Some of the concerns with out of the box approches
- Need to implement both WLS and JPS identity
- WLS security is used for all basic Weblogic Modules (e.g. Console, EM, etc.)
- JPS security provider is used for SOA modules (e.g. Worklist application)
- WLS custom security provider is relatively easy to write - details
- JPS custom security provider is really lot of work as it requires you to implement multiple interfaces (similar to 10g custom identity service) and multiple methods details
- Need to register different security provider at different places
Implemented Solution
I believe at the end if would be much easier to if all the complex details can be hidden regarding WebLogic and SOA security provider and if client has to just implement a simple interface and provide that in the class path that would be ideal way to go. So here it goes:
Install Java Custom Security Provider
- download CustomSecurityProvider.jar
- Copy this jar file to $wls_server_home/server/lib/mbeantypes and $domain_home/lib directories
- Modify file : $domain_home/config/fmwconfig/jps-config.xml
- Add Following
- Replace Following
- Restart Admin and Managed servers
<serviceProvider type="IDENTITY_STORE" name="custom.provider" class="oracle.security.jps.internal.idstore.generic.GenericIdentityStoreProvider">
<description>Custom IdStore Provider</description>
</serviceProvider>
<serviceInstance name="idstore.custom" provider="custom.provider" location="./">
<description>Custom Identity Store Service Instance</description>
<property name="idstore.type" value="CUSTOM"/>
<property name="ADF_IM_FACTORY_CLASS" value="com.spring.security.jps.identity.CustomIdentityStoreFactory"/>
<property name="CustomSecurityProviderPlugIn" value="com.spring.security.plugin.CustomSecurityProviderPlugin"/>
</serviceInstance>
<jpsContext name="default">
<serviceInstanceRef ref="credstore"/>
<serviceInstanceRef ref="keystore"/>
<serviceInstanceRef ref="policystore.xml"/>
<serviceInstanceRef ref="audit"/>
<!--
<serviceInstanceRef ref="idstore.ldap"/>
<serviceInstanceRef ref="trust"/>
<serviceInstanceRef ref="pdp.service"/>
<serviceInstanceRef ref="attribute"/>
-->
<serviceInstanceRef ref="idstore.custom"/>
</jpsContext>
Configure Java Custom Security Provider
- Implement the custom java security provider interface: com.spring.security.plugin.ICustomSecurityProviderPlugIn
- Note that for given custom repository we only need to implement following methods
package com.spring.security.plugin;
import java.util.List;
import java.util.Map;
import java.util.Properties;
public interface ICustomSecurityProviderPlugIn {
/* WLS */
void initialize(Properties properties);
boolean login(String userName, java.lang.String password);
List<String> getUserRoles(java.lang.String userName);
/* JPS */
List<Map> searchUsers(String userNamePattern);
List<Map> searchRoles(String roleNamePattern);
Map getUserDetail(String userName);
Map getRoleDetail(String roleName);
}
<serviceInstance name="idstore.custom" provider="custom.provider" location="./">
<description>Custom Identity Store Service Instance</description>
<property name="idstore.type" value="CUSTOM"/>
<property name="ADF_IM_FACTORY_CLASS" value="com.spring.security.jps.identity.CustomIdentityStoreFactory"/>
<property name="CustomSecurityProviderPlugIn" value="com.spring.security.plugin.CustomSecurityProviderPlugin"/>
</serviceInstance>
6 comments:
Hello Chintan!!! I'm implemented your solution proposed about a CustomProviderPlugin. You talk about a sample in a JAR file (com.spring.security.plugin.CustomSecurityProviderPlugIn) but I can't see the sample. I would like to see if you don't mind because I am hacing troubles with the BPM Roles. Your CustomProvider is working to me in Weblogic Console, but I cant get it working in BPM Workspace. Could you give me a clue? Or any sample about searchRoles, searchUsers, etc, applied to BPM Workspace?
Thanks in advanced
I thought it was mentioned in blog on step 1. It is available at http://www.springsoa.com/WLCustomSecurityProvider/CustomSecurityProvider.jar
Hello Chintan, i am trying to configure a SQL-based Custom Identity Store. I am following your instructions but it is not working, i cant see DB users (fro example from Enterprice Manager to adding users to roles). I am working with version 11.1.1.7, i tried with version 11.1.1.4 and i do see users from DB. Do you know if there is something different between versions?.
Thanks in advance.
Luis
Hello Luis,
So it worked in 11.1.1.4, but not in 11.1.1.7? I have not tried with 11.1.1.7, and not sure if there are any differences. Anything in logs?
Thanks
Chintan
Hi Chintan,
Is it possible to get the source of this jar.
Thanks!
Abhijit
Hi Chintan,
I have implemented your solution, I would like to modifiy the source(I would delete the System.out.println), is it possible to get the source of the customSecuirtyProvider.jar.
Thanks,
Martial
Post a Comment