Index
A
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Symbols
- <application-server> element, 13-11
- <as-context> element, 10-14
- <commit-class> element, 12-12
- <commit-coordinator> element, 12-12
- <confidentiality> element, 10-13
- <container-transaction> element, 12-7
- <data-source>
- attributes, 11-13
- <entity-deployment> element, 10-8
- <establish-trust-in-client> element, 10-13
- <establish-trust-in-target> element, 10-13
- <integrity> element, 10-13
- <ior-security-config> element, 10-8
- DTD, 10-15
- <resource-provider> element, 9-6, 9-7, 9-8
- and JNDI, 9-3
- <resource-ref> element, 11-16
- <res-ref-name> element, 11-16
- <rmi-config> element, 10-18
- <rmi-server> element, 10-18
- <sas-context> element, 10-14
- <sep-config> element, 10-8
- <sep-property> element, 10-9, 10-11
- <session-deployment> element, 10-8
- <transaction-type> element, 12-6, 12-8
- <trans-attribute> element, 12-6
- <transport-config> element, 10-13
A
- access control lists
- definition, 3-14
- AccessController, 3-5
- accessing JAAS provider, 6-4
- AccessTest1, 7-7, B-12
- actions
- definition, 3-4
- add button
- Oracle Enterprise Manager, 6-3
- add command, 6-22
- adding and removing realms, 6-14
- adding and removing roles, 6-15
- adding and removing users, 6-15
- addperm options, 6-17
- addprncpl option, 6-17
- addrealm option, 6-15
- addrole option, 6-15
- adduser option, 6-16
- administrative role, 6-26
- admin.jar tool
- -iiopClientJar switch, 10-3
- AdminPermission class
- administering permissions, 3-28
- definition, 3-6, A-6
- adminRole, 6-26
- adminUser, 6-26
- Ant build tool, 8-5
- Apache Listener. See Oracle HTTP Server
- apachectl start command, 8-8
- apachectl startssl command, 8-8
- APIs
- oracle.security.jazn package, A-2
- oracle.security.jazn.policy package, A-5
- oracle.security.jazn.realm package, A-7
- Application Realm
- creation, 6-28
- creation code, B-8
- definition, 3-19
- role management, 3-19, 3-22
- sample LDAP directory information tree, 3-22
- user management, 3-19, 3-22
- ApplicationClientInitialContextFactory, 2-5 to 2-7
- ApplicationInitialContextFactory, 2-7 to 2-9
- applications
- executing, 7-4
- in Java2 application environments, 5-1
- sample J2SE, 7-5
- with JAAS, 3-10
- application.xml
- designating data-sources.xml, 11-2
- assigning permissions, 6-5
- attributes
- CacheEventListener, 14-16
- DefaultTimeToLive, 14-16
- DISTRIBUTE, 14-14
- GROUP_TTL_DESTROY, 14-14
- IdleTime, 14-16
- LOADER, 14-14
- ORIGINAL, 14-14
- REPLY, 14-14
- SPOOL, 14-15
- SYNCHRONIZE, 14-15
- SYNCHRONIZE_DEFAULT, 14-15
- TimeToLive, 14-16
- Version, 14-16
- Attributes.setCacheEventListener() method, 14-26
- authentication
- basic, 5-7
- callerinfo demo, 4-2
- definition, 3-2
- environments, 5-7
- J2EE, 8-2
- J2SE, 7-2
- using login modules, 3-9
- using Oracle9iAS Single Sign-On (SSO), 3-13
- using RealmLoginModule class, 3-13
- with Basic Authentication, 5-13
- with SSL, 5-11
- with SSO, 3-13, 5-8
- authorization
- definition, 3-2
- J2EE, 8-4
- J2SE, 7-3
C
- cache
- concepts, 14-2
- environment, 14-6
- CacheAccess
- createPool() method, 14-37
- CacheAccess.get() method, 14-20
- CacheAccess.getOwnership() method, 14-43
- CacheAccess.preLoad() method, 14-20
- CacheAccess.releaseOwnership() method, 14-44
- CacheAccess.save() method, 14-33
- CacheEventListener attribute, 14-16
- CacheEventListener interface, 14-26
- CacheLoader()
- implementing, 14-20
- CacheLoader.createStream() method, 14-36
- caching scheme, 11-19
- callback handler, 7-2, 7-5
- callerInfo demo, 4-1, 8-4
- code, 8-9
- results, 4-5
- capability model
- definition, 3-14
- cd command, 6-22
- checking password, 6-16
- checkpasswd option, 6-16
- cipher suites
- supported by Oracle HTTPS, 15-6
- class names
- definition, 3-4
- classes
- AdminPermission, A-6
- Grantee, A-7
