Skip Headers

Oracle9iAS Containers for J2EE Services Guide
Release 2 (9.0.3)
Part Number A97690-01
Go To Core Documentation
Core		 Go To Platform Documentation
Platform		 Go To Table Of Contents
Contents

Go to previous page

Index

A  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X 

Symbols

<application-server> element, 13-11
<as-context> element, 10-14
<commit-class> element, 12-12
<commit-coordinator> element, 12-12
<confidentiality> element, 10-13
<container-transaction> element, 12-7
<data-source>
attributes, 11-13
<entity-deployment> element, 10-8
<establish-trust-in-client> element, 10-13
<establish-trust-in-target> element, 10-13
<integrity> element, 10-13
<ior-security-config> element, 10-8
DTD, 10-15
<resource-provider> element, 9-6, 9-7, 9-8
and JNDI, 9-3
<resource-ref> element, 11-16
<res-ref-name> element, 11-16
<rmi-config> element, 10-18
<rmi-server> element, 10-18
<sas-context> element, 10-14
<sep-config> element, 10-8
<sep-property> element, 10-9, 10-11
<session-deployment> element, 10-8
<transaction-type> element, 12-6, 12-8
<trans-attribute> element, 12-6
<transport-config> element, 10-13

A

access control lists
definition, 3-14
AccessController, 3-5
accessing JAAS provider, 6-4
AccessTest1, 7-7, B-12
actions
definition, 3-4
add button
Oracle Enterprise Manager, 6-3
add command, 6-22
adding and removing realms, 6-14
adding and removing roles, 6-15
adding and removing users, 6-15
addperm options, 6-17
addprncpl option, 6-17
addrealm option, 6-15
addrole option, 6-15
adduser option, 6-16
administrative role, 6-26
admin.jar tool
-iiopClientJar switch, 10-3
AdminPermission class
administering permissions, 3-28
definition, 3-6, A-6
adminRole, 6-26
adminUser, 6-26
Ant build tool, 8-5
Apache Listener. See Oracle HTTP Server
apachectl start command, 8-8
apachectl startssl command, 8-8
APIs
oracle.security.jazn package, A-2
oracle.security.jazn.policy package, A-5
oracle.security.jazn.realm package, A-7
Application Realm
creation, 6-28
creation code, B-8
definition, 3-19
role management, 3-19, 3-22
sample LDAP directory information tree, 3-22
user management, 3-19, 3-22
ApplicationClientInitialContextFactory, 2-5 to 2-7
ApplicationInitialContextFactory, 2-7 to 2-9
applications
executing, 7-4
in Java2 application environments, 5-1
sample J2SE, 7-5
with JAAS, 3-10
application.xml
designating data-sources.xml, 11-2
assigning permissions, 6-5
attributes
CacheEventListener, 14-16
DefaultTimeToLive, 14-16
DISTRIBUTE, 14-14
GROUP_TTL_DESTROY, 14-14
IdleTime, 14-16
LOADER, 14-14
ORIGINAL, 14-14
REPLY, 14-14
SPOOL, 14-15
SYNCHRONIZE, 14-15
SYNCHRONIZE_DEFAULT, 14-15
TimeToLive, 14-16
Version, 14-16
Attributes.setCacheEventListener() method, 14-26
authentication
basic, 5-7
callerinfo demo, 4-2
definition, 3-2
environments, 5-7
J2EE, 8-2
J2SE, 7-2
using login modules, 3-9
using Oracle9iAS Single Sign-On (SSO), 3-13
using RealmLoginModule class, 3-13
with Basic Authentication, 5-13
with SSL, 5-11
with SSO, 3-13, 5-8
authorization
definition, 3-2
J2EE, 8-4
J2SE, 7-3

