4.4 Understanding the Container Security Framework and MBeans

MBeans that enforce authentication and authorization using the container security framework are published using the Portable JMX Framework.

Types of MBeans:

  • The Configuration Service MBeans are used for configuring the Certificate Validation Module, the STS Endpoints, Templates & Profiles, and the STS Settings & Custom Tokens.

  • The Partner and Trust Store Service MBeans are used for managing the STS Partners.

At runtime, the JMX Framework will authenticate the client during the connection operation and ensure that the client belongs to the role specified in the MBean security annotations. Because of this, the Access Manager System Identity Store needs to be configured as an Authentication Provider in the security realm of the domain. Additionally, users accessing the MBeans will need to be assigned the following role depending on the container:

  • WebLogic: Admin

  • WebSphere: Admin or Configurator