- InitRealmInfo, A-8
- JAZNConfig, A-2
- JAZNConfigException, A-4
- JAZNContext, A-3
- JAZNPermission, A-3
- RealmLoginModule, A-9
- RealmManager, A-9
- RealmPermission, A-9
- RoleAdminPermission, A-7
- cleanInterval property, 14-25
- clear command, 6-23
- client.sendpassword property, 10-16
- codebase, 3-10
- codesource, 6-7
- in policy files, 3-10
- Common Secure Interoperability version 2. See CSIv2
- constructing
- JNDI contexts, 2-3
- JNDI InitialContext, 2-3
- contextFactory property, 10-17
- corbaname URL, 10-4
- createDiskObject() method, 14-21, 14-33
- createInstance() method, 14-39
- CreatePool() method, 14-37
- createRole, 6-29, 6-30
- createStream() method, 14-21
- creating a new grant entry, 6-7
- creating roles, 6-30
- creation code
- Application Realm, B-8
- External Realm, 6-27
- credentials, 3-8, 3-27
- cryptographic keys, 3-8
- CSIv2
- and EJBs, 10-11
- internal-settings.xml, 10-11
- introduction, 10-10
- properties in orion-ejb-jar.xml, 10-13
- security properties, 10-13 to 10-15
D
- data source
- configuration, 11-12
- configuration file, 11-13
- connection sharing, 11-18
- default, 11-2
- definition, 11-2
- emulated, 11-2, 11-5 to 11-7
- error conditions, 11-20
- mixing transactions, 11-8
- username, 11-20
- introduction, 11-1
- location of XML file, 11-2
- non-emulated, 11-7 to 11-8
- behavior, 11-18
- JTA transaction, 11-18
- Oracle JDBC extensions, 11-17
- retrieving connection, 11-4, 11-16
- using DataDirect driver, 11-21
- using OCI driver, 11-21
- data storage
- in LDAP-based environments, 3-22
- database
- caching scheme, 11-19
- retrieving connection, 11-4
- DataDirect driver, 11-21
- DataSource object, 11-4, 12-4
- methods, 11-15
- retrieving, 12-4
- use in JTA, 12-11
- data-sources.xml file, 11-13, 12-12
- designating location, 11-2
- pre-installed definitions, 11-2
- use in JTA, 12-2
- default configurations
- callerInfo demo, 4-3
- default realm, 4-4, 8-6
- DefaultTimeToLive attribute, 14-16
- default-web-site.xml file, 4-3, 8-5
- defineGroup() method, 14-18
- defineObject() method, 14-19
- defineRegion() method, 14-17
- delegation, 3-2
- deleting grant entries, 6-6
- deployment
- and interoperability, 10-8
- deployment descriptors
- J2EE Connector, 13-4
- JTA, 12-7
- DER, 15-4
- destroy() method, 14-23
- destroyInstance() method, 14-39
- directory entries
- Java Authorization Service, 3-20 to 3-24
- directory information tree (DIT)
- Application Realm, 3-22
- External Realm, 3-20
- Java Authorization Service, 3-23 to 3-24
- Subscriber Realm, 3-20
- directory security
- Java Authorization Service, 3-24
- discoveryAddress property, 14-25, 14-41
- diskPath property, 14-25, 14-31
- Distinguished Encoding Rules, 15-4
- also see DER
- distinguished name (DN), 3-23
- DISTRIBUTE attribute, 14-14, 14-40
- distribute property, 14-25
- doFilter(ServletRequest request, ServletResponse response,FilterChain chain), 8-3
- dropping a realm, 6-26, 6-29
- dropping roles, 6-32
- dropRole, 6-29, 6-32
- DTDs
- <ior-security-config> element, 10-15
- internal-settings.xml, 10-10
- jazn-data.xml, 6-34
- oc4j-connectors.xml, 13-10
- oc4j-ra.xml, 13-8
- orion-application.xml security elements, 12-14
E
- EJB
- CSIv2, 10-11
- interoperability, 10-1 to 10-19
- making interoperable, 10-3
- server security properties, 10-9 to 10-10
- ejb_sec.properties, 10-15 to 10-17
- embedded resource adapter, 13-3
- environments, 3-3, 3-18
- examples
- standalone resource adapters, 13-13
- exceptionHandler() method, 14-21
- exceptions
- JAZNException, A-4
- JAZNInitException, A-4
- JAZNNamingException, A-4
- JAZNObjectExistsException, A-4
- JAZNObjectNotFoundException, A-4
- JAZNRuntimeException, A-4
- executing an application, 7-4
- exit command, 6-23
- External Realm
- automatically installed, 3-23
- creating, 6-27
- creation code, 6-27
