We are going to do our first enterprise ADF/JHeadstart application. For security part, we are going to do the following:
1. We will use JHS tables as authentication for ADF security.
2. We will use JAAS as authentication and Custom as authorization.
2. We need to use JHeadStart security service screen in our application to manage users, roles and permission, instead of doing users/groups management within Weblogic.
3. We will create new Weblogic SQL Authentication Provider.
4. We will store salt with password in the database table.
5. We will use Oracle MDS.
There are some blogs online giving detail steps on how to create Weblogic SQL Authentication Provider and use JHS tables as authentication for ADF security. I am not sure about the implementation of hashing with salt algorithms, as ideally we'd like to use JHS security service screen in the application to manage users, roles and permission, not using Weblogic to do the users/groups management. We are going to try JMX client to interact with Weblogic API, looks like it is a flexiable approach. Does anybody have experience on working with JMX, SQL Authentication Provider and hashing with salt algorithms? Just want to make sure we are on the right track.