C

cache
concepts, 14-2
environment, 14-6
CacheAccess
createPool() method, 14-37
CacheAccess.get() method, 14-20
CacheAccess.getOwnership() method, 14-43
CacheAccess.preLoad() method, 14-20
CacheAccess.releaseOwnership() method, 14-44
CacheAccess.save() method, 14-33
CacheEventListener attribute, 14-16
CacheEventListener interface, 14-26
CacheLoader()
implementing, 14-20
CacheLoader.createStream() method, 14-36
caching scheme, 11-19
callback handler, 7-2, 7-5
callerInfo demo, 4-1, 8-4
code, 8-9
results, 4-5
capability model
definition, 3-14
cd command, 6-22
checking password, 6-16
checkpasswd option, 6-16
cipher suites
supported by Oracle HTTPS, 15-6
class names
definition, 3-4
classes
AdminPermission, A-6
Grantee, A-7
InitRealmInfo, A-8
JAZNConfig, A-2
JAZNConfigException, A-4
JAZNContext, A-3
JAZNPermission, A-3
RealmLoginModule, A-9
RealmManager, A-9
RealmPermission, A-9
RoleAdminPermission, A-7
cleanInterval property, 14-25
clear command, 6-23
client.sendpassword property, 10-16
codebase, 3-10
codesource, 6-7
in policy files, 3-10
Common Secure Interoperability version 2. See CSIv2
constructing
JNDI contexts, 2-3
JNDI InitialContext, 2-3
contextFactory property, 10-17
corbaname URL, 10-4
createDiskObject() method, 14-21, 14-33
createInstance() method, 14-39
CreatePool() method, 14-37
createRole, 6-29, 6-30
createStream() method, 14-21
creating a new grant entry, 6-7
creating roles, 6-30
creation code
Application Realm, B-8
External Realm, 6-27
credentials, 3-8, 3-27
cryptographic keys, 3-8
CSIv2
and EJBs, 10-11
internal-settings.xml, 10-11
introduction, 10-10
properties in orion-ejb-jar.xml, 10-13
security properties, 10-13 to 10-15

D

data source
configuration, 11-12
configuration file, 11-13
connection sharing, 11-18
default, 11-2
definition, 11-2
emulated, 11-2, 11-5 to 11-7
error conditions, 11-20
mixing transactions, 11-8
username, 11-20
introduction, 11-1
location of XML file, 11-2
non-emulated, 11-7 to 11-8
behavior, 11-18
JTA transaction, 11-18
Oracle JDBC extensions, 11-17
retrieving connection, 11-4, 11-16
using DataDirect driver, 11-21
using OCI driver, 11-21
data storage
in LDAP-based environments, 3-22
database
caching scheme, 11-19
retrieving connection, 11-4
DataDirect driver, 11-21
DataSource object, 11-4, 12-4
methods, 11-15
retrieving, 12-4
use in JTA, 12-11
data-sources.xml file, 11-13, 12-12
designating location, 11-2
pre-installed definitions, 11-2
use in JTA, 12-2
default configurations
callerInfo demo, 4-3
default realm, 4-4, 8-6
DefaultTimeToLive attribute, 14-16
default-web-site.xml file, 4-3, 8-5
defineGroup() method, 14-18
defineObject() method, 14-19
defineRegion() method, 14-17
delegation, 3-2
deleting grant entries, 6-6
deployment
and interoperability, 10-8
deployment descriptors
J2EE Connector, 13-4
JTA, 12-7
DER, 15-4
destroy() method, 14-23
destroyInstance() method, 14-39
directory entries
Java Authorization Service, 3-20 to 3-24
directory information tree (DIT)
Application Realm, 3-22
External Realm, 3-20
Java Authorization Service, 3-23 to 3-24
Subscriber Realm, 3-20
directory security
Java Authorization Service, 3-24
discoveryAddress property, 14-25, 14-41
diskPath property, 14-25, 14-31
Distinguished Encoding Rules, 15-4
also see DER
distinguished name (DN), 3-23
DISTRIBUTE attribute, 14-14, 14-40
distribute property, 14-25
doFilter(ServletRequest request, ServletResponse response,FilterChain chain), 8-3
dropping a realm, 6-26, 6-29
dropping roles, 6-32
dropRole, 6-29, 6-32
DTDs
<ior-security-config> element, 10-15
internal-settings.xml, 10-10
jazn-data.xml, 6-34
oc4j-connectors.xml, 13-10
oc4j-ra.xml, 13-8
orion-application.xml security elements, 12-14

E

EJB
CSIv2, 10-11
interoperability, 10-1 to 10-19
making interoperable, 10-3
server security properties, 10-9 to 10-10
ejb_sec.properties, 10-15 to 10-17
embedded resource adapter, 13-3
environments, 3-3, 3-18
examples
standalone resource adapters, 13-13
exceptionHandler() method, 14-21
exceptions
JAZNException, A-4
JAZNInitException, A-4
JAZNNamingException, A-4
JAZNObjectExistsException, A-4
JAZNObjectNotFoundException, A-4
JAZNRuntimeException, A-4
executing an application, 7-4
exit command, 6-23
External Realm
automatically installed, 3-23
creating, 6-27
creation code, 6-27
definition, 3-19
role management, 3-19, 3-20
sample LDAP directory information tree, 3-20
user management, 3-19, 3-20

