Skip Headers
Oracle9
i
AS Containers for J2EE Services Guide
Release 2 (9.0.3)
Part Number A97690-01
Core
Platform
Index
Contents
Title and Copyright Information
List of Examples
List of Figures
List of Tables
Send Us Your Comments
Preface
Intended Audience
Documentation Accessibility
Structure
Related Documents
Conventions
1 Introduction
Java Naming and Directory Interface (JNDI)
Java Authentication and Authorization Service (JAAS)
Java Message Service (JMS)
J2EE Interoperability and Remote Method Invocation (RMI)
Data Sources
Java Transaction API (JTA)
Java Connector Architecture
Java Object Cache
HTTPS
2 Java Naming And Directory Interface
Introduction
Initial Context
Constructing a JNDI Context
The JNDI Environment
Initial Context Factories
ApplicationClientInitialContextFactory
Environment Properties
Remote Client Example
Server-Side Clients
ApplicationInitialContextFactory
Example
RMIInitialContextFactory
Remote Client Example
3 Overview of JAAS in Oracle9
i
AS
JAAS Support
What Are Authentication, Authorization, and Delegation?
Foundations of the JAAS Provider
JAAS
Java2 Security Model
Java Application Environments
Provider Types
LDAP-Based Provider Type
XML-Based Provider Type
What Is the Java2 Security Model?
What Is JAAS?
Principals
Subjects
Login Module Authentication
Roles
Realms
Applications
Policies and Permissions
File-Based Policy Example
XML-Based Example
JAAS Provider Features
JAAS Provider User Services
Capability Model of Access Control
Role-Based Access Control (RBAC)
Role Hierarchy
Role Activation
JAAS Provider Realm and Policy Management
Realm and Policy Management Tools
JAAS Provider Realm Framework
Realm Management in LDAP-Based Environments
LDAP-Based Realm Types
LDAP-Based Realm Data Storage
Realm Hierarchy
Security Measures For Java Authorization Service
LDAP-Based Realm Permissions
Realm Management in XML-Based Environments
XML-Based Realm Types
XML-Based Realm and Policy Information Storage
JAAS Provider Policy Administration
Oracle Internet Directory Administration
AdminPermission Class
Policy Partitioning
4 Quick Start JAAS Provider Demo
Quick Start JAAS Provider Demo Overview
Setting Up the Demo
Task 1: Modifying OC4J Configuration Files
Task 2: Changing Default Configurations (Optional)
Running the Demo
Viewing the Results of the callerInfo Demo
Testing the JAZN Admintool
5 Integrating the JAAS Provider with Java2 Applications
Java2 Application Environments Overview
Oracle Components Available on the Java2 Platform
JAAS Provider Integration in J2SE Application Environments
A Typical Scenario in the J2SE Environment
JAAS Provider Integration in J2EE Application Environments
Oracle9
i
AS Containers for J2EE (OC4J)
JAZNUserManager
Replacing principals.xml
JAZNUserManager Features
Authentication Environments
Integrating the JAAS Provider with SSO-Enabled Applications
SSO-Enabled J2EE Environments: A Typical Scenario
Integrating the JAAS Provider with SSL-Enabled Applications
SSL-Enabled J2EE Environments: A Typical Scenario
Integrating the JAAS Provider with Basic Authentication
Basic Authentication J2EE Environments: Typical Scenario
J2EE and JAAS Provider Role Mapping
J2EE Security Roles
JAAS Provider Roles and Users
OC4J Group Mapping to J2EE Security Roles
How Do I Get Started?
6 Managing the JAAS Provider
JAAS Provider Management Overview
LDAP-Based and XML-Based JAAS Providers
Using the Oracle Enterprise Manager Interface with the JAAS Provider
Accessing the JAAS Provider
Task 1: Managing JAAS Policy
Searching for And Viewing Existing Grant Entries
Deleting Grant Entries
Creating a New Grant Entry
Task 2: Managing Java Permissions
Searching for And Viewing Existing Permissions
Revoking Permissions Assigned to a Principal
Using the JAZN Admintool
Usage Examples
Command Options
Realm Operations
Adding and Removing Realms
Adding and Removing Roles
Adding and Removing Users
Checking Passwords
Granting and Revoking Roles
Listing Realms
Listing Roles
Listing Users
Setting a Password
Policy Operations
Adding and Removing Permissions
Adding and Removing Principals
Granting and Revoking Permissions
Listing Permissions
Listing Permission Information
Listing Principal Classes
Listing Principal Class Information
Interactive Shell
Starting the JAZN Admintool Shell
Getting XML Configuration Information
Migration Operations
Migrating Principals from the principals.xml File
Getting Help
JAZN Shell Interface
JAZN Shell Commands
Using the ls Command to List JAAS Provider Data
Using the cd Command to Navigate JAAS Provider Data
Using the mkdir, mk, or add Commands to Create JAAS Provider Data
Using the pwd Command to Display the Current Shell Working Directory
Using the help Command to List JAAS Provider Commands
Using the man Command to Display Detailed JAAS Provider Commands
