1 Introduction and Roadmap

This chapter describes the contents and organization of this document.

This chapter includes the following sections:

Document Scope

This document provides security vendors and application developers with the information needed to develop new security providers for use with WebLogic Server.

Documentation Audience

This document is written for independent software vendors (ISVs) who want to write their own security providers for use with WebLogic Server. It is assumed that most ISVs reading this documentation are sophisticated application developers who have a solid understanding of security concepts, and that no basic security concepts require explanation. It is also assumed that security vendors and application developers are familiar with WebLogic Server and with Java (including Java Management eXtensions (JMX)).

Guide to this Document

This document provides security vendors and application developers with the information needed to develop new security providers for use with the WebLogic Server.

The document is organized as follows:

  • Introduction to Developing Security Providers for WebLogic Server prepares you to learn more about developing security providers for use with WebLogic Server. It specifies the audience and prerequisites for this guide, and provides an overview of the development process.

  • Design Considerations explains the general architecture of a security provider and provides background information you should understand about implementing SSPIs and generating MBean types. This section also includes information about using optional management utilities and discusses how security providers interact with WebLogic resources. Lastly, this section suggests ways in which your custom security providers might work with databases that contain information security providers require.

  • Authentication Providers explains the authentication process (for simple logins) and provides instructions about how to implement each type of security service provider interface (SSPI) associated with custom authentication providers. This topic also includes a discussion about JAAS LoginModules.

  • Identity Assertion Providers explains the authentication process (for perimeter authentication using tokens) and provides instructions about how to implement each type of security service provider interface (SSPI) associated with custom identity assertion providers.

  • Principal Validation Providers explains how principal validation providers assist authentication providers by signing and verifying the authenticity of principals stored in a subject, and provides instructions about how to develop custom principal validation providers.

  • Authorization Providers explains the authorization process and provides instructions about how to implement each type of security service provider interface (SSPI) associated with custom authorization providers.

  • Adjudication Providers explains the adjudication process and provides instructions about how to implement each type of security service provider interface (SSPI) associated with custom adjudication providers.

  • Role Mapping Providers explains the role mapping process and provides instructions about how to implement each type of security service provider interface (SSPI) associated with custom role mapping providers.

  • Auditing Providers explains the auditing process and provides instructions about how to implement each type of security service provider interface (SSPI) associated with custom auditing providers. This topic also includes information about how to audit from other types of security providers.

  • Credential Mapping Providers explains the credential mapping process and provides instructions about how to implement each type of security service provider interface (SSPI) associated with custom credential mapping providers.

  • Auditing Events From Custom Security Providers explains how to add auditing capabilities to the custom security providers you develop.

  • Servlet Authentication Filters explains the Servlet authentication filter process and provides instructions about how to implement each type of security service provider interface (SSPI) associated with Servlet authentication filters.

  • Versionable Application Providers explains the concept of versionable applications and provides instructions about how to implement each type of security service provider interface (SSPI) associated with custom versionable application providers.

  • CertPath Providers explains the certificate lookup and validation process and provides instructions about how to implement each type of security service provider interface (SSPI) associated with custom CertPath provider.

  • MBean Definition File (MDF) Element Syntax which describes all the elements and attributes that are available for use in a valid MDF. An MDF is an XML file used to generate the MBean types, which enable the management of your custom security providers.

  • Generate an MBean Type Using the WebLogic MBeanMaker explains how to create the MBean type for your custom security provider.

Related Information

The Oracle corporate Web site provides all documentation for WebLogic Server. Other WebLogic Server documents that may be of interest to security vendors and application developers working with security providers are:

New and Changed Features in this Release

For a comprehensive listing of the new WebLogic Server features introduced in this release, see What's New in Oracle WebLogic Server.