Table of Contents
- Title and Copyright Information
- Preface
-
1
Introduction to Developing Security Providers for WebLogic Server
- Prerequisites for This Guide
-
Overview of the Development Process
- Designing the Custom Security Provider
- Creating Runtime Classes for the Custom Security Provider by Implementing SSPIs
- Generating an MBean Type to Configure and Manage the Custom Security Provider
- Configuring the Custom Security Provider
- Providing Management Mechanisms for Security Policies, Security Roles, and Credential Maps
-
2
Design Considerations
- General Architecture of a Security Provider
-
Security Services Provider Interfaces (SSPIs)
- Understand Two Important Restrictions
- Understand the Purpose of the Provider SSPIs
- Understand the Purpose of the Bulk Access Providers
- Determine Which Provider Interface You Will Implement
- Understand the SSPI Hierarchy and Determine Whether You Will Create One or Two Runtime Classes
- SSPI Quick Reference
-
Security Service Provider Interface (SSPI) MBeans
- Understand Why You Need an MBean Type
- Determine Which SSPI MBeans to Extend and Implement
- Understand the Basic Elements of an MBean Definition File (MDF)
- Understand the SSPI MBean Hierarchy and How It Affects the WebLogic Remote Console
- Understand What the WebLogic MBeanMaker Provides
- SSPI MBean Quick Reference
- Security Data Migration
- Management Utilities Available to Developers of Security Providers
-
Security Providers and WebLogic Resources
- The Architecture of WebLogic Resources
- Types of WebLogic Resources
- WebLogic Resource Identifiers
- Creating Default Groups for WebLogic Resources
- Creating Default Security Roles for WebLogic Resources
- Creating Default Security Policies for WebLogic Resources
- Looking Up WebLogic Resources in a Security Provider's Runtime Class
- Single-Parent Resource Hierarchies
- ContextHandlers and WebLogic Resources
- Initialization of the Security Provider Database
- Differences In Attribute Validators
-
3
Authentication Providers
- Authentication Concepts
- The Authentication Process
- Do You Need to Develop a Custom Authentication Provider?
-
How to Develop a Custom Authentication Provider
- Create Runtime Classes Using the Appropriate SSPIs
- Configure the Custom Authentication Provider
-
4
Identity Assertion Providers
- Identity Assertion Concepts
- The Identity Assertion Process
- Do You Need to Develop a Custom Identity Assertion Provider?
-
How to Develop a Custom Identity Assertion Provider
- Create Runtime Classes Using the Appropriate SSPIs
- Configure the Custom Identity Assertion Provider
-
Challenge Identity Assertion
- Challenge/Response Limitations in the Java Servlet API 2.3 Environment
- Filters and The Role of the weblogic.security.services.Authentication Class
- How to Develop a Challenge Identity Asserter
- Implement the ChallengeIdentityAsserterV2 Interface
- Implement the ProviderChallengeContext Interface
- Invoke the weblogic.security.services Challenge Identity Methods
- Invoke the weblogic.security.services AppChallengeContext Methods
- Implementing Challenge Identity Assertion from a Filter
- 5 Principal Validation Providers
-
6
Authorization Providers
- Authorization Concepts
- The Authorization Process
- Do You Need to Develop a Custom Authorization Provider?
- Is Your Custom Authorization Provider Thread Safe?
- How to Develop a Custom Authorization Provider
- 7 Adjudication Providers
-
8
Role Mapping Providers
- Role Mapping Concepts
- The Role Mapping Process
- Is Your Custom Role Mapping Provider Thread Safe?
- Do You Need to Develop a Custom Role Mapping Provider?
- How to Develop a Custom Role Mapping Provider
- 9 Auditing Providers
- 10 Credential Mapping Providers
-
11
Auditing Events From Custom Security Providers
- Security Services and the Auditor Service
-
How to Audit From a Custom Security Provider
- Create an Audit Event
- Obtain and Use the Auditor Service to Write Audit Events
- Best Practice: Posting Audit Events from a Provider's MBean
-
12
Servlet Authentication Filters
- Authentication Filter Concepts
- How Filters Are Invoked
- Example of a Provider that Implements a Filter
- How to Develop a Custom Servlet Authentication Filter
-
13
Versionable Application Providers
- Versionable Application Concepts
- The Versionable Application Process
- Do You Need to Develop a Custom Versionable Application Provider?
- How to Develop a Custom VersionableApplication Provider
-
14
CertPath Providers
- Certificate Lookup and Validation Concepts
- Do You Need to Develop a Custom CertPath Provider?
-
How to Develop a Custom CertPath Provider
-
Create Runtime Classes Using the Appropriate SSPIs
- Implement the JDK CertPathBuilderSpi and/or CertPathValidatorSpi Interfaces
- Implement the CertPath Provider SSPI
- Implement the JDK Security Provider SPI
- Use the CertPathBuilderParametersSpi SSPI in Your CertPathBuilderSpi Implementation
- Use the CertPathValidatorParametersSpi SSPI in Your CertPathValidatorSpi Implementation
- Returning the Builder or Validator Results
- Example: Creating the Sample Cert Path Provider
- Configure the Custom CertPath Provider
-
Create Runtime Classes Using the Appropriate SSPIs
- A MBean Definition File (MDF) Element Syntax
- B Generate an MBean Type Using the WebLogic MBeanMaker