Properties
The standard realms provided with Enterprise Server have required and optional properties. A custom realm might have different properties.
The following table describes properties for the auth-realm element.
Table 1–18 auth-realm Properties|
Property |
Realms |
Description |
|---|---|---|
|
all |
Specifies the JAAS (Java Authentication and Authorization Service) context. |
|
|
all |
(optional) If this property is set, its value is taken to be a comma-separated list of group names. All clients who present valid certificates are assigned membership to these groups for the purposes of authorization decisions in the web and EJB containers. |
|
|
file |
Specifies the file that stores user names, passwords, and group names. The default is domain-dir/config/keyfile. |
|
|
certificate |
If true, specifies that client authentication is required for all applications that use the certificate realm. The default is false. To require client authentication for a specific web application, set the method of authentication in the web.xml file to CLIENT-CERT. |
|
|
ldap |
Specifies the LDAP URL to your server. |
|
|
ldap |
Specifies the LDAP base DN for the location of user data. This base DN can be at any level above the user data, since a tree scope search is performed. The smaller the search tree, the better the performance. |
|
|
ldap |
(optional) Specifies the search filter to use to find the user. The default is uid=%s (%s expands to the subject name). |
|
|
ldap |
(optional) Specifies the base DN for the location of groups data. By default, it is same as the base-dn, but it can be tuned, if necessary. |
|
|
ldap |
(optional) Specifies the search filter to find group memberships for the user. The default is uniquemember=%d (%d expands to the user element DN). |
|
|
ldap |
(optional) Specifies the LDAP attribute name that contains group name entries. The default is CN. |
|
|
ldap |
(optional) Specifies an optional DN used to authenticate to the directory for performing the search-filter lookup. Only required for directories that do not allow anonymous search. |
|
|
ldap |
(optional) Specifies the LDAP password for the DN given in search-bind-dn . |
|
|
jdbc |
Specifies the jndi-name of the jdbc-resource for the database. |
|
|
jdbc |
Specifies the name of the user table in the database. |
|
|
jdbc |
Specifies the name of the user name column in the database's user table. |
|
|
jdbc |
Specifies the name of the password column in the database's user table. |
|
|
jdbc |
Specifies the name of the group table in the database. |
|
|
jdbc |
Specifies the name of the group name column in the database's group table. |
|
|
jdbc |
(optional) Allows you to specify the database user name in the realm instead of the jdbc-connection-pool. This prevents other applications from looking up the database, getting a connection, and browsing the user table. By default, the jdbc-connection-pool configuration is used. |
|
|
jdbc |
(optional) Allows you to specify the database password in the realm instead of the jdbc-connection-pool. This prevents other applications from looking up the database, getting a connection, and browsing the user table. By default, the jdbc-connection-pool configuration is used. |
|
|
jdbc |
(optional) Specifies the digest algorithm. The default is MD5. You can use any algorithm supported in the JDK, or none. |
|
|
jdbc |
(optional) Specifies the encoding. Allowed values are Hex and Base64. If digest-algorithm is specified, the default is Hex. If digest-algorithm is not specified, by default no encoding is specified. |
|
|
jdbc |
(optional) Specifies the charset for the digest algorithm. |
- © 2010, Oracle Corporation and/or its affiliates