F

features, 3-1
files
interoperability deployment, 10-8
flags
OC4J, starting interoperably, 10-8
foundations of the JAAS provider, 3-2

G

generated stub JAR file, 10-3
GenericCredential interface
and Kerberos, 13-15
getAttribute("java.security.cert.X509certificate"), 8-3
getAuthType, 8-3
getconfig option, 6-19
getConnection method, 11-4, 12-4
getID() method, 14-26
getName() method, 14-21
getOwnership() method, 14-43
getOwnsership() method, 14-47
getParent() method, 14-19
getPolicy, 6-33
getRegion() method, 14-21
getRemoteUser, 8-3
getRoles, 6-29
getSource() method, 14-26
getSubject, 7-2
getting
XML configuration information, 6-19
getUserPrincipal, 8-3
grant entry data, 6-6
Grantee class
definition, A-7
granting and revoking permissions, 6-18
granting and revoking roles, 6-16
granting roles, 6-30
grantperm option, 6-18
grantRole, 6-29, 6-30
grantrole option, 6-16
GROUP_TTL_DESTROY attribute, 14-14, 14-22, 14-23

H

handleEvent() method, 14-26
help
on JAZN Admintool, 6-20
help command, 6-23
help option, 6-20
hosted application environments, 3-28
hosted environments, 3-30
HTTPClient.HttpUrlConnection, 15-8
HTTPConnection, 15-4
Oracle extensions, 15-11

I

IdleTime attribute, 14-16
impersonation
delegation, 3-2
import
oracle.ias.cache, 14-17
initial context
JNDI, 2-2
initial context factories
JNDI, 2-4 to 2-10
InitialContext
constructing in JNDI, 2-3
InitRealmInfo class
definition, A-8
InitRealmInfo.RealmType interface, 6-28
definition, A-7
installation
Javadoc, A-1
interfaces
InitRealmInfo.RealmType, A-7
JAZNPolicy, A-5
Realm, A-8
Realm.LDAPProperty, A-8
RealmPrincipal, A-8
RealmRole, A-8
RealmUser, A-8
RoleManager, A-8
UserManager, A-8
internal_settings.xml file
<sep-property> element, 10-11
internal-settings.xml
CSIv2 entities, 10-11
internal-settings.xml file, 10-9 to 10-10
/ element, 10-9
DTD, 10-10
interoperability, 10-1 to 10-19
adding to EJB, 10-3
files configuring, 10-8
overview, 1-2
invalidate() method, 14-22
invoking JAZN Admintool, 6-13