Using the clear Command to Clear the Screen
Using the exit Command to Exit the JAZN Shell
Managing LDAP Provider Data with Java Programs
About the Sample Java Code
The JAZNContext and JAZNConfig Classes
Managing Realms
Realm Creation
Creating an External Realm
Creating an Application Realm
Dropping a Realm
Managing Users
Managing Roles
Creating Roles
Granting Roles
Dropping Roles
Managing Permissions
Managing JAAS Provider Policy
Managing Policy with JAAS Provider Packages
Managing XML-Based Provider Data with the XML Schema
Managing Realms, Users, Roles, and Permissions
DTD for jazn-data.xml
Other Utilities
PermissionClassManager Interface
PrincipalClassManager Interface
LoginModuleManager
7 Developing Secure J2SE Applications
Developing Secure J2SE Applications Overview
Authentication in the J2SE Environment
Authorization in the J2SE Environment
Subject.doAs
SecurityManager.checkPermission
PrivilegedAction
Testing and Executing an Application
Starting with RealmLoginModule
Starting without RealmLoginModule
Sample J2SE Application
Sample J2SE Application Code
Discussion of the J2SE Sample Client Login and Application Code
8 Developing Secure J2EE Applications
Developing Secure J2EE Applications Overview
Authentication in the J2EE Environment
Running with an Authenticated Identity
Intercepting Servlet Invocation
Retrieving Authentication Information
Authorization in the J2EE Environment
Testing and Executing the J2EE Application
Setting Up
Task 1: Installing Ant (Optional)
Task 2: Modifying OC4J Files
Modifying OC4J Files Where OC4J is Not Running
Deploying an Application When the OC4J Server Is Running
Task 3: Changing Default Configurations
Using XML-Based Realms (Default)
Using LDAP-Based Realms
Using SSL and SSO Integration
Using SSO
Task 4: Building the Directory
Starting an Application
Sample J2EE Application
Discussion of the J2EE Sample Application Code
9 Java Message Service
Overview
Resource Providers
Configuring a Custom Resource Provider
Using a Custom Resource Provider
Using Oracle JMS as a Resource Provider
Configuring the Resource Provider
Using Message-Driven Beans
Using Third-Party Resource Providers
Using MQSeries as a Resource Provider
Configuring
Using SonicMQ as a Resource Provider
Using SwiftMQ as a Resource Provider
10 Interoperability and RMI Tunneling
Introduction to EJB Interoperability
Naming
Security
Transactions
Switching to Interoperable Transport
Simple Interoperability
Advanced Interoperability
The corbaname URL
The rmic.jar Compiler
Exception Mapping
Invoking OC4J-Hosted Beans from a Non-OC4J Container
Configuring OC4J for Interoperability
Interoperability OC4J Flags
Interoperability Configuration Files
Server-wide Files
Application-specific Files
EJB Server Security Properties (internal-settings.xml)
CSIv2 Security Properties
CSIv2 Security Properties (internal-settings.xml)
CSIv2 Security Properties (ejb_sec.properties)
Trust Relationships
CSIv2 Security Properties (orion-ejb-jar.xml)
The <transport-config> element
The <as-context> element
The <sas-context> element
DTD
EJB Client Security Properties (ejb_sec.properties)
JNDI Properties for Interoperability (jndi.properties)
Configuring RMI Tunneling
Configuring RMI in server.xml and rmi.xml
Editing server.xml
Editing rmi.xml
hostname
port
hostname
username
port
password
11 Data Sources
Introduction
Defining Data Sources
Defining Location of the Data Source XML Configuration File
Defining Data Sources
Retrieving a Connection from a Data Source
Types of Data Sources
Emulated Data Sources
Non-Emulated Data Sources
Non-JTA Data Sources
Non-Emulated Data Sources Cannot Mix Transaction Types
Mixing Data Sources
Two-Phase Commits and Data Sources
Using Data Sources
Configuring Data Source Objects
Configuration Files
Data Source Attributes
Data Source Methods
Portable Data Source Lookup
Using Oracle JDBC Extensions
Behavior of a Non-Emulated Data Source Object
Retrieving a Connection Outside a Global Transaction
Retrieving a Connection Within a Global Transaction
Using Database Caching Schemes
Connection Retrieval Error Conditions
Using Different Usernames for Two Connections to a Single Data Source
Using the OCI JDBC Drivers
Using DataDirect Drivers
12 Java Transaction API
Introduction
Single-Phase Commit
Enlisting a Single Resource
Configuring the Data Source
Retrieving the Data Source Connection
Performing JNDI Lookup on Data Source Definition
Performing JNDI Lookup Using Environment
Demarcating the Transaction
Container-Managed Transactional Demarcation
Bean-Managed Transactions
Programmatic Transaction Demarcation
Client-side Transaction Demarcation
JTA Transactions
JDBC Transactions
Two-Phase Commit
Configuring Two-Phase Commit Engine
Two-Phase Commit Elements in the orion-application.xml DTD
