5 Platform Security Services

This is chapter describes issues associated with Oracle Platform Security Services and Oracle Security Developer Tools. It includes the following topics:

5.1 Configuration Issues and Workarounds

There are no configuration issues to report.

5.2 Documentation Errata

This section contains corrections to documentation errors, in the following sections:

5.2.1 Corrections to WSLT Infrastructure Security Commands

This section describes several corrections to security commands in the book Infrastructure Security WLST Command Reference (E29489-01)

  • The leading sentence in section 2.1.1.34: "Online command that migrates the policy and credential stores to an LDAP repository." is incorrect; instead, it should be: "Online command that migrates policies, credentials, audit metadata, and keys from an existing OPSS security store to a target OPSS security store."

  • The statement in section 2.1.1.40.1: "No restart is needed" can be ignored since the command is offline.

  • The leading sentence in section 2.1.1.40.3 is incorrect; it should read "The following invocation rolls over the encryption key."

  • The statement in section 2.1.1.41.1: "Modifies the type, user name, password, URL, and port number of a credential in the domain credential store with given map name and key name." is incorrect; instead, it should read "Updates password credentials only."

  • Remove the clause "and maximum log directory size" from the description of getAuditPolicy in Section 2.1.2.2.1. Also change the first example in Section 2.1.2.2.3 to read:

    wls:/mydomain/serverConfig> getAuditPolicy()
    Location changed to domainRuntime tree. This is a read-only tree with DomainMBean as the root.
    For more help, use help(domainRuntime)
     
    FilterPreset:All
    Max Log File Size:104857600
    
  • The discussion of the setAuditRepository command, in Section 2.1.2.5.2 Syntax, omits an additional argument named timezone. Change the syntax to read as follows:

    setAuditRepository([switchToDB],[dataSourceName],[interval], [timezone])
    

    and in the table of arguments, add the following:

    timezone: timezone in which the audit loader records the timestamps of the audit events. The valid values are "utc" and "local".

    Example:

    wls:/mydomain/serverConfig> setAuditRepository(switchToDB="true",dataSourceName="jdbc/AuditAppendDataSource",interval="14",timezone="utc")
    
  • In both examples of setAuditRepository in Section 2.1.2.5.3, change the data source jndi name to jdbc/AuditAppendDataSource which is the default audit data source jndi name.

  • In Section 2.1.2.9.1 for the createAuditDBView command, change the first sentence to read:

    "This command generates a SQL script that you can use to create a database view to query audit log records of a specified component from the database . "