J

J2EE Connector, 13-1 to 13-15
deployment descriptors, 13-4
QoS contracts, 13-3
resource adapters, 13-2
standalone resource adapter archives, 13-11 to 13-12
standalone resource adapter example, 13-13
J2EE. See also Java2 Platform, Enterprise Edition (J2EE)
J2SE. See Java2 Platform, Standard Edition (J2SE)
JAAS provider
definition, 3-1
enhancements to realms, 3-16
features, 3-1
integration with Basic authentication, 5-12
integration with J2EE applications, 5-3
integration with J2SE applications, 5-2
integration with J2SE environments, 5-2
integration with SSL-enabled applications, 5-10
integration with SSO-enabled applications, 5-8
management of, 6-1
management tools, 6-1
permission classes, 3-6
policy management, 6-33
running multiple instances, A-2
security role, 5-16
JAAS. See Java Authentication and Authorization Service (JAAS)
jaas.config, 7-4
Java application environments, 3-3
Java Authentication and Authorization Service (JAAS), 3-2
applications, 3-10
definition, 3-7
extending the Java2 Security Model, 3-7
login modules, 3-9
managing policy, 6-5
overview, 1-2
policy files
example, 3-10
principals, 3-7
realms, 3-10
roles, 3-9
subjects, 3-8
support for authorization and authentication features, 3-7
Java Authorization Service
directory entries, 3-20 to 3-24
directory information tree, 3-23 to 3-24
security measures, 3-24
Java Connector Architecture
overview, 1-3
Java Message Service. SeeJMS.
Java Object Cache, 14-2
attributes, 14-12
basic architecture, 14-3
basic interfaces, 14-5
cache configuration properties, 14-24
cache consistency levels, 14-46
cache environment, 14-6, 14-10
classes, 14-5
configuration
cleanInterval property, 14-25
discoveryAddress property, 14-25
diskPath property, 14-25
distribute property, 14-25
logFileName property, 14-25
logger property, 14-25
logSeverity property, 14-26
maxObjects property, 14-26
maxSize property, 14-26
consistency levels
distributed with reply, 14-47
distributed without reply, 14-47
local, 14-47
synchronized, 14-47
default region, 14-11
defining a group, 14-18
defining a region, 14-17
defining an object, 14-19
destroy object, 14-23
disk cache
adding objects to, 14-32
configuring, 14-31
disk objects, 14-30
definition of, 14-9
distributed, 14-33
local, 14-33
using, 14-33
distribute property, 14-41
distributed cache architecture, 14-4
distributed disk objects, 14-31
distributed groups, 14-41
distributed mode, 14-40
distributed objects, 14-41
distributed regions, 14-41
features, 14-7
group, 14-12
invalidating object, 14-22
javacache.log log file, 14-25
local disk objects, 14-31
local mode, 14-40
memory objects
definition of, 14-8
local memory object, 14-8
spooled memory object, 14-8
updating, 14-8
naming objects, 14-8
object types, 14-6, 14-8
overview, 1-4
pool objects
accessing, 14-38
creating, 14-37
definition of, 14-10
using, 14-37
programming restrictions, 14-29
region, 14-11
StreamAccess object, 14-9
subregion, 14-11
Java permissions, 6-3
managing, 6-10
Java Platform, Enterprise Edition (J2EE)
security role, 5-15
Java programming
sample code, 6-24
Java Transaction API. See JTA.
Java virtual machine (JVM)
running multiple JAAS provider instances, A-2
Java2 application environments, 5-1
Java2 Platform, Enterprise Edition (J2EE)
application development in, 5-1
application development with the JAAS provider, 3-1
application management, 8-1
application startup, 8-8
creating applications using the Java2 Security Model, 3-4
definition, 5-1, 5-3
integration with JAAS provider, 5-3
integration with JAZNUserManager, 5-4
integration with Oracle components, 5-3
integration with Oracle9iAS Containers for J2EE, 5-3
Oracle component responsibilities in basic authentication environments, 5-13
Oracle component responsibilities in SSL-enabled environments, 5-11
Oracle component responsibilities in SSO-enabled environments, 5-8
starting applications with SecurityManager, 8-8
starting in SSL environment, 8-8
starting in SSO environments, 8-8
Java2 Platform, Standard Edition (J2SE)
application development in, 5-1
application development with the JAAS provider, 3-1
authentication, 7-2
authorization, 7-3
creating applications using the Java2 Security Model, 3-4
definition, 5-1, 5-2
integration with JAAS provider, 5-2
integration with Oracle components, 5-2
JAAS provider integration, 5-2
provider types available, 5-2
Java2 Security Model, 3-2, 3-7, 8-4
definition, 3-4
using access control capability model, 3-14
using with J2EE applications, 3-4
using with J2SE applications, 3-4
using with JAAS, 3-7
javacache.properties file, 14-24
Javadoc
location of, A-1
java.io.FilePermission, B-9
java.lang.SecurityManager.checkPermission, 7-3
java.naming.provider.url property, 10-17
java.net.URL framework, 15-8
java.security.cert.X509Certificate, 8-3
java.security.cert.X509Certificate,x509cert, 8-3
java.security.Permission class, 6-32
RealmPermission extends from, A-9
java.security.principal, 3-13
java.security.Principal interface
RealmPrincipal extends from, A-8
using with principals, 3-7
using with roles and groups, 3-9
javax.net.ssl.KeyStore, 15-10
javax.net.ssl.KeyStorePassword, 15-10
javax.security.auth.Policy, A-2
javax.security.auth.Subject.doAs, 7-2, 7-3
javax.servlet.HttpServletRequest, 8-3
JAZN Admintool, 6-1, 6-12
administering policy, 3-27
definition, 3-17
for managing JAAS provider types, 3-13
invoking, 6-13
Quick Start, 4-6
shell commands, 6-21
starting shell, 6-12
JAZN Admintool commands
usage examples, 6-12
JAZN Admintool options
addperm, 6-17
addprncpl, 6-17
addrealm, 6-15
addrole, 6-15
adduser, 6-16
checkpasswd, 6-16
getconfig, 6-19
getting help, 6-20
grantperm, 6-18
grantrole, 6-16
help, 6-20
listperm, 6-18
listperms, 6-18
listprncpl, 6-18
listrealms, 6-16
listroles, 6-16
listusers, 6-17
remprncpl, 6-17
remrealm, 6-15
remrole, 6-15
remuser, 6-16
revokeperm, 6-18
revokerole, 6-16
setpasswd, 6-17
shell, 6-19
JAZN Admintool shell
starting, 6-19
JAZN Admintool shell commands
add, 6-22
cd, 6-22
clear, 6-23
exit, 6-23
help, 6-23
ls, 6-22
man, 6-23
mk, 6-22
mkdir, 6-22
pwd, 6-23
rm, 6-22
jazn element
location, 4-4, 8-6
JAZNAdminGroup, 3-28
JAZNClientGroup, 3-28
JAZNConfig class, 6-25
definition, A-2
JAZNConfigException class
definition, A-4
JAZNContext class, 6-25
definition, A-3
jazn-data.xml file, 3-11, 3-25, 3-26, 4-3
DTD, 6-34
JAZNException exception
definition, A-4
JAZNInitException exception
definition, A-4
JAZNNamingException exception
definition, A-4
JAZNObjectExistsException exception
definition, A-4
JAZNObjectNotFoundException exception
definition, A-4
JAZNPermission class
definition, 3-6, A-3
target names, A-3
JAZNPolicy interface
definition, A-5
JAZNRuntimeException exception
definition, A-4
JAZNUserManager, 8-1, 8-4
definition, 3-13, 5-4
filter element, 5-5, 8-3
integration in J2EE environments, 5-4
jazn.xml file, 7-4, 7-5
JCA. See J2EE Connector.
JDBC
Oracle extensions, 11-17
retrieving connection, 11-4
JDK 1.3, 3-7
JMS, 9-1 to 9-8
overview, 1-2, 9-1
resource providers, 9-2 to 9-8
JNDI, 2-1 to 2-10
constructing contexts, 2-3
environment, 2-3
initial context, 2-2
initial context factories, 2-4 to 2-10
initial contexts, 2-2
lookup of data source, 11-4
jndi.jar file, 2-1
jndi.properties file, 10-17
JTA
bean-managed transaction, 12-2, 12-8
code download site, 12-1
container-managed transaction, 12-2, 12-6
demarcation, 12-2, 12-6
deployment descriptors, 12-7
overview, 1-3
resource enlistment, 12-2
retrieving data source, 12-4
single-phase commit
configuration, 12-2
definition, 12-2
specification web site, 12-1
two-phase commit, 12-10
configuration, 12-10
definition, 12-2

