Sun Java System Application Server Enterprise Edition 8.1 2005Q2 Administration Guide

About Security Maps

Use security maps to map the caller identity of the application (principal or user group) to a suitable EIS principal in container-managed transaction-based scenarios. When an application principal initiates a request to an EIS, the application server first checks for an exact principal using the security map defined for the connector connection pool to determine the mapped back end EIS principal. If there is no exact match, then the application server uses the wild card character specification, if any, to determine the mapped back end EIS principal. Security maps are used when an application user needs to execute EIS operations that require to be executed as a specific identity in the EIS.

Use the following procedures in the Admin Console to manage security maps:

ProcedureTo create a security map

A security map for a connector connection pool maps application users and groups (principals) to EIS principals. Use a security map when an application user needs to execute EIS operations that require a specific identity in the EIS.

  1. Expand the Resources node

  2. Expand the Connectors node.

  3. Select the Connector Connection Pools node.

  4. Select a Connector Connection Pool by selecting its name from the list of current pools or create a new connector connection pool by selecting New from the list of current pools and following the instructions in To create a JDBC connection pool.

  5. Select the Security Maps page.

  6. Click New to create a new Security Map.

  7. On the Create Security Map page, enter the following properties.

    • Name – Enter a name to be used to reference this particular security map.

    • User Groups – The caller identity of the application to be mapped to a suitable EIS principal. Enter a comma-separated list of application-specific user groups, or enter the wild card asterisk (*) to indicate all users or all user groups. Specify either the Principals or User Groups options, but not both.

    • Principals – The caller identity of the application to be mapped to a suitable EIS principal. Enter a comma-separated list of application-specific principals, or enter the wild card asterisk (*) to indicate all principals. Specify either the Principals or User Groups options, but not both.

  8. In the Backend Principal section, enter the following properties.

    • Username – Enter the EIS user name. The enterprise information system (EIS) is any system that holds the information. It can be a mainframe, a messaging system, a database system, or an application.

    • Password – Enter the password for the EIS user.

  9. Click OK to create the security map or Cancel to quit without saving.

Equivalent asadmin command

create-connector-security-map

ProcedureTo edit a security map

  1. Expand the Resources node.

  2. Expand the Connectors node.

  3. Select the Connector Connection Pools node.

  4. Select a Connector Connection Pool by selecting its name from the list of current pools.

  5. Select the Security Maps page.

  6. On the Security Maps page, select a security map from the list of current security maps.

  7. On the Edit Security Map page, modify the following properties where needed.

    • User Groups – The caller identity of the application to be mapped to a suitable EIS principal. Enter a comma-separated list of application-specific user groups, or enter the wild card asterisk (*) to indicate all users or all user groups. Specify either the Principals or User Groups options, but not both.

    • Principals – The caller identity of the application to be mapped to a suitable EIS principal. Enter a comma-separated list of application-specific principals, or enter the wild card asterisk (*) to indicate all principals. Specify either the Principals or User Groups options, but not both.

  8. In the Backend Principal section, enter the following properties.

    • Username – Enter the EIS user name. The enterprise information system (EIS) is any system that holds the information. It can be a mainframe, a messaging system, a database system, or an application.

    • Password – Enter the password for the EIS user.

  9. Click Save to save the changes to the security map.

Helpful asadmin commands

list-connector-security-maps and update-connector-security-maps

ProcedureTo delete a security map

  1. Expand the Resources node.

  2. Expand the Connectors node.

  3. Select the Connector Connection Pools node.

  4. Select a Connector Connection Pool by selecting its name from the list of current pools.

  5. Select the Security Maps page.

  6. On the Security Maps page, click the checkbox to the left of the name of the security map to be deleted.

  7. Click Delete.

Equivalent asadmin command

delete-connector-security-map