- definition, 3-19
- role management, 3-19, 3-20
- sample LDAP directory information tree, 3-20
- user management, 3-19, 3-20
F
- features, 3-1
- files
- interoperability deployment, 10-8
- flags
- OC4J, starting interoperably, 10-8
- foundations of the JAAS provider, 3-2
G
- generated stub JAR file, 10-3
- GenericCredential interface
- and Kerberos, 13-15
- getAttribute("java.security.cert.X509certificate"), 8-3
- getAuthType, 8-3
- getconfig option, 6-19
- getConnection method, 11-4, 12-4
- getID() method, 14-26
- getName() method, 14-21
- getOwnership() method, 14-43
- getOwnsership() method, 14-47
- getParent() method, 14-19
- getPolicy, 6-33
- getRegion() method, 14-21
- getRemoteUser, 8-3
- getRoles, 6-29
- getSource() method, 14-26
- getSubject, 7-2
- getting
- XML configuration information, 6-19
- getUserPrincipal, 8-3
- grant entry data, 6-6
- Grantee class
- definition, A-7
- granting and revoking permissions, 6-18
- granting and revoking roles, 6-16
- granting roles, 6-30
- grantperm option, 6-18
- grantRole, 6-29, 6-30
- grantrole option, 6-16
- GROUP_TTL_DESTROY attribute, 14-14, 14-22, 14-23
H
- handleEvent() method, 14-26
- help
- on JAZN Admintool, 6-20
- help command, 6-23
- help option, 6-20
- hosted application environments, 3-28
- hosted environments, 3-30
- HTTPClient.HttpUrlConnection, 15-8
- HTTPConnection, 15-4
- Oracle extensions, 15-11
I
- IdleTime attribute, 14-16
- impersonation
- delegation, 3-2
- import
- oracle.ias.cache, 14-17
- initial context
- JNDI, 2-2
- initial context factories
- JNDI, 2-4 to 2-10
- InitialContext
- constructing in JNDI, 2-3
- InitRealmInfo class
- definition, A-8
- InitRealmInfo.RealmType interface, 6-28
- definition, A-7
- installation
- Javadoc, A-1
- interfaces
- InitRealmInfo.RealmType, A-7
- JAZNPolicy, A-5
- Realm, A-8
- Realm.LDAPProperty, A-8
- RealmPrincipal, A-8
- RealmRole, A-8
- RealmUser, A-8
- RoleManager, A-8
- UserManager, A-8
- internal_settings.xml file
- <sep-property> element, 10-11
- internal-settings.xml
- CSIv2 entities, 10-11
- internal-settings.xml file, 10-9 to 10-10
- / element, 10-9
- DTD, 10-10
- interoperability, 10-1 to 10-19
- adding to EJB, 10-3
- files configuring, 10-8
- overview, 1-2
- invalidate() method, 14-22
- invoking JAZN Admintool, 6-13
J
- J2EE Connector, 13-1 to 13-15
- deployment descriptors, 13-4
- QoS contracts, 13-3
- resource adapters, 13-2
- standalone resource adapter archives, 13-11 to 13-12
- standalone resource adapter example, 13-13
- J2EE. See also Java2 Platform, Enterprise Edition (J2EE)
- J2SE. See Java2 Platform, Standard Edition (J2SE)
- JAAS provider
- definition, 3-1
- enhancements to realms, 3-16
- features, 3-1
- integration with Basic authentication, 5-12
- integration with J2EE applications, 5-3
- integration with J2SE applications, 5-2
- integration with J2SE environments, 5-2
- integration with SSL-enabled applications, 5-10
- integration with SSO-enabled applications, 5-8
- management of, 6-1
- management tools, 6-1
- permission classes, 3-6
- policy management, 6-33
- running multiple instances, A-2
- security role, 5-16
- JAAS. See Java Authentication and Authorization Service (JAAS)
- jaas.config, 7-4
- Java application environments, 3-3
- Java Authentication and Authorization Service (JAAS), 3-2
- applications, 3-10
- definition, 3-7
- extending the Java2 Security Model, 3-7
- login modules, 3-9
- managing policy, 6-5
- overview, 1-2
- policy files
- example, 3-10
- principals, 3-7
- realms, 3-10
- roles, 3-9
- subjects, 3-8
- support for authorization and authentication features, 3-7
- Java Authorization Service
- directory entries, 3-20 to 3-24
- directory information tree, 3-23 to 3-24
- security measures, 3-24
- Java Connector Architecture
- overview, 1-3
- Java Message Service. SeeJMS.