K

Kerberos, 3-8
and GenericCredential interface, 13-15

L

LDAP. See Lightweight Directory Access Protocol (LDAP)
ldapadd tool
creating users, 3-19
Lightweight Directory Access Protocol (LDAP)-based environments
in J2SE environments, 5-2
Oracle Internet Directory used as provider type, 3-3
realm contents, 3-19
realm data storage, 3-22
realm management, 3-18
realm permissions, 3-25
realm types available, 3-18
sample Application Realm directory information tree, 3-22
sample External Realm directory information tree, 3-20
sample Subscriber Realm directory information tree, 3-20
listing
permission information, 6-18
permissions, 6-18
principal class information, 6-18
principal classes, 6-18
listing realms, 6-16
listing roles, 6-16
listing users, 6-17
listperm option, 6-18
listperms option, 6-18
listprncpl option, 6-18
listrealms option, 6-16
listroles option, 6-16
listusers option, 6-17
LOADER attribute, 14-14
location
jazn element, 4-4, 8-6
log file javacache.log, 14-25
log() method, 14-21
logFileName property, 14-25
logger property, 14-25
login method, 7-2
login modules
available with JAAS provider, 3-13
configuring with different applications, 3-9
definition, 3-9
with JAAS, 3-9
LoginContext class, 3-9, 7-2
authenticating subjects, 3-9
LoginContext.getSubject, 7-2
logSeverity property, 14-26
ls command, 6-22

M

man command, 6-23
management
of JAAS provider, 6-1
management tools, 6-1
managing
JAAS provider policy, 6-33
JAZN with Java, 6-24
permissions, 6-10, 6-32
realms, 6-25
roles, 6-29
users, 6-29
Mandatory transaction attribute, 12-7
maxObjects property, 14-26
maxSize property, 14-26
message-driven beans
see MDB
migrating
principals, 6-19
mk command, 6-22
mkdir command, 6-22
mod_oc4j file, 8-4
mod_oc4j.conf file, 8-7
mod_ossl, 8-8
mod_osso, 8-8
multiple instances
of JAAS provider, 6-25, A-2

