The following sections describe the content and organization of this document:
Note:
Oracle Entitlements Server was previously known as BEA Aqualogic Enterprise Security. Some items, such as schema objects, paths, and so on may still use the term “ALES."
This book is designed for security and application developers who want to write their own security providers. It is assumed that those using this document are application developers who have a solid understanding of security concepts, and that no basic security concepts require explanation. It is also assumed that security and application developers are familiar with Oracle Entitlements Server and with Java programming.
Prerequisites for This Document
Prior to reading this guide, you should read the Introduction to Oracle Entitlements Server. This document describes how the product works and provides conceptual information that is helpful to understanding the necessary installation components.
Documentation Audience
This document is intended for the following audiences:
Application Developers—Developers who are Java programmers who focus on developing Java applications, incorporating security into Java applications and Enterprise JavaBeans (EJBs), and who work with other engineering, quality assurance (QA), and database teams to implement security features. Application Developers have in-depth working knowledge of Java (including J2EE components such as servlets/JSPs and JSEE).
Security Architects—Individuals who are responsible for designing and implementing the overall security architecture for their organization, evaluating Oracle Entitlements Server features, and determining how to best implement policies. Security Architects have in-depth knowledge of Java programming, Java security, and network security, as well as knowledge of security systems and leading-edge security technologies and tools.
Security Developers—Developers (including third-party developers) who focus on defining the system architecture and infrastructure for security products and who develop custom security providers for use with Oracle Entitlements Server services. Security Developers work with Security Architects to ensure that the architecture is implemented according to design specifications and that it does not introduce any security holes. Security Developers also work with administrators to ensure that security is properly configured. Security Developers have a solid understanding of certain concepts, including authentication, authorization, and auditing, and an in-depth knowledge of Java and security provider functionality.
Guide to this Document
This document provides application developers with the information needed to develop custom security providers for use with Security Service Modules. This document is organized as follows:
Security Provider Concepts, explains the concepts that you must understand to be able to develop custom security providers. This topic also includes a discussion about JAAS Login Modules.
Design Considerations, provides background information about implementing Security Services Provider Interfaces (SSPIs) and generating MBean types.
Policy Managers Guide—This document defines the Oracle Entitlements Server policy model.
Javadocs for BLM API—This document provides reference documentation for the Business Logic Manager (BLM) Application Programming Interfaces. This API can be used to write, manage, and distribute access control policy (users, groups, roles, resources, and authorization and role mapping policies).
Programming Security for Java Applications—Describes how to implement security in Java applications. It includes descriptions of the Security Service Application Programming Interfaces and programming instructions.
Java API—Provides Javadoc documentation for the Java Application Programming Interfaces.