- Java Object Cache, 14-2
- attributes, 14-12
- basic architecture, 14-3
- basic interfaces, 14-5
- cache configuration properties, 14-24
- cache consistency levels, 14-46
- cache environment, 14-6, 14-10
- classes, 14-5
- configuration
- cleanInterval property, 14-25
- discoveryAddress property, 14-25
- diskPath property, 14-25
- distribute property, 14-25
- logFileName property, 14-25
- logger property, 14-25
- logSeverity property, 14-26
- maxObjects property, 14-26
- maxSize property, 14-26
- consistency levels
- distributed with reply, 14-47
- distributed without reply, 14-47
- local, 14-47
- synchronized, 14-47
- default region, 14-11
- defining a group, 14-18
- defining a region, 14-17
- defining an object, 14-19
- destroy object, 14-23
- disk cache
- adding objects to, 14-32
- configuring, 14-31
- disk objects, 14-30
- definition of, 14-9
- distributed, 14-33
- local, 14-33
- using, 14-33
- distribute property, 14-41
- distributed cache architecture, 14-4
- distributed disk objects, 14-31
- distributed groups, 14-41
- distributed mode, 14-40
- distributed objects, 14-41
- distributed regions, 14-41
- features, 14-7
- group, 14-12
- invalidating object, 14-22
- javacache.log log file, 14-25
- local disk objects, 14-31
- local mode, 14-40
- memory objects
- definition of, 14-8
- local memory object, 14-8
- spooled memory object, 14-8
- updating, 14-8
- naming objects, 14-8
- object types, 14-6, 14-8
- overview, 1-4
- pool objects
- accessing, 14-38
- creating, 14-37
- definition of, 14-10
- using, 14-37
- programming restrictions, 14-29
- region, 14-11
- StreamAccess object, 14-9
- subregion, 14-11
- Java permissions, 6-3
- managing, 6-10
- Java Platform, Enterprise Edition (J2EE)
- security role, 5-15
- Java programming
- sample code, 6-24
- Java Transaction API. See JTA.
- Java virtual machine (JVM)
- running multiple JAAS provider instances, A-2
- Java2 application environments, 5-1
- Java2 Platform, Enterprise Edition (J2EE)
- application development in, 5-1
- application development with the JAAS provider, 3-1
- application management, 8-1
- application startup, 8-8
- creating applications using the Java2 Security Model, 3-4
- definition, 5-1, 5-3
- integration with JAAS provider, 5-3
- integration with JAZNUserManager, 5-4
- integration with Oracle components, 5-3
- integration with Oracle9iAS Containers for J2EE, 5-3
- Oracle component responsibilities in basic authentication environments, 5-13
- Oracle component responsibilities in SSL-enabled environments, 5-11
- Oracle component responsibilities in SSO-enabled environments, 5-8
- starting applications with SecurityManager, 8-8
- starting in SSL environment, 8-8
- starting in SSO environments, 8-8
- Java2 Platform, Standard Edition (J2SE)
- application development in, 5-1
- application development with the JAAS provider, 3-1
- authentication, 7-2
- authorization, 7-3
- creating applications using the Java2 Security Model, 3-4
- definition, 5-1, 5-2
- integration with JAAS provider, 5-2
- integration with Oracle components, 5-2
- JAAS provider integration, 5-2
- provider types available, 5-2
- Java2 Security Model, 3-2, 3-7, 8-4
- definition, 3-4
- using access control capability model, 3-14
- using with J2EE applications, 3-4
- using with J2SE applications, 3-4
- using with JAAS, 3-7
- javacache.properties file, 14-24
- Javadoc
- location of, A-1
- java.io.FilePermission, B-9
- java.lang.SecurityManager.checkPermission, 7-3
- java.naming.provider.url property, 10-17
- java.net.URL framework, 15-8
- java.security.cert.X509Certificate, 8-3
- java.security.cert.X509Certificate,x509cert, 8-3
- java.security.Permission class, 6-32
- RealmPermission extends from, A-9
- java.security.principal, 3-13
- java.security.Principal interface
- RealmPrincipal extends from, A-8
- using with principals, 3-7
- using with roles and groups, 3-9