N

nameservice.useSSL property, 10-16
namespace partitioning, 3-10
netSearch() method, 14-21, 14-47
Never transaction attribute, 12-7
NotSupported transaction attribute, 12-7

O

obfuscation, 3-27
OBJECT_INVALIDATION event, 14-27
OBJECT_UPDATED event, 14-27
OC4J. See Oracle9iAS Containers for J2EE (OC4J)
oc4j-connectors.xml file
DTD, 13-10
oc4j.iiop.ciphersuites property, 10-16
oc4j.iiop.enable.clientauth property, 10-16
oc4j.iiop.keyStoreLoc property, 10-16
oc4j.iiop.keyStorePass property, 10-16
oc4j.iiop.trustedServers property, 10-16
oc4j.iiop.trustStoreLoc property, 10-16
oc4j.iiop.trustStorePass property, 10-16
oc4j-ra.xml file
DTD, 13-8
OCI driver, 11-21
OID. See Oracle Internet Directory (OID)
Oracle Enterprise Manager, 6-1, 6-3
accessing JAAS provider, 6-4
creating a new grant entry, 6-7
creating new grant
permission, 6-9
creating new grants, 6-7, 6-8
deleting grant entries, 6-6
JAAS provider overview, 3-17
principal classes, 6-8, 6-11
revoking permissions, 6-12
Oracle HTTPS, 15-1 to 15-17
default system properties, 15-9
example, 15-14
feature overview, 15-5
prerequisites for use, 15-2
supported cipher suites, 15-6
Oracle Internet Directory (OID)
administering policy data, 3-28
creating users, 3-19
location, 6-26
provider type, 3-16
Oracle Wallet Manager
and HTTPS, 15-7
Oracle9iAS Containers for J2EE (OC4J)
interoperability, 10-1 to 10-19
interoperability flags, 10-8
Oracle9iAS Containers for J2EE (OC4J), 8-1
integration in J2EE environments, 5-3
mapping security roles to JAAS provider users and roles, 5-16
Oracle9iAS Single Sign-On (SSO)
for SSO authentication, 3-13
Oracle9iAS Web Cache, 14-2
oracle.ias.cache package, 14-17
oracle.security.jazn package
classes, A-2
definition, A-2
exceptions, A-4
oracle.security.jazn.oc4j. JAZNServletRequest, 8-3
oracle.security.jazn.policy package
classes, A-6
definition, A-5
interfaces, A-5
oracle.security.jazn.realm package
classes, A-8
definition, A-7
interfaces, A-7
support for realms, 3-16
use of, 3-13
oracle.security.jazn.util. CertHash.getHash(x509cert), 8-3
OracleSSLCredential, 15-4, 15-12
Oracle.ssl.defaultCipherSuites, 15-10
ORIGINAL attribute, 14-14
orion-application.xml file, 4-3, 8-6, 8-7, 12-11
<resource-provider>, 9-6, 9-8
<resource-provider> element, 9-7
and JNDI resource provider, 9-3
DTD, 12-14
mapping security roles to JAAS provider users and roles, 5-16
orion-ejb-jar file
<establish-trust-in-client> element, 10-13
<establish-trust-in-target> element, 10-13
orion-ejb.jar file
/ element, 10-14
<as-context> element, 10-14
<transport-config> element, 10-13
orion-ejb-jar.xml
<integrity> element, 10-13
<session-deployment> element, 10-8
security properties, 10-13 to 10-15
orion-ejb-jar.xml file, 10-13
<confidentiality> element, 10-13
<entity-deployment> element, 10-8
<ior-security-config> element, 10-8