13 J2EE Connector Architecture
Introduction
Resource Adapters
Application Contracts
Quality of Service Contracts
Support for Optional Features
Deploying Resource Adapters
The ra.xml Descriptor
The oc4j-ra.xml Descriptor
The <connection-pooling> Element
The <security-config> Element
The oc4j-ra.xml DTD
The oc4j-connectors.xml Descriptor
The oc4j-connectors.xml DTD
Deploying Standalone Resource Adapter Archives
Deploying Using admin.jar
Deploying Manually
Removing Resource Adapters
Deploying Embedded Resource Adapters
Specifying Container-Managed or Component-Managed Sign-On
Authentication in Container-Managed Sign-On
JAAS Pluggable Authentication
The InitiatingPrincipal and InitiatingGroup Classes
JAAS and the <connector-factory> Element
User-Created Authentication Classes
Extending AbstractPrincipalMapping
Modifying oc4j-ra.xml
14 Working with Java Object Cache
Java Object Cache Concepts
Java Object Cache Basic Architecture
Distributed Object Management
How the Java Object Cache Works
Cache Organization
Java Object Cache Features
Java Object Cache Object Types
Memory Objects
Disk Objects
StreamAccess Objects
Pool Objects
Java Object Cache Environment
Cache Regions
Cache Subregions
Cache Groups
Cache Object Attributes
Using Attributes Defined Before Object Loading
Using Attributes Defined Before or After Object Loading
Developing Applications Using Java Object Cache
Importing the Java Object Cache
Defining a Cache Region
Defining a Cache Group
Defining a Cache Subregion
Defining and Using Cache Objects
Implementing a CacheLoader
Using CacheLoader Methods Within the Load Method
Invalidating Cache Objects
Destroying Cache Objects
Setting Cache Configuration Properties
Implementing a Cache Event Listener
Restrictions and Programming Pointers
Working with Disk Objects
Configuring Properties for Using the Disk Cache
Setting the diskPath Configuration Property
Local and Distributed Disk Cache Objects
Local Objects
Distributed Objects
Adding Objects to the Disk Cache
Automatically Adding Objects
Explicitly Adding Objects
Using Objects that Reside Only in Disk Cache
Working with StreamAccess Objects
Creating a StreamAccess Object
Working with Pool Objects
Creating Pool Objects
Using Objects from a Pool
Implementing a Pool Object Instance Factory
Running in Local Mode
Running in Distributed Mode
Configuring Properties for Distributed Mode
Setting the Distribute Configuration Property
Setting the DiscoveryAddress Configuration Property
Using Distributed Objects, Regions, Subregions, and Groups
Using the REPLY Attribute with Distributed Objects
Using SYNCHRONIZE and SYNCHRONIZE_DEFAULT
Cached Object Consistency Levels
Using Local Objects
Propagating Changes Without Waiting for a Reply
Propagating Changes and waiting for a Reply
Serializing Changes Across Multiple Caches
Sharing Cached Objects in an OC4J Servlet
15 Oracle HTTPS for Client Connections
Prerequisites
Audience
About Oracle HTTPS
HTTPConnection Class
OracleSSLCredential Class
Overview of Oracle HTTPS Features
SSL Cipher Suites Supported by Oracle HTTPS
Certificate and Key Management with Oracle Wallet Manager
Access Information About Established SSL Connections
Security-Aware Applications Support
java.net.URL Framework Support
Specifying Default System Properties
javax.net.ssl.KeyStore
javax.net.ssl.KeyStorePassword
Potential Security Risk with Storing Passwords in System Properties
Oracle.ssl.defaultCipherSuites
Oracle HTTPS APIs
Public Class: HTTPConnection
Public Class: OracleSSLCredential
Constructor
Methods
Oracle HTTPS Example
Initializing SSL Credentials
Verifying Connection Information
Transferring Data
A JAAS Provider APIs
JAAS Provider API Overview
Package oracle.security.jazn
Interfaces
Persistable
Classes
JAZNConfig
JAZNContext
JAZNPermission
JAZNWebAppConfig
Exceptions
JAZNConfigException
JAZNException
JAZNInitException
JAZNNamingException
JAZNObjectExistsException
JAZNObjectNotFoundException
JAZNRuntimeException
Package oracle.security.jazn.login
Classes
LoginModuleManager
Package oracle.security.jazn.policy
Interfaces
GlobalPolicy
JAZNPolicy
PermissionClassManager
PolicyManager
PrincipalClassManager
RealmPolicy
Classes
AdminPermission
Grantee
PermissionClassDesc
PrincipalClassDesc
RoleAdminPermission
Package oracle.security.jazn.realm
Interfaces
InitRealmInfo.RealmType
Realm
Realm.LDAPProperty
RealmPrincipal
RealmRole
RealmUser
RoleManager
UserManager
Classes
InitRealmInfo
RealmLoginModule
RealmManager
RealmPermission
B JAAS Provider Standards and Samples
Sample jazn-data.xml Code
Supplemental Code Samples
Supplementary Code Sample: Creating an Application Realm
Supplementary Code Sample: Modifying User Permissions
Index
Copyright © 1996, 2002 Oracle Corporation.
All Rights Reserved.
Core
Platform
Index