- javax.net.ssl.KeyStore, 15-10
- javax.net.ssl.KeyStorePassword, 15-10
- javax.security.auth.Policy, A-2
- javax.security.auth.Subject.doAs, 7-2, 7-3
- javax.servlet.HttpServletRequest, 8-3
- JAZN Admintool, 6-1, 6-12
- administering policy, 3-27
- definition, 3-17
- for managing JAAS provider types, 3-13
- invoking, 6-13
- Quick Start, 4-6
- shell commands, 6-21
- starting shell, 6-12
- JAZN Admintool commands
- usage examples, 6-12
- JAZN Admintool options
- addperm, 6-17
- addprncpl, 6-17
- addrealm, 6-15
- addrole, 6-15
- adduser, 6-16
- checkpasswd, 6-16
- getconfig, 6-19
- getting help, 6-20
- grantperm, 6-18
- grantrole, 6-16
- help, 6-20
- listperm, 6-18
- listperms, 6-18
- listprncpl, 6-18
- listrealms, 6-16
- listroles, 6-16
- listusers, 6-17
- remprncpl, 6-17
- remrealm, 6-15
- remrole, 6-15
- remuser, 6-16
- revokeperm, 6-18
- revokerole, 6-16
- setpasswd, 6-17
- shell, 6-19
- JAZN Admintool shell
- starting, 6-19
- JAZN Admintool shell commands
- add, 6-22
- cd, 6-22
- clear, 6-23
- exit, 6-23
- help, 6-23
- ls, 6-22
- man, 6-23
- mk, 6-22
- mkdir, 6-22
- pwd, 6-23
- rm, 6-22
- jazn element
- location, 4-4, 8-6
- JAZNAdminGroup, 3-28
- JAZNClientGroup, 3-28
- JAZNConfig class, 6-25
- definition, A-2
- JAZNConfigException class
- definition, A-4
- JAZNContext class, 6-25
- definition, A-3
- jazn-data.xml file, 3-11, 3-25, 3-26, 4-3
- DTD, 6-34
- JAZNException exception
- definition, A-4
- JAZNInitException exception
- definition, A-4
- JAZNNamingException exception
- definition, A-4
- JAZNObjectExistsException exception
- definition, A-4
- JAZNObjectNotFoundException exception
- definition, A-4
- JAZNPermission class
- definition, 3-6, A-3
- target names, A-3
- JAZNPolicy interface
- definition, A-5
- JAZNRuntimeException exception
- definition, A-4
- JAZNUserManager, 8-1, 8-4
- definition, 3-13, 5-4
- filter element, 5-5, 8-3
- integration in J2EE environments, 5-4
- jazn.xml file, 7-4, 7-5
- JCA. See J2EE Connector.
- JDBC
- Oracle extensions, 11-17
- retrieving connection, 11-4
- JDK 1.3, 3-7
- JMS, 9-1 to 9-8
- overview, 1-2, 9-1
- resource providers, 9-2 to 9-8
- JNDI, 2-1 to 2-10
- constructing contexts, 2-3
- environment, 2-3
- initial context, 2-2
- initial context factories, 2-4 to 2-10
- initial contexts, 2-2
- lookup of data source, 11-4
- jndi.jar file, 2-1
- jndi.properties file, 10-17
- JTA
- bean-managed transaction, 12-2, 12-8
- code download site, 12-1
- container-managed transaction, 12-2, 12-6
- demarcation, 12-2, 12-6
- deployment descriptors, 12-7
- overview, 1-3
- resource enlistment, 12-2
- retrieving data source, 12-4
- single-phase commit
- configuration, 12-2
- definition, 12-2
- specification web site, 12-1
- two-phase commit, 12-10
- configuration, 12-10
- definition, 12-2
K
- Kerberos, 3-8
- and GenericCredential interface, 13-15
L
- LDAP. See Lightweight Directory Access Protocol (LDAP)
- ldapadd tool
- creating users, 3-19
- Lightweight Directory Access Protocol (LDAP)-based environments
- in J2SE environments, 5-2
- Oracle Internet Directory used as provider type, 3-3
- realm contents, 3-19
- realm data storage, 3-22
- realm management, 3-18
- realm permissions, 3-25
- realm types available, 3-18
- sample Application Realm directory information tree, 3-22
- sample External Realm directory information tree, 3-20
- sample Subscriber Realm directory information tree, 3-20
- listing
- permission information, 6-18
- permissions, 6-18
- principal class information, 6-18
- principal classes, 6-18
- listing realms, 6-16
- listing roles, 6-16
- listing users, 6-17
- listperm option, 6-18
- listperms option, 6-18
- listprncpl option, 6-18
- listrealms option, 6-16
- listroles option, 6-16
- listusers option, 6-17
- LOADER attribute, 14-14
- location
- jazn element, 4-4, 8-6
- log file javacache.log, 14-25
- log() method, 14-21