P

packages
oracle.security.jazn, A-2
oracle.security.jazn.policy, A-5
oracle.security.jazn.realm, A-7
partitioning, 3-10, 3-28
passwords, 3-27
checking, 6-16
setting, 6-17
permissions, 3-15, 6-9
actions, 3-4
administering with AdminPermission class, 3-28
class definitions, 3-6
class name, 3-4
definition, 3-10
granting and revoking with the JAZN Admintool, 6-18
in Java2 Security Model, 3-4
JAAS provider, 3-6
Java permission instance contents, 3-4
listing with the JAZN Admintool, 6-18
management in LDAP-based environments, 3-28
management in XML-based environments, 3-25, 3-28
managing, 6-10, 6-32
target, 3-4
persistence, 3-27
Pluggable Authentication Module (PAM), 3-7
policies
administering with JAZN Admintool, 3-27
administering with Oracle Internet Directory (OID), 3-28
administration, 3-27
definition, 3-10
information storage in XML-based provider type, 3-25
management in LDAP-based environments, 3-28
management in XML-based environments, 3-25
partitioning among realms, 3-29
policy entries, 6-3
policy files
codesource, 3-10
example, 3-10
subject, 3-10
PoolAccess
close() method, 14-38
get() method, 14-38
getPool() method, 14-38
returnToPool() method, 14-38
PoolAccess object, 14-38
PoolInstanceFactory
implementing, 14-39
principal classes, 6-8, 6-11
listing
information with the JAZN Admintool, 6-18
principal-based authorization
support for, 3-7
principals, 3-7, 6-8, 6-33, 7-2
definition, 3-7
with JAAS, 3-7
principals.xml file, 5-4
converting from, 6-19
PrivilegedAction interface, 7-3
privileges, 3-15
protection domain
definition, 3-4
in Java2 Security Model, 3-5
provider types, 3-3, 3-18
in J2SE environments, 5-2
managing, 3-13
Oracle Internet Directory (OID), 3-16, 3-27
retrieving permissions from, 3-14
storing policy information, 3-27
XML-based, 3-16, 3-27
public key certificates, 3-8
pwd command, 6-23

Q

QoS contracts, 13-3
quality of service contracts, 13-3
Quick Start, 4-1

R

RAR file
RBAC. See role-based access control (RBAC)
Realm interface
definition, A-8
realm permissions
management in LDAP-based environments, 3-25
Realm.LDAPProperty interface
definition, A-8
RealmLoginModule class, 3-13, 8-2
definition, A-9
for SSL and Basic authentication, 3-13
in J2SE environments, 5-2, 7-2
RealmManager class, 6-30
definition, A-9
RealmPermission class, 3-25
action names, A-9
definition, 3-6, A-9
RealmPrincipal interface, 3-13, 8-3
definition, A-8
RealmRole interface
definition, A-8
realms
adding and removing with the JAZN Admintool, 6-14
creation of realm container in LDAP-based environments, 3-22
data storage in LDAP-based environments, 3-22
definition, 3-10, 3-13
dropping, 6-26, 6-29
information storage in XML-based provider type, 3-25
JAAS provider enhancements, 3-16
JAAS provider framework, 3-18
JAAS provider support, 3-13
listing with the JAZN Admintool, 6-16
managing in LDAP-based environments, 3-18
managing in XML-based provider type, 3-25
name, 6-26
permission management in LDAP-based environments, 3-25
policy partitioning, 3-29
realm contents in LDAP-based environments, 3-19
types available in LDAP-based environments, 3-18
types available in XML-based provider type, 3-25
with JAAS, 3-10
RealmUser interface
definition, A-8
release_Ownsership() method, 14-47
releaseOwnership() method, 14-44
Remote Method Invocation. See RMI.
remprncpl option, 6-17
remrealm option, 6-15
remrole option, 6-15
remuser option, 6-16
REPLY attribute, 14-14, 14-42
Required transaction attribute, 12-7
RequiresNew transaction attribute, 12-7
resource adapter, 13-2
Resource Adapter Archive. See RAR.
resource providers
JMS, 9-2 to 9-8
ResourceProvider
JMS, 9-2, 9-3
retrieving authentication information, 8-3
returnToPool() method, 14-38
revokeperm option, 6-18
revokeRole, 6-29
revokerole option, 6-16
revoking permissions
Oracle Enterprise Manager, 6-12
rm command, 6-22
RMI
overview, 1-2
RMI tunneling, 10-17 to 10-19
rmic.jar compiler, 10-5 to 10-6
RMI/IIOP, 10-1 to 10-19
RMIInitialContextFactory, 2-9 to 2-10
rmi.xml file, 10-18
role activation
definition, 3-15
role hierarchy
definition, 3-15
role management, 3-19
role manager, 3-19
role object class, 6-26
role's searchbase property, 6-26
RoleAdminPermission class, 3-29
definition, 3-6, A-7
role-based access control (RBAC), 3-9, 3-13
definition, 3-14
JAAS provider support for, 3-13
role activation, 3-15
role hierarchy, 3-15
support for, A-2
RoleManager interface, 3-23, 6-29, 6-30
createRole, 6-29
definition, A-8
dropRole, 6-29
getRoles, 6-29
grantRole, 6-29
revokeRole, 6-29
roles, 6-33
adding and removing with the JAZN Admintool, 6-15
creating, 6-30
definition, 3-14
dropping, 6-32
granting, 6-30
granting and revoking with the JAZN Admintool, 6-16
listing with the JAZN Admintool, 6-16
management in Application Realms, 3-19, 3-22
management in External Realms, 3-19, 3-20
management in LDAP-based environments, 3-19
management in Subscriber Realms, 3-19, 3-21
management in XML-based environments, 3-25
managing, 6-29
using the J2EE security role, 5-15
with JAAS, 3-9
run-as element, 3-2, 3-15

