The below diagram shows an overview of the OPSS (Oracle Platform Security Services) framework and how it is configured.
OPSS provides an API (JPS, implemented in the oracle.security.jps package and a couple of sub packages – do not confuse this with Java Platform Security which makes up the fundamental security services inside the JavaSE platform) and a SSPI (Security Service Provider Interface).
The API provides a number of interfaces (and a few classes) which applications (both business applications and administrative applications) can use to interact with the security platform.
The SSPI is the implementation of these interfaces in the form of Providers and Services.
The diagram only shows the most important pieces – some details have been left out. Refer to the Oracle® Fusion Middleware Application Security Guide for more information. Click the image for a larger version:
- The
JpsContextFactoryis the entry point from an API perspective. Clients use thestatic getContextFactory()method to retrieve a context factory. When called, it reads the jps configuration file and sets up the necessary objects, such as the jps contexts and the service providers, as defined in the configuration file. - In the configuration file, each jps context references a number of service instances. These are the services which will be available in the given context. Clients can retrieve a specific context through the
JpsContextFactory.getContext(String name)method, and the default context as specified in the configuration file is retrieved through theJpsContextFactory.getContext()method. Each service instance can be configured with additional instance specific properties, such as file paths or debug flags. - Each service instance is based on a specific provider. Each provider instanciates a number of services which can be retrieved through the
JpsContext.getServiceInstance()method. This method checks the services, which are available through the various providers, whether they are a sub class of the class or interface which is passed as a parameter. For example, to retrieve theXmlPolicyStoreprovided by theXmlPolicyStoreProvider,getServiceInstance(PolicyProvider.class)can be used. This returns the registeredXmlPolicyStoreinstance, hidden behind aPolicyStoreinterface. Clients then continue to use thePolicyStoreinterface. - Each of the top level interfaces like
PolicyStore,IdentityStoreServiceand so on provide additional methods to work with the service. For example,IdentityStoreServiceprovides thegetIdmStore()method which returns anIdentityStoreinterface which can then be used to work with Users & Roles.
Lets look at some code samples on the next page: Code samples