- logFileName property, 14-25
- logger property, 14-25
- login method, 7-2
- login modules
- available with JAAS provider, 3-13
- configuring with different applications, 3-9
- definition, 3-9
- with JAAS, 3-9
- LoginContext class, 3-9, 7-2
- authenticating subjects, 3-9
- LoginContext.getSubject, 7-2
- logSeverity property, 14-26
- ls command, 6-22
M
- man command, 6-23
- management
- of JAAS provider, 6-1
- management tools, 6-1
- managing
- JAAS provider policy, 6-33
- JAZN with Java, 6-24
- permissions, 6-10, 6-32
- realms, 6-25
- roles, 6-29
- users, 6-29
- Mandatory transaction attribute, 12-7
- maxObjects property, 14-26
- maxSize property, 14-26
- message-driven beans
- see MDB
- migrating
- principals, 6-19
- mk command, 6-22
- mkdir command, 6-22
- mod_oc4j file, 8-4
- mod_oc4j.conf file, 8-7
- mod_ossl, 8-8
- mod_osso, 8-8
- multiple instances
- of JAAS provider, 6-25, A-2
N
- nameservice.useSSL property, 10-16
- namespace partitioning, 3-10
- netSearch() method, 14-21, 14-47
- Never transaction attribute, 12-7
- NotSupported transaction attribute, 12-7
O
- obfuscation, 3-27
- OBJECT_INVALIDATION event, 14-27
- OBJECT_UPDATED event, 14-27
- OC4J. See Oracle9iAS Containers for J2EE (OC4J)
- oc4j-connectors.xml file
- DTD, 13-10
- oc4j.iiop.ciphersuites property, 10-16
- oc4j.iiop.enable.clientauth property, 10-16
- oc4j.iiop.keyStoreLoc property, 10-16
- oc4j.iiop.keyStorePass property, 10-16
- oc4j.iiop.trustedServers property, 10-16
- oc4j.iiop.trustStoreLoc property, 10-16
- oc4j.iiop.trustStorePass property, 10-16
- oc4j-ra.xml file
- DTD, 13-8
- OCI driver, 11-21
- OID. See Oracle Internet Directory (OID)
- Oracle Enterprise Manager, 6-1, 6-3
- accessing JAAS provider, 6-4
- creating a new grant entry, 6-7
- creating new grant
- permission, 6-9
- creating new grants, 6-7, 6-8
- deleting grant entries, 6-6
- JAAS provider overview, 3-17
- principal classes, 6-8, 6-11
- revoking permissions, 6-12
- Oracle HTTPS, 15-1 to 15-17
- default system properties, 15-9
- example, 15-14
- feature overview, 15-5
- prerequisites for use, 15-2
- supported cipher suites, 15-6
- Oracle Internet Directory (OID)
- administering policy data, 3-28
- creating users, 3-19
- location, 6-26
- provider type, 3-16
- Oracle Wallet Manager
- and HTTPS, 15-7
- Oracle9iAS Containers for J2EE (OC4J)
- interoperability, 10-1 to 10-19
- interoperability flags, 10-8
- Oracle9iAS Containers for J2EE (OC4J), 8-1
- integration in J2EE environments, 5-3
- mapping security roles to JAAS provider users and roles, 5-16
- Oracle9iAS Single Sign-On (SSO)
- for SSO authentication, 3-13
- Oracle9iAS Web Cache, 14-2
- oracle.ias.cache package, 14-17
- oracle.security.jazn package
- classes, A-2
- definition, A-2
- exceptions, A-4
- oracle.security.jazn.oc4j. JAZNServletRequest, 8-3
- oracle.security.jazn.policy package
- classes, A-6
- definition, A-5
- interfaces, A-5
- oracle.security.jazn.realm package
- classes, A-8
- definition, A-7
- interfaces, A-7
- support for realms, 3-16
- use of, 3-13
- oracle.security.jazn.util. CertHash.getHash(x509cert), 8-3
- OracleSSLCredential, 15-4, 15-12
- Oracle.ssl.defaultCipherSuites, 15-10
- ORIGINAL attribute, 14-14
- orion-application.xml file, 4-3, 8-6, 8-7, 12-11
- <resource-provider>, 9-6, 9-8
- <resource-provider> element, 9-7
- and JNDI resource provider, 9-3
- DTD, 12-14
- mapping security roles to JAAS provider users and roles, 5-16
- orion-ejb-jar file
- <establish-trust-in-client> element, 10-13
- <establish-trust-in-target> element, 10-13
- orion-ejb.jar file
- / element, 10-14
- <as-context> element, 10-14
- <transport-config> element, 10-13
- orion-ejb-jar.xml
- <integrity> element, 10-13
- <session-deployment> element, 10-8
- security properties, 10-13 to 10-15
- orion-ejb-jar.xml file, 10-13
- <confidentiality> element, 10-13
- <entity-deployment> element, 10-8