S

sample application
AccessTest1, B-12
sample code, 6-24
createRole, 6-30
dropRole, 6-32
grantRole, 6-30
Sample J2SE Application, 7-5
sample_subrealm realm, 4-3
save() method, 14-33
searching for grant entry data, 6-6
searching for permissions, 6-10
secure mode, 4-4, 8-8
secure socket layer (SSL)
authentication method, 5-7
integration with Basic authentication, 5-12
integration with JAAS provider, 5-10
Secure Socket Layers (SSL), 5-7
security role
using in the web.xml file, 5-15
SecurityManager, 3-5, 7-3, 7-4
SecurityManager.checkPermission, 7-3, 8-4
server.xml file, 4-3
<application-server> element, 13-11
<sep-config> element, 10-8
and callerInfo demo, 4-3
and RMI, 10-18
default application defined in, 2-3
running servlets, 8-5
service provider interfaces, 2-1
Servlet.service, 8-4
setAttributes() method, 14-21
setCacheEventListener() method, 14-26
setpasswd option, 6-17
setting a password, 6-17
shell commands, 6-21
shell option, 6-19
single sign-on (SSO), 5-7, 8-2, 8-7
integration with JAAS provider, 5-8
SPOOL attribute, 14-15, 14-32
sslPrincipal, 8-3
standalone resource adapter archives, 13-11 to 13-12
standalone resource adapters, 13-2
example, 13-13
starting
JAAS application, 8-8
JAZN Admintool, 6-13
StreamAccess object
InputStream, 14-35
OutputStream, 14-35
using, 14-35
Subject.doAS method, 3-15
Subject.doAs method, 7-3, 8-3, 8-4
associating a subject with AccessControlContext, 3-8
invoking, 3-9
subjects, 3-8, 7-2, 7-3
definition, 3-8
with JAAS, 3-8
Subscriber Realm
definition, 3-19
role management, 3-19, 3-21
sample LDAP directory information tree, 3-20
user management, 3-19, 3-21
Supports transaction attribute, 12-7
SYNCHRONIZE attribute, 14-15, 14-44
SYNCHRONIZE_DEFAULT attribute, 14-15, 14-43

T

target names
definition, 3-4
of JAZNPermission class, A-3
TimeToLive attribute, 14-16
transaction
bean managed, 12-2
container-managed, 12-2
demarcation, 12-2, 12-6
deployment descriptors, 12-7
resource enlistment, 12-2
two-phase commit, 12-10
UserTransaction object, 12-9
tunneling
RMI, 10-17 to 10-19

U

URLs
corbaname, 10-4
user communities, 3-10, 3-18
user manager, 3-19
user object class, 6-26
user's searchbase property, 6-26
UserManager interface, 3-23, 6-29
definition, A-8
users, 6-33
adding and removing with the JAZN Admintool, 6-15
creating with Oracle Internet Directory, 3-19
creating with the ldapadd tool, 3-19
listing with the JAZN Admintool, 6-17
management in Application Realms, 3-19, 3-22
management in External Realms, 3-19, 3-20
management in LDAP-based environments, 3-19
management in Subscriber Realms, 3-19, 3-21
management in XML-based environments, 3-25
managing, 6-29
UserTransaction object
use in JTA, 12-9

V

Version attribute, 14-16
viewing
existing permissions, 6-10
grant entry data, 6-6

W

Web Cache, 14-2
Web Object Cache, 14-2
Web Object cache, 14-2
web.xml file
using the J2EE security role, 5-15

X

X.500 distinguished name
Oracle Enterprise Manager, 6-8
creating new grant, 6-8
XML-based provider type, 3-4
jazn-data.xml, 3-25
provider type, 3-16
realm and policy information storage, 3-25
realm management, 3-25
realm type available, 3-25
Go to previous page
Oracle
Copyright © 1996, 2002 Oracle Corporation.
All Rights Reserved.
Go To Core Documentation
Core		 Go To Platform Documentation
Platform		 Go To Table Of Contents
Contents