified resource

endDeployPolicies

void endDeployPolicies(DeployPolicyHandle handle)
                       throws ResourceCreationException
Marks the end of an application policy deployment.

Parameters:
handle - the DeployPolicyHandle created from a call to startDeployPolicy()
Throws:
ResourceCreationException - if an unexpected error occurs during the completion of resource deployments

undeployAllPolicies

void undeployAllPolicies(DeployPolicyHandle handle)
                         throws ResourceRemovalException
Undeploys all policy for an deployed application (that is, deletes a set of policy definitions on behalf of an undeployed Web application or EJB). This method is a no-op if the handle does not exist.

Parameters:
handle - the DeployPolicyHandle created from a call to startDeployPolicy()
Throws:
ResourceRemovalException - if an unexpected error occurs during the removal of resource deployments

deleteApplicationPolicies

void deleteApplicationPolicies(ApplicationInfo application)
                               throws ResourceRemovalException
Deletes all policies for an application and is only called on one server within a WebLogic Server domain at the time an application is deleted.

Parameters:
application - the ApplicationInfo data for the application being deleted
Throws:
ResourceRemovalException - if an unexpected error occurs during the removal of resource policies for the application

Copyright 1996, 2011, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

Oracle Fusion Middleware
Oracle WebLogic Server API Reference
11g Release 1 (10.3.6)

Part Number E13941-06