- <ior-security-config> element, 10-8
P
- packages
- oracle.security.jazn, A-2
- oracle.security.jazn.policy, A-5
- oracle.security.jazn.realm, A-7
- partitioning, 3-10, 3-28
- passwords, 3-27
- checking, 6-16
- setting, 6-17
- permissions, 3-15, 6-9
- actions, 3-4
- administering with AdminPermission class, 3-28
- class definitions, 3-6
- class name, 3-4
- definition, 3-10
- granting and revoking with the JAZN Admintool, 6-18
- in Java2 Security Model, 3-4
- JAAS provider, 3-6
- Java permission instance contents, 3-4
- listing with the JAZN Admintool, 6-18
- management in LDAP-based environments, 3-28
- management in XML-based environments, 3-25, 3-28
- managing, 6-10, 6-32
- target, 3-4
- persistence, 3-27
- Pluggable Authentication Module (PAM), 3-7
- policies
- administering with JAZN Admintool, 3-27
- administering with Oracle Internet Directory (OID), 3-28
- administration, 3-27
- definition, 3-10
- information storage in XML-based provider type, 3-25
- management in LDAP-based environments, 3-28
- management in XML-based environments, 3-25
- partitioning among realms, 3-29
- policy entries, 6-3
- policy files
- codesource, 3-10
- example, 3-10
- subject, 3-10
- PoolAccess
- close() method, 14-38
- get() method, 14-38
- getPool() method, 14-38
- returnToPool() method, 14-38
- PoolAccess object, 14-38
- PoolInstanceFactory
- implementing, 14-39
- principal classes, 6-8, 6-11
- listing
- information with the JAZN Admintool, 6-18
- principal-based authorization
- support for, 3-7
- principals, 3-7, 6-8, 6-33, 7-2
- definition, 3-7
- with JAAS, 3-7
- principals.xml file, 5-4
- converting from, 6-19
- PrivilegedAction interface, 7-3
- privileges, 3-15
- protection domain
- definition, 3-4
- in Java2 Security Model, 3-5
- provider types, 3-3, 3-18
- in J2SE environments, 5-2
- managing, 3-13
- Oracle Internet Directory (OID), 3-16, 3-27
- retrieving permissions from, 3-14
- storing policy information, 3-27
- XML-based, 3-16, 3-27
- public key certificates, 3-8
- pwd command, 6-23
Q
- QoS contracts, 13-3
- quality of service contracts, 13-3
- Quick Start, 4-1
R
- RAR file
- RBAC. See role-based access control (RBAC)
- Realm interface
- definition, A-8
- realm permissions
- management in LDAP-based environments, 3-25
- Realm.LDAPProperty interface
- definition, A-8
- RealmLoginModule class, 3-13, 8-2
- definition, A-9
- for SSL and Basic authentication, 3-13
- in J2SE environments, 5-2, 7-2
- RealmManager class, 6-30
- definition, A-9
- RealmPermission class, 3-25
- action names, A-9
- definition, 3-6, A-9
- RealmPrincipal interface, 3-13, 8-3
- definition, A-8
- RealmRole interface
- definition, A-8
- realms
- adding and removing with the JAZN Admintool, 6-14
- creation of realm container in LDAP-based environments, 3-22
- data storage in LDAP-based environments, 3-22
- definition, 3-10, 3-13
- dropping, 6-26, 6-29
- information storage in XML-based provider type, 3-25
- JAAS provider enhancements, 3-16
- JAAS provider framework, 3-18
- JAAS provider support, 3-13
- listing with the JAZN Admintool, 6-16
- managing in LDAP-based environments, 3-18
- managing in XML-based provider type, 3-25
- name, 6-26
- permission management in LDAP-based environments, 3-25
- policy partitioning, 3-29
- realm contents in LDAP-based environments, 3-19
- types available in LDAP-based environments, 3-18
- types available in XML-based provider type, 3-25
- with JAAS, 3-10
- RealmUser interface
- definition, A-8
- release_Ownsership() method, 14-47
- releaseOwnership() method, 14-44
- Remote Method Invocation. See RMI.
- remprncpl option, 6-17
- remrealm option, 6-15
- remrole option, 6-15
- remuser option, 6-16
- REPLY attribute, 14-14, 14-42
- Required transaction attribute, 12-7
- RequiresNew transaction attribute, 12-7
- resource adapter, 13-2
- Resource Adapter Archive. See RAR.
