OPSS Platform architecture

The below diagram shows an overview of the OPSS (Oracle Platform Security Services) framework and how it is configured.

OPSS provides an API (JPS, implemented in the oracle.security.jps package and a couple of sub packages – do not confuse this with Java Platform Security which makes up the fundamental security services inside the JavaSE platform) and a SSPI (Security Service Provider Interface).

The API provides a number of interfaces (and a few classes) which applications (both business applications and administrative applications) can use to interact with the security platform.

The SSPI is the implementation of these interfaces in the form of Providers and Services.

The diagram only shows the most important pieces – some details have been left out. Refer to the Oracle® Fusion Middleware Application Security Guide  for more information. Click the image for a larger version:

  • The JpsContextFactory is the entry point from an API perspective. Clients use the static getContextFactory() method to retrieve a context factory. When called, it reads the jps configuration file and sets up the necessary objects, such as the jps contexts and the service providers, as defined in the configuration file.
  • In the configuration file, each jps context references a number of service instances. These are the services which will be available in the given context. Clients can retrieve a specific context through the JpsContextFactory.getContext(String name) method, and the default context as specified in the configuration file is retrieved through the JpsContextFactory.getContext() method. Each service instance can be configured with additional instance specific properties, such as file paths or debug flags.
  • Each service instance is based on a specific provider. Each provider instanciates a number of services which can be retrieved through the JpsContext.getServiceInstance() method. This method checks the services, which are available through the various providers, whether they are a sub class of the class or interface which is passed as a parameter. For example, to retrieve the XmlPolicyStore provided by the XmlPolicyStoreProvidergetServiceInstance(PolicyProvider.class) can be used. This returns the registered XmlPolicyStore instance, hidden behind a PolicyStore interface. Clients then continue to use the PolicyStore interface.
  • Each of the top level interfaces like PolicyStoreIdentityStoreService and so on provide additional methods to work with the service. For example, IdentityStoreService provides the getIdmStore() method which returns an IdentityStore interface which can then be used to work with Users & Roles.

Lets look at some code samples on the next page: Code samples