public interface KVSecurityConstants
KVStoreConfig.setSecurityProperties(java.util.Properties)
,
but may be used as a reference when configuring a security property file.Modifier and Type | Field and Description |
---|---|
static String |
AUTH_EXT_MECH_PROPERTY
The name of the property to specify the external authentication
mechanism to use for client logins.
|
static String |
AUTH_KRB_CCACHE_PROPERTY
The name of property to specify the location of the Kerberos credential
cache file.
|
static String |
AUTH_KRB_KEYTAB_PROPERTY
The name of property to specify the location of the keytab file for
Kerberos login.
|
static String |
AUTH_KRB_MUTUAL_PROPERTY
The name of property to specify whether to use mutual authentication for
Kerberos external login mechanism.
|
static String |
AUTH_KRB_REALM_PROPERTY
The name of property to specify the Kerberos realm for the user
principal if using a short name to specify the client login principal.
|
static String |
AUTH_KRB_SERVICES_PROPERTY
The name of property to specify the Kerberos principals for services
associated with each helper host.
|
static String |
AUTH_PWDFILE_PROPERTY
The name of the property that identifies a password store file containing
the password of the user to authenticate.
|
static String |
AUTH_USERNAME_PROPERTY
The name of a property to specify a username for authentication.
|
static String |
AUTH_WALLET_PROPERTY
The name of the property that identifies an Oracle Wallet directory
containing the password of the user to authenticate.
|
static String |
CMD_PASSWORD_NOPROMPT_PROPERTY
The name of property to specify whether to automatically prompt password
for command line utilities.
|
static String |
JAAS_LOGIN_CONF_NAME
The name of property to specify the configuration entry name in the JAAS
login configuration file when the application specifies credentials
using JAAS login configuration.
|
static String |
KRB_MECH_NAME
The value of the
AUTH_EXT_MECH_PROPERTY setting that enables
the Kerberos login mechanism. |
static String |
SECURITY_FILE_PROPERTY
The name of the property that identifies a security property
configuration file to be read when a KVStoreConfig is created, as a
set of overriding property definitions.
|
static String |
SSL_CIPHER_SUITES_PROPERTY
The name of the property used to control what SSL/TLS cipher suites are
acceptable for use.
|
static String |
SSL_HOSTNAME_VERIFIER_PROPERTY
The name of the property used to specify a verification step to
be performed when connecting to a NoSQL DB server when using SSL/TLS.
|
static String |
SSL_PROTOCOLS_PROPERTY
The name of the property used to control what SSL/TLS procotols are
acceptable for use.
|
static String |
SSL_TRANSPORT_NAME
The value of the
TRANSPORT_PROPERTY setting that enables the use
of SSL/TLS communication. |
static String |
SSL_TRUSTSTORE_FILE_PROPERTY
The name of the property to identify the location of a Java
truststore file that validates the SSL/TLS certificates used
by the NoSQL DB server.
|
static String |
SSL_TRUSTSTORE_TYPE_PROPERTY
The name of the property to identify the type of Java
truststore that is referenced by the
SSL_TRUSTSTORE_FILE_PROPERTY property. |
static String |
TRANSPORT_PROPERTY
The name of the property used by KVStore to determine the network
mechanism to be used when communicating with Oracle NoSQL DB
servers.
|
static final String SECURITY_FILE_PROPERTY
static final String TRANSPORT_PROPERTY
static final String SSL_TRANSPORT_NAME
TRANSPORT_PROPERTY
setting that enables the use
of SSL/TLS communication. This property has the value
"ssl".static final String SSL_CIPHER_SUITES_PROPERTY
static final String SSL_PROTOCOLS_PROPERTY
static final String SSL_HOSTNAME_VERIFIER_PROPERTY
The dnmatch verifier must be specified in the form "dnmatch(distinguished-name)", where distinguished-name must be the NoSQL DB server certificate's distinguished name. For a typical secure deployment this should be "dnmatch(CN=NoSQL)".
static final String SSL_TRUSTSTORE_FILE_PROPERTY
static final String SSL_TRUSTSTORE_TYPE_PROPERTY
SSL_TRUSTSTORE_FILE_PROPERTY
property. This is only needed if
using a non-default truststore type, and the specified type must be a
type supported by your Java implementation. This has the value
"oracle.kv.ssl.trustStoreType".static final String AUTH_USERNAME_PROPERTY
static final String AUTH_WALLET_PROPERTY
static final String AUTH_PWDFILE_PROPERTY
static final String AUTH_EXT_MECH_PROPERTY
Currently, the only supported external login mechanism is: "KERBEROS".
static final String KRB_MECH_NAME
AUTH_EXT_MECH_PROPERTY
setting that enables
the Kerberos login mechanism. This property has the value
"KERBEROS".static final String AUTH_KRB_SERVICES_PROPERTY
Each entry should specify the helper host name followed by the Kerberos service name, and optionally an instance name and realm name. The entries are separated by commas, ignoring spaces. If any entry does not specify a realm, each entry will use the default realm specified in Kerberos configuration file. If any entry specifies a realm name, then all entries must specify the same one. The syntax is:
host:service[/instance[@realm]][, host:service[/instance[@realm]]]*For example:
host37:nosql/host37@EXAMPLE.COM, host53:nosql/host53@EXAMPLE.COM
static final String AUTH_KRB_KEYTAB_PROPERTY
JAAS_LOGIN_CONF_NAME
security property.
If this property is not specified when authenticating with security properties, then authentication will be performed via the credentials cache, if specified. If both a keytab and a credentials cache are specified, then the credentials cache is tried first. If neither a keytab or a credentials cache is specified, then login will try the default credential cache and then the default keytab.
The default location of the keytab file is specified by the Kerberos configuration file. If the keytab is not specified there, then the system looks for the file:
user.home/krb5.keytab
static final String AUTH_KRB_REALM_PROPERTY
static final String AUTH_KRB_CCACHE_PROPERTY
JAAS_LOGIN_CONF_NAME
security property.
If this property is not specified when authenticating with security properties, then authentication will be performed via the keytab, if specified. If both a keytab and a credentials cache are specified, then the credentials cache is tried first. If both a keytab and a credentials cache are not specified, then login will try the default credential cache and then the default keytab.
The default location of the credential cache is /tmp/krb5cc_uid, where the uid is a numeric user identifier. If the credential cache is not found there, the system will look for the file:
user.home/krb5cc_user.name
static final String AUTH_KRB_MUTUAL_PROPERTY
static final String JAAS_LOGIN_CONF_NAME
KerberosCredentials
,
Constant Field Valuesstatic final String CMD_PASSWORD_NOPROMPT_PROPERTY
Copyright (c) 2011, 2017 Oracle and/or its affiliates. All rights reserved.