- resource providers
- JMS, 9-2 to 9-8
- ResourceProvider
- JMS, 9-2, 9-3
- retrieving authentication information, 8-3
- returnToPool() method, 14-38
- revokeperm option, 6-18
- revokeRole, 6-29
- revokerole option, 6-16
- revoking permissions
- Oracle Enterprise Manager, 6-12
- rm command, 6-22
- RMI
- overview, 1-2
- RMI tunneling, 10-17 to 10-19
- rmic.jar compiler, 10-5 to 10-6
- RMI/IIOP, 10-1 to 10-19
- RMIInitialContextFactory, 2-9 to 2-10
- rmi.xml file, 10-18
- role activation
- definition, 3-15
- role hierarchy
- definition, 3-15
- role management, 3-19
- role manager, 3-19
- role object class, 6-26
- role's searchbase property, 6-26
- RoleAdminPermission class, 3-29
- definition, 3-6, A-7
- role-based access control (RBAC), 3-9, 3-13
- definition, 3-14
- JAAS provider support for, 3-13
- role activation, 3-15
- role hierarchy, 3-15
- support for, A-2
- RoleManager interface, 3-23, 6-29, 6-30
- createRole, 6-29
- definition, A-8
- dropRole, 6-29
- getRoles, 6-29
- grantRole, 6-29
- revokeRole, 6-29
- roles, 6-33
- adding and removing with the JAZN Admintool, 6-15
- creating, 6-30
- definition, 3-14
- dropping, 6-32
- granting, 6-30
- granting and revoking with the JAZN Admintool, 6-16
- listing with the JAZN Admintool, 6-16
- management in Application Realms, 3-19, 3-22
- management in External Realms, 3-19, 3-20
- management in LDAP-based environments, 3-19
- management in Subscriber Realms, 3-19, 3-21
- management in XML-based environments, 3-25
- managing, 6-29
- using the J2EE security role, 5-15
- with JAAS, 3-9
- run-as element, 3-2, 3-15
S
- sample application
- AccessTest1, B-12
- sample code, 6-24
- createRole, 6-30
- dropRole, 6-32
- grantRole, 6-30
- Sample J2SE Application, 7-5
- sample_subrealm realm, 4-3
- save() method, 14-33
- searching for grant entry data, 6-6
- searching for permissions, 6-10
- secure mode, 4-4, 8-8
- secure socket layer (SSL)
- authentication method, 5-7
- integration with Basic authentication, 5-12
- integration with JAAS provider, 5-10
- Secure Socket Layers (SSL), 5-7
- security role
- using in the web.xml file, 5-15
- SecurityManager, 3-5, 7-3, 7-4
- SecurityManager.checkPermission, 7-3, 8-4
- server.xml file, 4-3
- <application-server> element, 13-11
- <sep-config> element, 10-8
- and callerInfo demo, 4-3
- and RMI, 10-18
- default application defined in, 2-3
- running servlets, 8-5
- service provider interfaces, 2-1
- Servlet.service, 8-4
- setAttributes() method, 14-21
- setCacheEventListener() method, 14-26
- setpasswd option, 6-17
- setting a password, 6-17
- shell commands, 6-21
- shell option, 6-19
- single sign-on (SSO), 5-7, 8-2, 8-7
- integration with JAAS provider, 5-8
- SPOOL attribute, 14-15, 14-32
- sslPrincipal, 8-3
- standalone resource adapter archives, 13-11 to 13-12
- standalone resource adapters, 13-2
- example, 13-13
- starting
- JAAS application, 8-8
- JAZN Admintool, 6-13
- StreamAccess object
- InputStream, 14-35
- OutputStream, 14-35
- using, 14-35
- Subject.doAS method, 3-15
- Subject.doAs method, 7-3, 8-3, 8-4
- associating a subject with AccessControlContext, 3-8
- invoking, 3-9
- subjects, 3-8, 7-2, 7-3
- definition, 3-8
- with JAAS, 3-8
- Subscriber Realm
- definition, 3-19
- role management, 3-19, 3-21
- sample LDAP directory information tree, 3-20
- user management, 3-19, 3-21
- Supports transaction attribute, 12-7
- SYNCHRONIZE attribute, 14-15, 14-44
- SYNCHRONIZE_DEFAULT attribute, 14-15, 14-43
T
- target names
- definition, 3-4
- of JAZNPermission class, A-3
- TimeToLive attribute, 14-16
- transaction
- bean managed, 12-2
- container-managed, 12-2
- demarcation, 12-2, 12-6
- deployment descriptors, 12-7
- resource enlistment, 12-2
- two-phase commit, 12-10
- UserTransaction object, 12-9
- tunneling
- RMI, 10-17 to 10-19
U
- URLs
- corbaname, 10-4
- user communities, 3-10, 3-18
- user manager, 3-19
- user object class, 6-26
- user's searchbase property, 6-26
- UserManager interface, 3-23, 6-29
- definition, A-8
- users, 6-33
- adding and removing with the JAZN Admintool, 6-15
- creating with Oracle Internet Directory, 3-19
- creating with the ldapadd tool, 3-19
- listing with the JAZN Admintool, 6-17
- management in Application Realms, 3-19, 3-22
- management in External Realms, 3-19, 3-20
- management in LDAP-based environments, 3-19
- management in Subscriber Realms, 3-19, 3-21
- management in XML-based environments, 3-25
- managing, 6-29
- UserTransaction object
- use in JTA, 12-9
V
- Version attribute, 14-16
- viewing
- existing permissions, 6-10
- grant entry data, 6-6
W
- Web Cache, 14-2
- Web Object Cache, 14-2
- Web Object cache, 14-2
- web.xml file
- using the J2EE security role, 5-15
X
- X.500 distinguished name
- Oracle Enterprise Manager, 6-8
- creating new grant, 6-8
- XML-based provider type, 3-4
- jazn-data.xml, 3-25
- provider type, 3-16
- realm and policy information storage, 3-25
- realm management, 3-25
- realm type available, 3-25