This section contains the following topics:
Reclassifying sealed content is the process of altering the classification of the sealed content. Reclassification usually means re-signing and re-encrypting the content, because most classifications have a dedicated set of cryptography keys. Reclassifying is typically used when content changes sensitivity, for example when a Top Secret document becomes a Company Confidential document.
The sealing server supports reclassifying. Content is uploaded to the sealing server, the classification is updated, and the updated sealed content is returned to the caller.
For JAX-WS generated web service proxies, the content is provided as a DataHandler parameter. Using a data handler allows the web service stack to stream the binary content to the server without having to load the complete file into memory.
javax.activation.DataHandler input = new javax.activation.DataHandler(new FileDataSource("example.stml"));
The data source does not have to be a file.
reclassifyA call to reclassify requires the sealed data (in the form of a DataHandler) and the new classification details. Refer to the sealing example for details about how to specify a classification in code.
SealingServices sealingServices = new SealingServicesService().getSealingServices(new javax.xml.ws.soap.MTOMFeature()); DataHandler results = sealingServices.reclassify(input,classification);
It is important to enable the MTOM web service feature. This ensures the sealed content is uploaded to the server in the most optimal form. It also avoids java.lang.OutOfMemoryException exceptions if the uploaded file is large.
To call the reclassify operation, the authenticated user needs either:
Rights that allow the copy to feature for the source classification with a trusted destination that allows the target classification, and rights that allow the seal feature for the target classification.
In the context classification system, this means the user has to have a role that has export constraints set as trusted with the target context being a trusted context of the source context, or that the role has export constraints set as none.
Rights that allow the unseal feature for the specified classification and the seal feature for the target classification.
In the context classification system, this means the user has to have a role that has export constraints set as none.
When using the Oracle IRM Server Management Console, the copy to and unseal features are enabled and controlled using the export constraints defined on a role.
The DataHandler class can be used to write out the resealed content to an output stream of the programmer's choice. This example shows the resealed content being written out to a file.
java.io.FileOutputStream outputStream = new java.io.FileOutputStream("example.stml");
results.writeTo(outputStream);
outputStream.close();
Reclassifying sealed content is the process of altering the classification of the sealed content. Reclassification usually means re-signing and re-encrypting the content, because most classifications have a dedicated set of cryptography keys. Reclassifying is typically used when content changes sensitivity, for example when a Top Secret document becomes a Company Cconfidential document. A call to reclassify requires the sealed data in the form of a InputStream, and the new classification details. The resultant reclassified sealed content is written to the provided OutputStream.
// Sealed content is provided as a file
java.io.InputStream input = new java.io.FileInputStream("sealed.stml");
// Reclassified content is written to a file
java.io.InputStream output = java.io.new FileInputStream("reclassified.stml");
// Reclassify the sealed content to the provided classification
reclassify(input, output, classification);
Refer to the sealing example for details about how to create a classification in code.
To call the reclassify operation, the authenticated user needs either:
Rights that allow the Copy To feature for the source classification, with a trusted destination that allows the target classification, and rights that allow the seal feature for the target classification.
Rights that allow the Unseal feature for the specified classification and the seal feature for the target classification.
Unseal and Copy To Features:
When using the Oracle IRM Server Management Console, the Copy To and Unseal features are enabled and controlled using the export constraints defined on a role.