weblogic.security.spi
Interface DeployableRoleProviderV2

All Superinterfaces:

RoleProvider, SecurityProvider

public interface DeployableRoleProviderV2
extends RoleProvider

A Role Mapping provider that supports deploying roles on behalf of Web application and EJB deployments is required to implement this interface.

When a Web application or EJB is deployed, roles need to be created. Similarly, when the Web application or EJB is re/hot deployed, the roles need to be updated. And, when the Web application or EJB is undeployed, the roles should be removed. This work needs to be done by a Role Mapping provider.

Not all Role Mapping providers need to support this interface. However, in a realm, at least one of the Role Mapping providers must support this interface. Otherwise, it is impossible to deploy Web applications and EJBs. To help with this, there are two MBeans associated with Role Mapping providers: one for providers who support deployment and one for those that do not support deployment. The MBean for deployment has an attribute that indicates whether this provider should be used for deployment. This way, when the realm is configured, it is possible to detect illegal configurations (for example, none of the Role Mapping providers support Web application/EJB deployment).

The DeployableRoleProviderV2 adds support for deployment start, deployment end, and application deletion callbacks.

Method Summary

void	deleteApplicationRoles(ApplicationInfo application) Deletes all roles for an application and is only called on one server within a WLS domain at the time an application is deleted.
void	deployRole(DeployRoleHandle handle, Resource resource, String roleName, String[] userAndGroupNames) Deploys a role (that is, creates a role on behalf of a deployed Web application or EJB).
void	endDeployRoles(DeployRoleHandle handle) Marks the end of an application role deployment.
DeployRoleHandle	startDeployRoles(ApplicationInfo application) Marks the beginning of an application role deployment and is called on all servers within a WebLogic Server domain where an application is targeted.
void	undeployAllRoles(DeployRoleHandle handle) Undeploys all roles (that is, deletes a set of roles on behalf of an undeployed Web application or EJB).

Methods inherited from interface weblogic.security.spi.RoleProvider

getRoleMapper

Methods inherited from interface weblogic.security.spi.SecurityProvider

getDescription, initialize, shutdown

Method Detail

startDeployRoles

DeployRoleHandle startDeployRoles(ApplicationInfo application)
                                  throws DeployHandleCreationException

Marks the beginning of an application role deployment and is called on all servers within a WebLogic Server domain where an application is targeted.

Parameters:

application - the ApplicationInfo data for the application being deployed

Returns:

a DeployRoleHandle for the application that is used when deploying roles

Throws:

DeployHandleCreationException - if an unexpected error occurs while creating a DeployRoleHandle for the application

deployRole

void deployRole(DeployRoleHandle handle,
                Resource resource,
                String roleName,
                String[] userAndGroupNames)
                throws RoleCreationException

Deploys a role (that is, creates a role on behalf of a deployed Web application or EJB). If the role already exists, it is removed and replaced by this role.

For a Web application, information is taken from the <security-role-assignment> element in the weblogic.xml deployment descriptor file.

Parameters:

handle - the DeployRoleHandle created from a call to startDeployRoles().

resource - the Resource object to which the role applies. For a Web application, this is the resource to which the weblogic.xml deployment descriptor file applies.

roleName - a String name of the role within the application. (For example, for a Web application, the <role-name> tag from the <security-role-assignment> element in the weblogic.xml deployment descriptor file.)

userAndGroupNames - a String array of users and/or groups that are in this role. For a Web application, this would be the value of one or more <principal-name> tags from the <security-role-assignment> element in the weblogic.xml deployment descriptor file. If the list is null or empty, then the role has no membership and the administrator must complete the role definition before the role can be used.

Throws:

RoleCreationException - if an unexpected error occurs while deploying the role for the specified resource.

endDeployRoles

void endDeployRoles(DeployRoleHandle handle)
                    throws RoleCreationException

Marks the end of an application role deployment.

Parameters:

handle - the DeployRoleHandle created from a call to startDeployRoles().

Throws:

RoleCreationException - if an unexpected error occurs during the completion of role deployments.

undeployAllRoles

void undeployAllRoles(DeployRoleHandle handle)
                      throws RoleRemovalException

Undeploys all roles (that is, deletes a set of roles on behalf of an undeployed Web application or EJB). This method is a no-op if the handle does not exist.

Parameters:

handle - the DeployRoleHandle created from a call to startDeployRoles()

Throws:

RoleRemovalException - if an unexpected error occurs during the removal of role deployments

deleteApplicationRoles

void deleteApplicationRoles(ApplicationInfo application)
                            throws RoleRemovalException

Deletes all roles for an application and is only called on one server within a WLS domain at the time an application is deleted.

Parameters:

application - the ApplicationInfo data for the application being deleted

Throws:

RoleRemovalException - if an unexpected error occurs during the removal of roles for the application