Developing Security Providers
Introduction to Developing Security Providers
This section cover the following topics:
Overview of the Development Process
To develop a custom security provider, you perform the following tasks:
- Make security provider design decisions.
- Write an MBean Definition File for each security provider you want to develop.
- Run each MBean Definition File file through the WebLogic MBean Maker.
- Create the runtime classes for each security provider you want to develop.
- Create the auditing event classes for each security provider from which events are audited (optional).
- Run the files generated by the MBean Maker and the runtime class files through the WebLogic MBean Maker to produce an MBean JAR file.
Note: An MBean JAR file can contain multiple security providers, therefore you only need to run the MBean Maker once to produce the MBean JAR file.
- Deploy the MJF file to the BEA AquaLogic Enterprise Security systems from which you want to use the providers.
Note: This includes copying the JAR file to both the Administration Application and the Security Service Module provider directories.
- Use the Administration Console to configure the security providers.
- Initialize the security provider databases.
Figure 1-1 illustrates the security provider development process. For detailed instructions for each of the development tasks, see Developing Custom Security Providers.
Figure 1-1 Developing Custom Security Provider Tasks
Types of Providers
You use the SSPI provided with the product to create runtime classes for custom security providers, which are located in the weblogic.security.spi
package. For more information about this package, see Javadocs for Security Service Provider Interfaces.
Table 1-1 maps the types of security providers and their components with the SSPI and other interfaces you use to develop them.
Table 1-1 Security Providers, Components, and Corresponding SSPI
Type/Component
|
Interface
|
Authentication provider
|
AuthenticationProvider
|
LoginModule (JAAS)
|
LoginModule
|
Identity Assertion provider
|
AuthenticationProvider
|
Identity Asserter
|
IdentityAsserter
|
Principal Validation provider
|
PrincipalValidator
|
Authorization
|
AuthorizationProvider
|
Access Decision
|
AccessDecision
|
Adjudication provider
|
AdjudicationProvider
|
Adjudicator
|
Adjudicator
|
Role Mapping provider
|
RoleProvider
|
Role Mapper
|
RoleMapper
|
Auditing provider
|
AuditProvider
|
Audit Channel
|
AuditChannel
|
Credential Mapping provider
|
CredentialProvider
|
Credential Mapper
|
CredentialMapper
|