This document describe how to write custom security provider extensions, describes how to extend the AuditContext interface, and describes how to use the Custom Extensions API.
Documentation Audience
This document distinguishes between two levels of security administrators.
Application Security Administrators — these administrators are responsible for integrating ALES into application environments, managing interaction between an applications and ProductNameShort, and setting up application-level security administrators.
Typical tasks include modifying deployment descriptors, managing security providers and other security configurations, managing single sign-on scripts, setting up application-level security administrators.
Application-level Security Administrators — these administrators are responsible for securing applications using ALES policies.
The primary task is to create and deploy the policies securing application resources.
Prerequisites for this Document
Prior to reading this guide, you should read the Introduction to BEA AquaLogic Enterprise Security. This document describes how the product works and provides conceptual information that is helpful to understanding the necessary installation components.
Additionally, BEA AquaLogic Enterprise Security includes many unique terms and concepts that you need to understand. These terms and concepts—which you will encounter throughout the documentation—are defined in the Glossary.
Guide to this Document
This document is organized as follows:
Administrative Utilities, provides a reference to various command-line administrative utilities provided by AquaLogic Enterprise Security.
WLESblm.conf Reference, describes the configuration parameters in the WLESblm.conf configuration file. You can edit this file to configure and tune AquaLogic Enterprise Security after installation.
Provider Extensions, describes how to write custom security provider extensions. A provider extension is a plug-in function that you write to extend the capabilities of the existing providers. While the security providers supplied with AquaLogic Enterprise Security are configurable, the plug-ins enable you to customize them to add additional functionality.
Audit Events, describes how to extend the AuditContext interface. The AuditEvent interface provides a mechanism for passing additional audit information to Auditing providers during a writeEvent operation. If you implement this interface and you expect to receive a ContextHandler argument from a caller, you can extend the AuditContext interface to provide more information.
Policy Language Custom Extension Library API Reference, describes how to use the Custom Extensions API. The Custom Extensions API provides a policy language for writing custom extension libraries (plug-ins) to enhance features available through the ASIAuthorizer, such as routines for dynamic computation of an attribute value (credential function) or custom predicate (evaluation function).
BLM Configuration API Security Providers Reference, describes the security provider attributes, their default values, and indicates whether the getValue/setValue and the getValue/setValueList methods can be used with the attributes. This information is needed if you want to use the BLM API to configure security providers.
Related Information
The BEA corporate web site provides all documentation for BEA AquaLogic Enterprise Security. Other BEA AquaLogic Enterprise Security documents that may be of interest to the reader include:
WSDL Documentation for the Web Service Interfaces—This document provides reference documentation for the Web Services Interfaces that are provided with and supported by this release of BEA AquaLogic Enterprise Security.
Policy Managers Guide—This document how to write access control policies for BEA AquaLogic Enterprise Security, and describes how to import and export policy data.
Installing Security Services Modules—This document describes how to install ALES Security Services Modules, including the Web Services Security Service Module.
Developing Security Providers —This document provides security vendors and security and application developers with the information needed to develop custom security providers.
Javadocs for Security Service Provider Interfaces—This document provides reference documentation for the Security Service Provider Interfaces that are provided with and supported by this release of BEA AquaLogic Enterprise Security.
Programming Security for Java Applications—The document describes how to implement security in Java applications. It include descriptions of the Security Service Application Programming Interfaces and programming instructions for implementing security in Java applications.
Javadocs for Java API—This document provides reference documentation for the Java Application Programming Interfaces that are provided with and supported by this release of BEA AquaLogic Enterprise Security.
