The image fmw_ras_session_service.png is similar to image fmw_app_stack.png and shows Real Application Security as it is implemented in the FMW stack as a Real Application Security servlet filter. The RAS filter sets up the session transparently, synchronizes the session with the OPSS subject, and consists of a set of Real Application Security APIs that function in the session as session APIs, a privilege elevation API, namespace APIs, and a check privilege API. This implementation is further described in the text that follows the illustration.
At the top there are a row of three boxes labeled 'Client', 'Authentication Server' containing a sub-box labeled 'Single Sign-On', and 'Identity Store'. Below that is a large box labeled 'Web Logic Server'. Within that are three sub-boxes on the left arranged vertically. The top sub-box is labeled 'Authenticator', the middle sub-box is labeled 'OPSS Filter', and the bottom sub-box is labeled 'Real Application Security Filter'. To the right are two sub-boxes arranged vertically. The top sub-box is labeled 'Application Sessions' with an application session named 'Human Resources'. This sub-box contains three smaller sub-boxes arranged vertically. The top sub-sub-box is labeled 'Subject'. The middle one is labeled 'Code' and points to a piece of code outside of the WebLogic Server box. The bottom one is labeled 'Real Application Security API'. The bottom sub-box is labeled 'Connection Pool' and contains three connectons labeled 'Conn1, Conn2, and Conn3. To the right of the large box is a cylinder labeled 'Database' with a connecting arrow in both directions labeled 'JDBC' pointing back to the large box labeled 'WebLogic Server'. Within the database cylinder is a structure labeled 'Application Session'. Below the large box and to the left side is a box labeled 'Security Store'. Connecting arrows from a number of objects show the flow of information. For example, an arrow shows the flow from the client through the Authenticator and using Single Sign-On in the Authentication Server where credentials are checked in the Identy Store. Once authenticated, flow continues through the OPSS Filter through the Real Application Security Filter, where each (OPSS Filter and Real Application Security Filter) are checked in the security store, then information flows into the application session through subject, code, and the Real Application Security API to the Conn2 connection in the connection pool and on to the appplication session in the database using JDBC. Another arrow shows the flow from the Real Application Security Filter to the Conn1 connection in the Connection Pool.